prozerran

Members

View Profile See their activity

Posts
9
Joined
January 13, 2013
Last visited
January 23, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by prozerran

Im Infected, Getting constant redirecting when surfing the web

prozerran replied to prozerran's topic in Resolved Malware Removal Logs

9 infected files were found using Eset Scan C:\Qoobox\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\CoUPon companion plugin.dll.vir a variant of Win32/Toolbar.CrossRider.A application C:\Qoobox\Quarantine\C\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\extensions\{c0242144-ff32-40f0-87f5-a32fcce21c94}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan C:\Users\Aaron\Desktop\programs\ibott\iBot.exe a variant of Win32/GameHack.CV application C:\Users\Aaron\Desktop\programs\_iBot_Public_Released_v1.0.82\iBot.exe a variant of Win32/GameHack.CV application C:\Users\Aaron\Downloads\cbsidlm-tr1_9-Chinese_Chess_Master-SEO2-75573095.exe Win32/DownloadAdmin.F application C:\Users\Aaron\Downloads\SkipScreen-Setup.exe Win32/Toolbar.Zugo application C:\Users\Aaron\Downloads\skp-skipscreen-sntb.exe Win32/Toolbar.Zugo application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo application
- January 17, 2013
- 17 replies
Im Infected, Getting constant redirecting when surfing the web

prozerran replied to prozerran's topic in Resolved Malware Removal Logs

I am not getting anymore redirecting so far, but this morning when I turn on my computer, the screen was all black, all I can see was my mouse cursor. I had to hold the power button down several seconds to turn it off. Everything was normal afterwards. Occasionally, I would get a "Not Responding" when running certain applications, but other than that everything is working great. Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.17.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Aaron :: AARON-PC [administrator] Protection: Enabled 1/16/2013 11:42:07 PM mbam-log-2013-01-16 (23-42-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213732 Time elapsed: 2 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:53:47 PM, on 1/16/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe D:\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\AIM\aim.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe D:\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Aaron\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Aaron\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe" O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: We-Care Add-on - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - D:\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11041 bytes
- January 17, 2013
- 17 replies
Im Infected, Getting constant redirecting when surfing the web

prozerran replied to prozerran's topic in Resolved Malware Removal Logs

I copied and paste the text and hit run fix. After restarting the computer, there was no report that pop up. I am not getting anymore redirecting when using firefox for now. Is there anything else I need to do?
- January 15, 2013
- 17 replies
Im Infected, Getting constant redirecting when surfing the web

prozerran replied to prozerran's topic in Resolved Malware Removal Logs

OTL logfile created on: 1/14/2013 7:33:21 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aaron\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.93 Gb Total Physical Memory | 5.46 Gb Available Physical Memory | 68.85% Memory free 15.85 Gb Paging File | 13.05 Gb Available in Paging File | 82.35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 13.96 Gb Free Space | 11.99% Space Free | Partition Type: NTFS Drive D: | 232.87 Gb Total Space | 133.32 Gb Free Space | 57.25% Space Free | Partition Type: NTFS Drive F: | 329.79 Gb Total Space | 291.25 Gb Free Space | 88.31% Space Free | Partition Type: NTFS Drive G: | 232.89 Gb Total Space | 179.25 Gb Free Space | 76.97% Space Free | Partition Type: NTFS Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Aaron\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - D:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - D:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - D:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll () MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (cpuz133) -- C:\Windows\SysNative\drivers\cpuz133_x64.sys (Windows ® Win 7 DDK provider) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.) DRV - (HWiNFO32) -- D:\HWiNFO32\HWiNFO64A.SYS (REALiX) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 14 15 45 01 D3 09 D6 41 B2 F5 9A 1D 66 DA 34 6C [binary data] IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 14 15 45 01 D3 09 D6 41 B2 F5 9A 1D 66 DA 34 6C [binary data] IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3974401158-4218961396-83953717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/'>http://www.google.com/ IE - HKU\S-1-5-21-3974401158-4218961396-83953717-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3974401158-4218961396-83953717-1001\..\SearchScopes\{BC1E02E5-5D99-336D-DD07-48E49243DDC4}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z147&form=ZGAIDF&install_date=20121207&iesrc={referrer:source} IE - HKU\S-1-5-21-3974401158-4218961396-83953717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3974401158-4218961396-83953717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.startup.homepage: "google.com" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: SkipScreen%40SkipScreen:0.7.0 FF - prefs.js..extensions.enabledAddons: zbuywzsopd%40zbuywzsopd.org:2.5 FF - prefs.js..extensions.enabledAddons: %7BDB9127A2-3381-41ec-82B3-1B6ED4C6F29A%7D:1.0 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0 FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z147&form=ZGAADF&install_date=20121207&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/20 00:22:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/10 19:29:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/13 02:04:08 | 000,000,000 | ---D | M] [2010/06/23 00:08:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Extensions [2013/01/13 02:04:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\extensions [2010/11/02 23:36:12 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2012/02/11 16:07:28 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\extensions\DivXWebPlayer@divx.com.xpi [2012/10/16 22:39:43 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\extensions\SkipScreen@SkipScreen.xpi [1832/11/28 20:30:07 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\extensions\zbuywzsopd@zbuywzsopd.org.xpi [2012/11/24 19:41:38 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2010/03/24 09:42:56 | 000,057,418 | ---- | M] (flashget) (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll [2008/10/17 09:03:56 | 000,000,205 | ---- | M] () (No name found) -- C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\IFlashgetXpi.xpt [2013/01/10 19:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/12/20 00:22:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013/01/10 19:29:25 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010/07/28 17:14:08 | 000,022,016 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiFFPlugin1.dll [2012/08/29 03:17:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old [2012/10/12 21:28:18 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: ijji Web Launching Plugin for FF (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Picasa (Enabled) = D:\Picasa3\npPicasa3.dll CHR - Extension: avast! WebRep = C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ O1 HOSTS File: ([2013/01/13 19:09:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll File not found O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Aaron\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3974401158-4218961396-83953717-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-3974401158-4218961396-83953717-1001..\Run: [Akamai NetSession Interface] C:\Users\Aaron\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3974401158-4218961396-83953717-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3974401158-4218961396-83953717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3974401158-4218961396-83953717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{023AD65E-35FC-4FF6-9FBE-42135B843189}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A2544D9-DBBC-4A38-B076-433D875CDE95}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BFED337-8CFD-4B09-8116-7989082C452E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0A8B1A4-D06A-49F3-BA32-BAD65D4CF810}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/14 19:31:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe [2013/01/13 19:09:05 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/01/13 19:07:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/01/13 18:09:24 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{3711E923-BBAE-4BCE-B675-B299F0246A91} [2013/01/13 02:00:41 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\redirecting help [2013/01/13 01:36:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\Programs [2013/01/13 01:08:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013/01/12 17:52:50 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{10E29F21-B17E-431E-9346-2C0187604B2B} [2013/01/11 16:20:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pro Pinball [2013/01/11 16:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Pinball [2013/01/11 15:45:29 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{6E4CED84-2755-4113-A50B-A6FFD6731970} [2013/01/10 19:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/10 18:37:11 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{AD9FEB2A-7D20-46ED-839C-CD88671CE910} [2013/01/10 01:35:30 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{4589B6BE-5D93-47A5-BEF5-26CAD822DA75} [2013/01/09 13:35:06 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{F2D3FAC7-7DB1-4099-BDC3-C43BF73F6292} [2013/01/08 21:31:48 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/01/08 21:31:48 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/01/08 21:31:36 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/08 21:31:35 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/01/08 21:31:23 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/01/08 21:31:23 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/01/08 21:31:23 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/01/08 21:31:23 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/01/08 21:31:23 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/01/08 21:31:23 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/01/08 21:31:23 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/01/08 21:31:23 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/01/08 21:31:23 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/01/08 21:31:23 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/01/08 21:31:23 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/01/08 21:31:23 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/01/08 21:31:23 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/01/08 21:31:23 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/01/08 21:31:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/01/08 21:31:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/01/08 21:31:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/01/08 21:31:23 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/01/08 21:31:23 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/01/08 21:31:23 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/01/08 21:31:22 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/01/08 21:31:22 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/01/08 21:31:22 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/01/08 21:31:22 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/01/08 21:31:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/01/08 21:31:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/01/08 21:31:19 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/01/08 21:31:19 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/01/08 21:31:19 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/01/08 21:31:19 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/01/08 21:31:19 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/01/08 21:31:19 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/01/08 21:30:48 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/01/08 21:30:47 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/01/08 21:30:46 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/01/08 21:30:46 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/01/08 21:30:46 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/01/08 21:30:46 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/01/08 21:30:46 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/01/08 21:30:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/01/08 21:30:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/01/08 21:30:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/08 21:30:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/01/08 21:30:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/08 21:30:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/08 21:30:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/08 21:30:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/08 21:30:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/08 21:30:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/08 21:30:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/08 21:30:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/08 21:30:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/08 21:30:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/08 21:30:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/08 21:30:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/08 21:30:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/08 21:30:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/08 21:30:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/08 21:30:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/08 21:30:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/08 21:30:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/08 21:30:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/08 21:30:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/08 21:30:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/08 21:30:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/08 21:30:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/08 21:30:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/08 21:30:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/08 21:30:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/08 21:30:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/01/08 21:30:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/01/08 21:30:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/08 21:30:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/08 21:30:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/08 21:30:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/08 21:30:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/01/08 21:30:31 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013/01/08 21:18:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{92DE3308-0378-4D37-9BDC-B2E7DC1BD806} [2013/01/07 20:57:51 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{EDB75DCB-004A-4CC8-B9C2-BB7DA09B336C} [2013/01/06 18:23:49 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{5F661A7A-B336-4202-99CD-992B9C3DD5DA} [2013/01/05 20:25:48 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{BADF1004-74DC-4255-B24C-9490FA7443F7} [2013/01/04 19:03:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D051F328-5237-43F4-9060-0A17D4C37D5B} [2013/01/03 23:38:21 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{1834CFDA-96A6-401E-AE11-431522542B18} [2013/01/03 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{5155CDD9-1AB9-47F4-A376-C6B1723D4EEA} [2013/01/02 22:05:59 | 000,000,000 | ---D | C] -- C:\Users\Aaron\Desktop\ebay [2013/01/02 18:24:23 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{4BCDF167-E835-47EF-B502-C2EF7BCDF1A5} [2013/01/01 14:04:56 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{C90FA458-6141-4259-BBF6-2BB3F445AE90} [2012/12/31 22:24:09 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{35EB0400-1DDE-47A9-89FD-E9A29A6292A3} [2012/12/29 15:37:16 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{88639D79-BE5B-4A71-AED3-87953366C290} [2012/12/28 21:21:08 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{A9C4D164-E7C7-4991-B0C3-7721865E2A40} [2012/12/28 00:49:09 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{E0F2E82F-B1B1-4D21-A299-D0F4DECE5912} [2012/12/27 02:35:06 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{0E028213-7840-4A26-9C9D-8FE958745D99} [2012/12/26 14:34:38 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{73FADDE8-B417-436F-8EC7-91164B04B151} [2012/12/25 15:30:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{A59EF767-A5DA-4AEF-A93C-7EB7E3AB6919} [2012/12/24 16:20:00 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{D8EE9055-385F-449E-8046-D0343F17D884} [2012/12/24 01:32:27 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{3A1319C7-124B-4A98-9DBD-0F162334A740} [2012/12/23 13:32:02 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{9FA0645B-E269-42B9-8DBD-C20D7D3948E0} [2012/12/22 23:33:16 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{E5862B5C-7784-4B5A-95E5-2CDCF0AACAAB} [2012/12/21 21:07:14 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{B7A2AB53-E9B1-45D5-B10D-484FFFB062B6} [2012/12/21 03:00:15 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/21 03:00:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/21 03:00:14 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/21 03:00:12 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/20 23:36:02 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{08EE4C3D-FFD2-40D7-8860-1EF292A7A6F9} [2012/12/20 11:35:38 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{CBC61037-97F6-41B4-B81F-C7C2179E9A98} [2012/12/20 00:23:05 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012/12/20 00:23:05 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012/12/20 00:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012/12/20 00:23:03 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012/12/20 00:23:02 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012/12/20 00:23:01 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012/12/20 00:23:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012/12/20 00:23:01 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012/12/20 00:22:43 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012/12/20 00:22:42 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012/12/20 00:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/12/20 00:22:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/12/19 23:35:10 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{B86B2D3E-E2D0-4412-BA3C-6A2DB3FCF17A} [2012/12/19 02:10:07 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{5BD5A6C9-A1F6-4A68-AAAE-A290DFFCA7CF} [2012/12/18 14:09:42 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{1FE5198D-72C8-45AB-AFDD-D5BEBD171802} [2012/12/17 15:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/12/17 15:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/12/17 14:10:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{EA03CC97-6907-4E05-BB63-429A1BF6E2E7} [2012/12/16 20:40:42 | 000,000,000 | ---D | C] -- C:\Users\Aaron\AppData\Local\{4732966B-80DB-462C-9E53-864D095548FB} [2011/02/11 02:45:43 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\MSVCR80.dll [2011/02/11 02:45:43 | 000,081,920 | ---- | C] (WIZnet Corp.) -- C:\Program Files (x86)\Common Files\WIZ1x0SR_105SR_CFG.exe [2011/02/11 02:45:42 | 000,081,920 | ---- | C] (WIZnet Corp.) -- C:\Program Files\Common Files\WIZ1x0SR_105SR_CFG.exe ========== Files - Modified Within 30 Days ========== [2013/01/14 19:33:13 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 19:33:13 | 000,015,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 19:31:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron\Desktop\OTL.exe [2013/01/14 19:25:46 | 000,002,281 | ---- | M] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/14 19:25:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/14 19:25:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/14 19:25:05 | 2088,144,895 | -HS- | M] () -- C:\hiberfil.sys [2013/01/13 23:43:10 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/13 19:09:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/01/13 18:58:36 | 000,001,150 | ---- | M] () -- C:\Users\Aaron\Desktop\ComboFix - Shortcut.lnk [2013/01/13 02:05:48 | 000,001,591 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013/01/13 01:36:43 | 000,000,624 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/12 17:56:56 | 000,800,430 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/12 17:56:56 | 000,675,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/12 17:56:56 | 000,126,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/10 22:32:44 | 000,002,046 | ---- | M] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/01/09 13:33:34 | 005,067,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/09 02:39:09 | 000,794,646 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/01/02 21:50:14 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT [2012/12/20 04:51:19 | 000,002,364 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2012/12/20 00:29:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012/12/20 00:23:05 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/12/20 00:21:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/12/17 15:38:22 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/12/16 09:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 06:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 06:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/16 06:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll ========== Files Created - No Company Name ========== [2013/01/13 18:58:36 | 000,001,150 | ---- | C] () -- C:\Users\Aaron\Desktop\ComboFix - Shortcut.lnk [2012/12/20 00:23:05 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012/12/20 00:23:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012/12/17 15:38:22 | 000,002,291 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012/12/17 15:38:22 | 000,002,281 | ---- | C] () -- C:\Users\Aaron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/12/17 15:35:15 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/12/17 15:35:14 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/05 20:55:58 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012/12/05 20:49:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Documentation [2012/12/05 20:49:40 | 000,000,268 | RH-- | C] () -- C:\Users\Aaron\AppData\Roaming\Digital Mono [2012/12/05 20:49:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012/12/05 20:49:05 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Distortion [2012/12/05 20:49:05 | 000,000,268 | RH-- | C] () -- C:\Users\Aaron\AppData\Roaming\DirectoryService [2012/12/05 20:49:05 | 000,000,268 | RH-- | C] () -- C:\Users\Aaron\AppData\Roaming\Digital Light [2012/12/05 20:49:05 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012/12/05 20:49:05 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012/08/09 21:58:55 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012/03/30 15:52:26 | 000,000,546 | ---- | C] () -- C:\Users\Aaron\SciTE.session [2012/02/14 21:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012/02/14 18:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/02/14 18:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/01/31 05:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011/11/04 16:32:25 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011/11/04 16:32:24 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/19 05:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2011/09/12 14:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/08/02 22:56:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/08/02 22:56:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/08/02 22:56:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/08/02 22:56:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/08/02 22:56:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/06/08 00:29:25 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe [2011/05/30 22:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll [2011/05/30 22:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll [2011/01/26 02:18:47 | 000,794,646 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/01/25 23:55:42 | 000,000,305 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat [2010/07/29 02:41:45 | 000,007,607 | ---- | C] () -- C:\Users\Aaron\AppData\Local\Resmon.ResmonCfg [2010/06/23 18:11:11 | 000,003,584 | ---- | C] () -- C:\Users\Aaron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2010/11/28 22:13:22 | 000,000,000 | ---D | M](C:\Users\Aaron\Documents\?? ???) -- C:\Users\Aaron\Documents\넥슨 플러그 [2010/11/28 22:13:22 | 000,000,000 | ---D | C](C:\Users\Aaron\Documents\?? ???) -- C:\Users\Aaron\Documents\넥슨 플러그 ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:58261186 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:E507A230 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A1A12999 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:115CEE00 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:805D8FCD @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA < End of report >
- January 15, 2013
- 17 replies
Im Infected, Getting constant redirecting when surfing the web

prozerran replied to prozerran's topic in Resolved Malware Removal Logs

OTL Extras logfile created on: 1/14/2013 7:33:21 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aaron\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.93 Gb Total Physical Memory | 5.46 Gb Available Physical Memory | 68.85% Memory free 15.85 Gb Paging File | 13.05 Gb Available in Paging File | 82.35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 13.96 Gb Free Space | 11.99% Space Free | Partition Type: NTFS Drive D: | 232.87 Gb Total Space | 133.32 Gb Free Space | 57.25% Space Free | Partition Type: NTFS Drive F: | 329.79 Gb Total Space | 291.25 Gb Free Space | 88.31% Space Free | Partition Type: NTFS Drive G: | 232.89 Gb Total Space | 179.25 Gb Free Space | 76.97% Space Free | Partition Type: NTFS Computer Name: AARON-PC | User Name: Aaron | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3974401158-4218961396-83953717-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- D:\Photoshop\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- D:\Photoshop\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Users\Aaron\Downloads\Conquer_v5517_P2P_20110729.exe" = C:\Users\Aaron\Downloads\Conquer_v5517_P2P_20110729.exe:*:Enabled:Conquer_v5517_P2P_20110729.exe -- (TQ Digital Entertainment) "C:\Users\Aaron\Downloads\Conquer_v5517_P2P_20110729.exe" = C:\Users\Aaron\Downloads\Conquer_v5517_P2P_20110729.exe:*:Enabled:Conquer_v5517_P2P_20110729.exe -- (TQ Digital Entertainment) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\FlashGet\FlashGet3.exe" = D:\FlashGet\FlashGet3.exe:*:Enabled:Flashget3 "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) "C:\Users\Aaron\Downloads\Conquer_v5517_P2P_20110729.exe" = C:\Users\Aaron\Downloads\Conquer_v5517_P2P_20110729.exe:*:Enabled:Conquer_v5517_P2P_20110729.exe -- (TQ Digital Entertainment) "D:\FlashGet\FlashGet3.exe" = D:\FlashGet\FlashGet3.exe:*:Enabled:Flashget3 "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) "C:\Users\Aaron\Downloads\Conquer_v5517_P2P_20110729.exe" = C:\Users\Aaron\Downloads\Conquer_v5517_P2P_20110729.exe:*:Enabled:Conquer_v5517_P2P_20110729.exe -- (TQ Digital Entertainment) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00C39DD5-457B-44E8-9EB3-57A4967B8D8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{070F954F-922D-493C-9576-B2D486354A85}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0B4410A7-7221-4B56-B1A0-1F1283F6456D}" = lport=139 | protocol=6 | dir=in | app=system | "{286D504F-3979-4914-AF67-AD5B932072D1}" = lport=49182 | protocol=6 | dir=in | name=akamai netsession interface | "{299D65B5-0FF0-4BF3-B85A-FBAE58D91B1F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{2CE26A61-3EBC-41BE-BB13-FB4DFFE0BE08}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | "{381AD35A-F4F4-45FE-8F4A-11530DD02776}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{44805BF1-D646-471D-ADF6-1C1DBB47C0D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4E7745B5-F6D9-4D98-B8C6-1C6D843C6A37}" = rport=138 | protocol=17 | dir=out | app=system | "{5399E0C7-55C3-4364-84CC-A14FB8020615}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{58B1BC46-D902-4295-B0F3-B138CCA510BB}" = lport=10243 | protocol=6 | dir=in | app=system | "{606AE1AE-7291-4BD7-9935-3C95065A0AA3}" = rport=139 | protocol=6 | dir=out | app=system | "{63C80EE0-70DB-448D-82F6-845C2693FF04}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher | "{6ADDBBB0-6A1A-4EDB-98CC-8D6CCF89BF15}" = lport=2869 | protocol=6 | dir=in | app=system | "{74C58E94-4EAC-4AC1-8A85-32DFE3E51C4A}" = lport=137 | protocol=17 | dir=in | app=system | "{78A04201-7982-4EC4-8CE9-CF081CC0BD6C}" = rport=445 | protocol=6 | dir=out | app=system | "{7E4D30D2-DE5A-4A57-A172-50B500CC518F}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | "{90512F74-55E4-406F-9A59-BB9ED95A0333}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher | "{90A53389-7668-49B1-A08C-38AC4CDD5E9F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9D142FEE-22DD-4BE1-B0E8-9C637C062FD4}" = lport=445 | protocol=6 | dir=in | app=system | "{9EE8C170-3072-4B2E-B579-5ADD59C649D4}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher | "{A079A29C-4A00-48BD-AC6D-E9E73B76E17C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ABA1B261-C601-4CA5-A2C1-C463A40BF7B6}" = rport=137 | protocol=17 | dir=out | app=system | "{BF4DA228-5241-4A72-85D7-621A9C4B15A8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C19F2BC3-31FA-49D9-9629-7F1D7CE058F0}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher | "{C33E0187-294D-45F9-B391-3CE051FA674C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C85849E8-DEA0-4D9E-94ED-2F10AA9E0105}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D441E814-1B9B-4377-AD8F-D4D2EE7ACEEB}" = lport=6891 | protocol=17 | dir=in | name=league of legends launcher | "{D76D401B-6177-4C9E-A911-8743B2351CCC}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher | "{D935B364-CEE8-47FF-B28C-CF5A68DA2FCF}" = lport=138 | protocol=17 | dir=in | app=system | "{D959819A-0D71-4C6A-ADC8-60E1C0E1ABD2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D98A2063-3CC2-466D-A8E3-7184A5F9CD6A}" = lport=49187 | protocol=6 | dir=in | name=akamai netsession interface | "{DA8777CB-675B-4FE8-9C96-6A0E02BA68E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DBC5B300-EA56-45A5-9BE4-87BC274959D6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E45DEB2D-F37A-4F10-B507-118DF0360DC8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{EC646A2B-1379-471E-B824-E69F8A443577}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F2C0EBFA-99AC-4AD8-B80C-1A7207FA932D}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher | "{F2F166F5-ACC7-4A67-BED1-9654F510D7BB}" = rport=10243 | protocol=6 | dir=out | app=system | "{F730BBD4-112B-4ABA-ADE9-274F8F47007F}" = lport=6891 | protocol=6 | dir=in | name=league of legends launcher | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00BE930F-0AD4-461D-B912-9B3DF6D7B4A9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{00D30C48-43BA-402E-96E7-DD0A3717A4BF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0286338F-36D0-43AC-B588-12C917B88DA3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0289A58E-7D41-4AF8-BB5A-AD3B979ADE2F}" = protocol=6 | dir=in | app=c:\users\aaron\appdata\local\akamai\netsession_win.exe | "{02F575F8-6B30-41D2-BBDA-1C90820B1219}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{0DEFE79F-E027-4848-B283-64469FE12271}" = protocol=6 | dir=in | app=d:\need for speed\launcher.exe | "{0EF28080-E721-4CF1-9B2C-C3C5C721AD07}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{112562B8-3957-45F7-B277-4FD7056109E5}" = protocol=6 | dir=out | app=system | "{1159489B-EC86-4F98-9443-00A7723E5D84}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{13D508C2-9376-4B7B-BBA0-67F6F45C1C9C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{142A502C-0233-4EAB-8FC5-1E79067F8BC4}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{16E70785-E811-481F-9369-7C18878AA199}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{1759F1F2-87E9-469A-BFB5-309012FC1841}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{1865275C-4B71-4CBD-9CBC-028B6AD17452}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{1AA9A659-4A0C-4273-8B33-AFAE257D9B34}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | "{1AF0122A-0D75-4EB1-AC4A-AE76023AFEB8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{1B77A215-FD16-43A3-96DF-EEB35CFB3D04}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{1C738D1A-3651-4A1F-A540-71B3E168B925}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{1ED69DA6-0AA5-4FAD-911E-EE8D4763A577}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1FAB579A-A03A-4923-B983-12775F46E041}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{20E6CC36-C728-40F7-955C-216E21DF6872}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2594D8B8-DE39-4C4C-9633-34B0C32A0510}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{2CF8752D-E278-47C0-A2AA-EF68133854AB}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "{2ED29990-54B0-474A-A1CF-29A651A4D9AA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{308118B0-5ADF-4E68-80DE-A0333FD9C5DD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{31E64B57-43C7-4AB8-A129-2F89E8F7B9B1}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{323E02B2-1EB3-45BE-BC1D-F0043787DA25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3445FD17-7EE4-4817-AE92-FF0BC23B0DF9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{35CECA43-B51C-4035-B266-436CE52C095D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3815F66D-D479-477A-8CBE-33F40E4A5DCD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{3B971A04-025B-448B-BC7D-624CCFC09482}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3E76B29C-398E-4251-898A-E3B6756287CB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{40B04D34-CD9B-4CF4-A331-DA640888C740}" = protocol=6 | dir=in | app=d:\origin games\battlefield 3\bf3.exe | "{488B3722-B035-49DA-ADF9-B08E32A2CC59}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | "{4F125551-BC65-4919-8536-BF4A25DF6637}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{4FF803E0-45AF-4BB3-B2F4-6343658815DB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{50851CC9-B755-4034-BDAA-1C955236E51F}" = protocol=17 | dir=in | app=d:\origin games\battlefield 3\bf3.exe | "{511E19F5-251E-4766-BF51-DFE3296B524A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{52A88882-3680-4399-BEEC-6138D3F2CD0D}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\torchlight ii\torchlight2.exe | "{52BD55F3-9BEC-4715-9B2B-E27B9E6DBE31}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{545977F1-DE00-43B0-B2A3-0E9E66424C51}" = protocol=6 | dir=in | app=d:\vindictus\en-us\nmservice.exe | "{56C75C8D-7076-473E-A6AC-81323E65A039}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5B8F3C54-4F89-4983-8205-A325A09D8E93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{5E7C8991-60F2-4762-BE08-322877DA0267}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe | "{5E8CEAED-6FB7-4186-9394-2E7F0CF78F2B}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{61B27E1F-5AD3-466B-9869-9BB86F68B8A1}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{6250C2D6-7E43-4CAF-9A98-73BDA0530B4B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6686E423-19C4-409C-BA3D-E179220C5F02}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | "{6A283A78-E2CE-4FC3-A976-1F43932116EC}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{6B25BD59-4D4E-4F5E-BC10-210FF4F3F923}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6BEB85ED-8072-4F84-949E-0C25835FC530}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6DFCF3DF-C5FB-4BBE-A9A2-9F3B97D15991}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6FFC44CB-2575-416A-85A2-9187CC9C5698}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{74A42726-7816-4B78-95CA-3B0ED27DB774}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\torchlight\torchlight.exe | "{7A56D396-2F57-44F8-BBFE-D7D20A20E24B}" = protocol=17 | dir=in | app=d:\ventrilo\ventrilo.exe | "{7A9A673B-D5AD-48F5-99F3-F1058D5B444E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{80530A24-B9F9-42AF-8F16-BC4344627A16}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | "{82352D57-2803-4BBD-B67C-A74E5A602789}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{85EB136B-762F-4C0E-9484-18656337735F}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{890956E4-942D-41BE-851D-29CD3E595ED6}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\torchlight\torchlight.exe | "{890F6CA0-0DC0-497B-ABF5-C509DB78A4AC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{8EBF16D1-5C38-43BE-8B0A-7ABA432AE9B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8FBFDDC2-9354-4506-99A8-8DCEFF69DAE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{932903D6-7380-4323-98C5-0BD0A287A3BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{952848FC-8CC1-4E6D-9326-5D07180DF8A3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9716FF04-4E22-4BD7-BCC5-BC13E5288088}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{97816A83-4CE3-4F06-82F2-48E0F42533E4}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{9D74D8F6-E0CE-4D52-89E0-1A2D2248C0EB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{A0015A15-AE23-4F1E-9E2D-CB21BCF9119F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A1EF144B-0346-4899-8709-D255E1BA8CBF}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{A2C51C81-D9D2-4AC9-AE14-F48FA6A5D73C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A6B03C0A-A89C-486C-BA08-A6A6A3AD30B9}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{AA1691F3-F986-4E85-A9D3-A96005025FAB}" = protocol=17 | dir=in | app=c:\users\aaron\appdata\local\akamai\netsession_win.exe | "{AAF442BD-F3B0-4994-BD78-E87B898C5931}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{AE5844B3-F4C6-4995-AF65-4AF4797EA028}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe | "{AF8AAFB9-C5FE-4BFF-9B05-9BB727046A25}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B327A46C-D607-4DE8-8B57-938C50E71E20}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{B5D5FE04-2C27-4CEE-A034-5FFA3272FA72}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BB673E9E-DB64-453D-88B1-DF8C1CD3AC80}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BC36F9B3-6CA6-4E3A-AFEC-A4B9B8038D94}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{C26BED82-A88F-474D-AA45-967207B38124}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{C6924E2B-1A47-4997-A40E-B9D1BF8719BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C76B8A13-7350-4BA0-9839-41A322B53D18}" = protocol=17 | dir=in | app=d:\vindictus\en-us\nmservice.exe | "{C7C770C3-BA27-4243-A7F3-4845B8961996}" = protocol=6 | dir=in | app=d:\ventrilo\ventrilo.exe | "{C96F04DD-E121-4000-AB84-146DB812B26E}" = dir=in | app=conquer_v5517_p2p_20110729.exe | "{CA40A452-AA73-4952-8DFB-8CE56E2E3ABA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{CDC72FF7-01F2-48D6-BB30-F2C53D9DB495}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{CF4CA139-40B8-411A-BB2B-ACD38D32C35B}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{D1902810-60B0-4334-A1C5-B137E6185427}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{D52E613F-727F-4A3E-B614-DC8F08D009BE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D58002E2-4D23-4C55-952E-93653F001301}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "{D6D9FCB4-4565-47BA-B247-918624C92144}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\age of empires online\aoeonline.exe | "{DB787BAA-CFA0-4759-BC57-B6827BCA59D3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{DBEC44DC-32DC-4C3B-A6A6-AF097078117F}" = protocol=17 | dir=in | app=d:\need for speed\launcher.exe | "{DE26F1A4-7A76-4348-A580-2DD9FB7FA690}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{DFACD6D8-9CE8-42F5-802F-0EAE62445A01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E5FFA644-EB61-4989-93F7-269C95235514}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E7EA0080-3FAD-4ED5-84AE-7A71B9C5226A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{EA0855EB-3685-4654-A1E4-CB617CE14578}" = protocol=6 | dir=in | app=g:\steam\steamapps\common\torchlight ii\torchlight2.exe | "{EC3536EA-8A54-4E42-AFDF-14FE4E2C8D18}" = protocol=17 | dir=in | app=g:\steam\steamapps\common\age of empires online\aoeonline.exe | "{ECEEAA77-C5B7-4ADB-B836-04D19C54071A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{EF746A9A-9024-4206-8037-E946A8D15F1A}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{F14FD1EA-6420-45A6-A7AB-9AC0CB678B53}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FB0B970F-0C9E-4359-873D-B02933895995}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FB4D057D-24A0-48C8-A3B4-643A29B7CE97}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FEE28D77-2041-46FC-90E9-77466168E7B1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "TCP Query User{01A1E733-C485-4B64-9562-3CD5659AA34C}D:\need for speed\nfs11.exe" = protocol=6 | dir=in | app=d:\need for speed\nfs11.exe | "TCP Query User{089812D7-2E26-409D-8404-309BD058268F}G:\steam\steam.exe" = protocol=6 | dir=in | app=g:\steam\steam.exe | "TCP Query User{0A5BB023-3BFB-4C78-BE38-5F692E2D2C0A}D:\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=d:\vindictus\en-us\vindictus.exe | "TCP Query User{27B68F64-3098-45EE-8B3D-EE5BE45C1BE2}G:\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\age of empires online\spartan.exe | "TCP Query User{391DA165-00D2-4CBA-B5DF-3695F610558C}C:\users\aaron\downloads\conquer_v5517_p2p_20110729.exe" = protocol=6 | dir=in | app=c:\users\aaron\downloads\conquer_v5517_p2p_20110729.exe | "TCP Query User{4B585120-8F2D-4869-B1B8-E7030519179C}C:\users\aaron\downloads\starcraft_2_beta_enus.exe" = protocol=6 | dir=in | app=c:\users\aaron\downloads\starcraft_2_beta_enus.exe | "TCP Query User{542092C1-6BDC-4622-8AEA-A6920F56D49B}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | "TCP Query User{552B9D4D-283A-495E-AA0D-E2DC0EC14335}C:\users\aaron\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\aaron\appdata\local\akamai\netsession_win.exe | "TCP Query User{5C4A59A9-F7F1-469D-A02C-6A1FAB010567}C:\users\aaron\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\aaron\downloads\diablo-iii-8370-enus-installer-downloader.exe | "TCP Query User{601A6E9F-882E-4C36-9EE1-BD6A65A9B569}D:\hon\hon.exe" = protocol=6 | dir=in | app=d:\hon\hon.exe | "TCP Query User{63D25F33-784B-483C-AA87-7E02D0525404}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | "TCP Query User{7581DABD-120C-4738-9584-BCDF96FF47C7}C:\program files (x86)\common files\wiz1x0sr_105sr_cfg.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\wiz1x0sr_105sr_cfg.exe | "TCP Query User{965E58B4-C100-40DE-A615-E9AFC588326C}C:\users\aaron\downloads\sro_l5.5_full_client_downloader.exe" = protocol=6 | dir=in | app=c:\users\aaron\downloads\sro_l5.5_full_client_downloader.exe | "TCP Query User{A324E893-F34E-4F29-A64E-09FDAAEA3C28}F:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=f:\diablo iii\diablo iii.exe | "TCP Query User{AA0D4BAA-9854-47FA-8B95-103995BD2FD0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{B1784FB4-6231-4270-AAE1-5C75C367D0E8}D:\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | "TCP Query User{CCF4988C-A2F1-42B0-B3C9-5611F48E7CA2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{D8B0A0B1-0B10-4F8A-A646-0D1C0DAAF82F}G:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=g:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "TCP Query User{EF98BC94-DE47-403C-AA26-8EB4BDED72E0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{F6F30D30-83B5-4AF8-9E8D-E2ACAEE93BFB}F:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=f:\guild wars 2\gw2.exe | "UDP Query User{15E1F0E8-5111-48EF-8B5D-322DFEC9119D}G:\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\age of empires online\spartan.exe | "UDP Query User{17199C0B-98EA-41B4-AEE2-C8F252E96FD6}C:\users\aaron\downloads\conquer_v5517_p2p_20110729.exe" = protocol=17 | dir=in | app=c:\users\aaron\downloads\conquer_v5517_p2p_20110729.exe | "UDP Query User{2F500B5A-F222-45BF-A5B2-0B5B135AF403}C:\users\aaron\downloads\starcraft_2_beta_enus.exe" = protocol=17 | dir=in | app=c:\users\aaron\downloads\starcraft_2_beta_enus.exe | "UDP Query User{3E0B0E95-0112-48F6-9E2B-37DF4345A833}D:\need for speed\nfs11.exe" = protocol=17 | dir=in | app=d:\need for speed\nfs11.exe | "UDP Query User{3F4396A2-6FC8-4BC6-AD3B-0438F800F23A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{4AF698D4-AAD3-46F1-BE69-2F987BAE7C7C}D:\hon\hon.exe" = protocol=17 | dir=in | app=d:\hon\hon.exe | "UDP Query User{52DD9348-5A30-4757-8028-9A42F2A8A4A6}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{60746DCA-A200-4831-9F38-103D3FDAA347}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe | "UDP Query User{6744B3BD-4C16-48F6-BD99-123A9A5EDC9A}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | "UDP Query User{752BD90E-7A92-4C18-B02A-26E5CB11B482}C:\program files (x86)\common files\wiz1x0sr_105sr_cfg.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\wiz1x0sr_105sr_cfg.exe | "UDP Query User{76745102-A5A3-4AC3-93ED-D2CD6E988916}F:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=f:\guild wars 2\gw2.exe | "UDP Query User{853F89DE-544F-4518-B0EF-B9F1FE74765E}G:\steam\steam.exe" = protocol=17 | dir=in | app=g:\steam\steam.exe | "UDP Query User{85E25EA6-877E-4E05-B4BD-8E4164D4E484}D:\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | "UDP Query User{9ECC63D0-4E40-4AB8-B67F-9DA2FE58FC84}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{B756EBE5-A411-4974-BB65-792EE15C155D}C:\users\aaron\downloads\sro_l5.5_full_client_downloader.exe" = protocol=17 | dir=in | app=c:\users\aaron\downloads\sro_l5.5_full_client_downloader.exe | "UDP Query User{B96C8829-532C-4207-8E91-04399E5DC47E}C:\users\aaron\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\aaron\appdata\local\akamai\netsession_win.exe | "UDP Query User{C068D4E5-F56B-4819-8B21-4D54694E287D}C:\users\aaron\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\aaron\downloads\diablo-iii-8370-enus-installer-downloader.exe | "UDP Query User{C550A233-06E0-4BC6-BD63-66BD126C2ACF}F:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=f:\diablo iii\diablo iii.exe | "UDP Query User{EDBCD3FB-3B9D-4859-AB7E-E16F9070B93F}G:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=g:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "UDP Query User{FD57170F-882B-47D5-815F-6A4F16E575BD}D:\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=d:\vindictus\en-us\vindictus.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64 "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5F352F3C-160B-713A-A031-18293EC4CA5A}" = AMD Media Foundation Decoders "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2 "{78E9970B-4395-61A6-B912-1CC406174773}" = AMD Catalyst Install Manager "{7A80B61A-72A1-7800-C4B0-855F056243DA}" = ccc-utility64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{96F12D74-C53F-6276-73CB-851E73482270}" = AMD Drag and Drop Transcoding "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{C4171DD9-EED6-2613-312A-FC8E168E7C3B}" = AMD Accelerated Video Transcoding "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "0E74EB10C05C955C24243E6D3120CDC972FC5B1D" = Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500) "2AA10AB519DC7432D599A0E860206A7DDCC27764" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.54 "F9FD5BBF579A4BFD40D38BE291F731666B27DC28" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "sp6" = Logitech SetPoint 6.32 "SynTPDeinstKey" = Synaptics Pointing Device Driver "USB 2.0 2.0M UVC WebCam" = USB 2.0 2.0M UVC WebCam "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05DCB19F-234A-7E88-522D-4C90F3D501EE}" = CCC Help Chinese Standard "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{0825DB8F-54A6-1964-3E8E-D9548777447E}" = CCC Help Greek "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0116D6-60DD-9DDB-39A3-B9E82EB82FFA}" = CCC Help Finnish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D6F13C8-83EE-5B1E-AFA2-D048118F8E17}" = CCC Help Swedish "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool "{0E9E7F27-15EA-C664-796F-BF0B51FAA8D2}" = CCC Help Danish "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1204BC47-3822-B05A-ED32-987F3653A954}" = Catalyst Control Center Graphics Previews Common "{1577F264-A7FC-5A53-823B-D1EDF32D611D}" = CCC Help Japanese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 29 "{26C5D4C6-E7EC-64B2-E119-549D9B271820}" = CCC Help Turkish "{28241D8C-C149-57A3-9659-6C1C2F3588C5}" = CCC Help Czech "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{32C09AEA-BCAE-4595-0A9E-1DA30A0CA936}" = CCC Help English "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{38468127-9E6F-4FC9-B5F7-42D4AD437D96}" = Unigine Heaven Benchmark v2.1 "{3880E12E-99E8-0191-B947-498F87E360E1}" = CCC Help Korean "{38F8D823-008D-4E5A-BBCE-867A86C2BF2B}" = Sound Blaster Audigy HD "{3C8BD1B0-5E91-573D-A5F5-B80430D30436}" = CCC Help Spanish "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{4026AEE5-528D-72E8-9A23-C51C7EBCB124}" = CCC Help Norwegian "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B8FD0B6-CFC9-E468-357C-E6EAA83EE2EB}" = CCC Help German "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{53A5DF5E-E0B2-64D7-9908-500B590B0C7F}" = CCC Help Polish "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{59C45031-B4B1-EAA3-01B3-23FF59A1DDB5}" = CCC Help Thai "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2 "{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0 "{73A0F8AC-61F6-4C86-D448-7EB8C066A0F3}" = CCC Help French "{75430901-2556-AAAF-C31A-CB35BEE5DB71}" = CCC Help Hungarian "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{78B51FD5-DA3F-4B48-8F3F-4E4068F25D89}_is1" = Conquer Online 2.0 "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed Hot Pursuit "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8651BEDC-F331-8263-B856-696194F55B9A}" = CCC Help Russian "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D4F1C64-4E17-9532-E0DC-A08E2A7A7502}" = CCC Help Chinese Traditional "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FD17B01-2356-455D-5397-1BED89DFA07F}" = CCC Help Dutch "{A6558E2A-FAF9-4570-AA49-6328D0354517}" = ASPCA Reminder by We-Care.com v4.1.21.1 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2 "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B72E80DB-DF9B-DE1E-8899-CC74B6B9456A}" = Catalyst Control Center InstallProxy "{BB87040F-C72D-69D8-356B-F7ABE8FD792E}" = CCC Help Portuguese "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage "{C4625A3D-F9A3-D5F4-F60F-2BB24DCC1C01}" = Catalyst Control Center "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C9CF43F4-CFFA-629E-C2EF-D5F330D593F4}" = Catalyst Control Center InstallProxy "{CB011820-5484-4BC9-9644-88C17A69E708}" = WIZ1x0_105SR Configtool "{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DDEC4DE4-F0E5-410F-AD49-3D34EF97629B}" = Path of Exile "{DFDDBC6C-54F0-A526-40C5-E3DC41BD4098}" = CCC Help Italian "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F06119B1-23C6-8EB7-D8B9-1EDBAC8B254A}" = Catalyst Control Center Localization All "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Afterburner" = MSI Afterburner 2.2.0 "AIM_7" = AIM 7 "Akamai" = Akamai NetSession Interface Service "AMD GPU Clock Tool" = AMD GPU Clock Tool "ASUS_Notebook_G73" = ASUS_Notebook_G73 Screen Saver "AutoItv3" = AutoIt v3.3.8.1 "avast" = avast! Free Antivirus "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Battle.net" = Battle.net "BitTorrent" = BitTorrent "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Coupon Companion Plugin" = Coupon Companion Plugin "Diablo II" = Diablo II "Diablo III" = Diablo III "Diablo III Beta" = Diablo III Beta "ESN Sonar-0.70.4" = ESN Sonar "FlashGet 3.5" = FlashGet 3.5 "Fraps" = Fraps "GOM Player" = GOM Player "GomTVStreamer" = GOMTV Streamer "Google Chrome" = Google Chrome "Guild Wars" = Guild Wars "Guild Wars 2" = Guild Wars 2 "hon" = Heroes of Newerth "HWiNFO32_is1" = HWiNFO32 Version 3.51 "HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0 "ImgBurn" = ImgBurn "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader "JDownloader" = JDownloader "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Origin" = Origin "Picasa 3" = Picasa 3 "Pro Pinball - Timeshock!" = Pro Pinball - Timeshock! "PunkBusterSvc" = PunkBuster Services "Sapphire TRIXX" = Sapphire TRIXX "StarCraft II" = StarCraft II "Steam App 105430" = Age of Empires Online "Steam App 41500" = Torchlight "Steam App 49520" = Borderlands 2 "Steam App 550" = Left 4 Dead 2 "Steam App 730" = Counter-Strike: Global Offensive Beta "Vindictus" = Vindictus "VLC media player" = VLC media player 2.0.2 "WinLiveSuite" = Windows Live Essentials "Yahoo! Messenger" = Yahoo! Messenger "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3974401158-4218961396-83953717-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/24/2012 10:57:09 PM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "d:\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "d:\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 12/28/2012 6:09:20 AM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "d:\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "d:\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 12/29/2012 9:58:31 PM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "d:\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "d:\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 12/30/2012 6:13:19 PM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Aaron\Downloads\Conquer_v5517_P2P_20110729.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 12/30/2012 6:13:19 PM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Aaron\Downloads\Conquer_v5517_P2P_20110729.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 1/1/2013 3:01:19 AM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "d:\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "d:\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 1/4/2013 11:58:14 PM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "d:\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "d:\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 1/6/2013 1:13:39 AM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "d:\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "d:\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 1/11/2013 8:22:42 PM | Computer Name = Aaron-PC | Source = Application Hang | ID = 1002 Description = The program SETUP.EXE version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1658 Start Time: 01cdf05a9ebff53c Termination Time: 2 Application Path: H:\SETUP.EXE Report Id: 28fcfca6-5c4e-11e2-be69-1c4bd611cc8d Error - 1/13/2013 12:51:43 AM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "d:\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "d:\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 1/13/2013 5:13:11 AM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Aaron\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 1/13/2013 5:23:10 AM | Computer Name = Aaron-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\Aaron\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ System Events ] Error - 1/14/2013 4:29:36 AM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001 Description = The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error - 1/14/2013 11:26:35 PM | Computer Name = Aaron-PC | Source = PNRPSvc | ID = 102 Description = Error - 1/14/2013 11:26:35 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7023 Description = The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error - 1/14/2013 11:26:35 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001 Description = The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error - 1/14/2013 11:26:45 PM | Computer Name = Aaron-PC | Source = PNRPSvc | ID = 102 Description = Error - 1/14/2013 11:26:45 PM | Computer Name = Aaron-PC | Source = PNRPSvc | ID = 102 Description = Error - 1/14/2013 11:26:45 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7023 Description = The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error - 1/14/2013 11:26:45 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001 Description = The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 Error - 1/14/2013 11:26:45 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7023 Description = The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535 Error - 1/14/2013 11:26:45 PM | Computer Name = Aaron-PC | Source = Service Control Manager | ID = 7001 Description = The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535 < End of report >
- January 15, 2013
- 17 replies
Im Infected, Getting constant redirecting when surfing the web

prozerran replied to prozerran's topic in Resolved Malware Removal Logs

I am still getting redirecting to this website when using firefox: http://click.livesearchnow.com After running combofix, Whenever I tried to open any program I would get this message: "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer ComboFix 13-01-13.01 - Aaron 01/13/2013 19:00:26.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8117.5947 [GMT -8:00] Running from: c:\users\Aaron\Downloads\ComboFix.exe Command switches used :: c:\users\Aaron\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Coupon Companion Plugin c:\program files (x86)\Coupon Companion Plugin\ButtonUtil.dll c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin-bg.exe c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.exe c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.ico c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.ini c:\program files (x86)\Coupon Companion Plugin\Coupon Companion PluginGui.exe c:\program files (x86)\Coupon Companion Plugin\Coupon Companion PluginInstaller.log c:\program files (x86)\Coupon Companion Plugin\Uninstall.exe c:\users\Aaron\AppData\Local\Coupon Companion Plugin c:\users\Aaron\AppData\Local\Coupon Companion Plugin\Chrome\Coupon Companion Plugin.crx F:\install.exe . Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache86\userinit.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 ))))))))))))))))))))))))))))))) . . 2013-01-14 03:07 . 2013-01-14 03:07 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-14 03:07 . 2013-01-14 03:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-13 09:36 . 2013-01-13 09:36 -------- d-----w- c:\users\Aaron\AppData\Local\Programs 2013-01-13 09:08 . 2013-01-13 09:08 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-12 00:22 . 2012-11-19 09:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72576F8D-DDFC-4D85-B277-D06A78CEF284}\mpengine.dll 2013-01-09 05:30 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-12-21 11:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 11:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 11:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 11:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-20 08:23 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-12-20 08:23 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-12-20 08:23 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-12-20 08:23 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-12-20 08:23 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-12-20 08:23 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-12-20 08:23 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-12-20 08:22 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr 2012-12-20 08:22 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-12-20 08:22 . 2012-12-20 08:22 -------- d-----w- c:\programdata\AVAST Software 2012-12-20 08:22 . 2012-12-20 08:22 -------- d-----w- c:\program files\AVAST Software 2012-12-17 23:35 . 2012-12-17 23:35 -------- d-----w- c:\users\Aaron\AppData\Roaming\SUPERAntiSpyware.com 2012-12-17 23:35 . 2012-12-18 05:47 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-12-17 23:35 . 2012-12-17 23:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 10:32 . 2010-06-23 08:46 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-15 00:49 . 2012-11-17 23:58 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-06 04:50 . 2012-12-06 04:50 61440 ----a-r- c:\users\Aaron\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe 2012-12-06 04:49 . 2012-12-06 04:49 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL 2012-11-30 04:45 . 2013-01-09 05:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-12 10:59 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 10:59 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 10:59 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 10:59 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 10:59 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 10:59 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 10:59 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 10:59 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 10:59 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 10:59 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 10:59 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 10:59 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 10:59 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 10:59 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 10:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 10:59 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 10:59 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 10:59 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 10:59 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 10:59 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 10:59 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 10:59 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 05:07 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 05:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-08 19:29 . 2012-11-08 19:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-11-02 05:59 . 2012-12-12 05:07 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 05:07 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-16 08:38 . 2012-11-27 22:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 22:20 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 22:20 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2009-01-13 22:45 . 2011-02-11 10:45 81920 ----a-w- c:\program files (x86)\Common Files\WIZ1x0SR_105SR_CFG.exe 2009-01-13 22:45 . 2011-02-11 10:45 81920 ----a-w- c:\program files\Common Files\WIZ1x0SR_105SR_CFG.exe 2006-12-01 13:54 . 2011-02-11 10:45 626688 ----a-w- c:\program files (x86)\Common Files\MSVCR80.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}] c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll [bU] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Aaron\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "SpybotSD TeaTimer"="d:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] "DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032] "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032] R3 atillk64;atillk64;d:\amd gpu clock tool\atillk64.sys [x] R3 cpuz130;cpuz130;c:\users\Aaron\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-12 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-12 79360] R3 dump_wmimmc;dump_wmimmc;d:\lunaplus\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-23 1255736] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 HWiNFO32;HWiNFO32 Kernel Driver;d:\hwinfo32\HWiNFO64A.SYS [2010-02-17 31104] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-31 20968] S2 MBAMScheduler;MBAMScheduler;d:\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-15 398184] S2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2012-12-15 682344] S2 SBSDWSCService;SBSD Security Center Service;d:\spybot - search & destroy\SDWinSec.exe [2009-01-26 1153368] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 23:35] . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 23:35] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\ FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z147&form=ZGAADF&install_date=20121207&q= FF - ExtSQL: 2012-12-20 00:29; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-Coupon Companion Plugin - c:\program files (x86)\Coupon Companion Plugin\Uninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3974401158-4218961396-83953717-1001\Software\SecuROM\License information*] "datasecu"=hex:f4,4e,19,80,c0,4d,53,4f,35,a1,44,10,73,3d,23,72,21,27,01,29,b0, 83,1b,56,7e,e6,3c,bb,f1,a4,54,8d,6d,96,e2,11,d6,72,51,08,04,7d,81,8e,04,56,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\windows\SysWOW64\PnkBstrA.exe d:\malwarebytes' anti-malware\mbamgui.exe c:\windows\AsScrPro.exe c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe . ************************************************************************** . Completion time: 2013-01-13 19:14:10 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-14 03:14 ComboFix2.txt 2013-01-14 02:40 ComboFix3.txt 2011-08-03 07:05 . Pre-Run: 15,261,732,864 bytes free Post-Run: 15,215,927,296 bytes free . - - End Of File - - 02F016B7CB502771C53C1133F3625BC1
- January 14, 2013
- 17 replies
Im Infected, Getting constant redirecting when surfing the web

prozerran replied to prozerran's topic in Resolved Malware Removal Logs

After running combofix, it seems like I'm not getting anymore redirecting. Before I only get redirecting when using firefox, but when I use Chrome, theres no redirecting. ComboFix 13-01-13.01 - Aaron 01/13/2013 18:27:19.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8117.6270 [GMT -8:00] Running from: c:\users\Aaron\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Coupon Companion Plugin\CoUPon companion plugin.dll c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\searchplugins\bing-zugo.xml c:\windows\~GLC0000.TMP c:\windows\~GLH0000.TMP c:\windows\~GLH0001.TMP c:\windows\SysWow64\WINSKKO.DLL . . ((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 ))))))))))))))))))))))))))))))) . . 2013-01-14 02:36 . 2013-01-14 02:36 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-01-14 02:36 . 2013-01-14 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-14 02:33 . 2013-01-14 02:33 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72576F8D-DDFC-4D85-B277-D06A78CEF284}\offreg.dll 2013-01-13 09:36 . 2013-01-13 09:36 -------- d-----w- c:\users\Aaron\AppData\Local\Programs 2013-01-13 09:08 . 2013-01-13 09:08 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-12 00:22 . 2012-11-19 09:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72576F8D-DDFC-4D85-B277-D06A78CEF284}\mpengine.dll 2013-01-09 05:30 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-12-29 23:55 . 2012-12-29 23:55 -------- d-----w- c:\users\Aaron\AppData\Local\Coupon Companion Plugin 2012-12-29 23:55 . 2013-01-14 02:35 -------- d-----w- c:\program files (x86)\Coupon Companion Plugin 2012-12-21 11:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 11:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 11:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 11:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-20 08:23 . 2012-10-30 23:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-12-20 08:23 . 2012-10-30 23:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-12-20 08:23 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-12-20 08:23 . 2012-10-30 23:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-12-20 08:23 . 2012-10-30 23:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-12-20 08:23 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-12-20 08:23 . 2012-10-30 23:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-12-20 08:22 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr 2012-12-20 08:22 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-12-20 08:22 . 2012-12-20 08:22 -------- d-----w- c:\programdata\AVAST Software 2012-12-20 08:22 . 2012-12-20 08:22 -------- d-----w- c:\program files\AVAST Software 2012-12-17 23:35 . 2012-12-17 23:35 -------- d-----w- c:\users\Aaron\AppData\Roaming\SUPERAntiSpyware.com 2012-12-17 23:35 . 2012-12-18 05:47 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-12-17 23:35 . 2012-12-17 23:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 10:32 . 2010-06-23 08:46 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-15 00:49 . 2012-11-17 23:58 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-06 04:50 . 2012-12-06 04:50 61440 ----a-r- c:\users\Aaron\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe 2012-12-06 04:49 . 2012-12-06 04:49 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL 2012-11-30 04:45 . 2013-01-09 05:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-12 10:59 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-12 10:59 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-12 10:59 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-12 10:59 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-12 10:59 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-12 10:59 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-12 10:59 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-12 10:59 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-12 10:59 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-12 10:59 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-12 10:59 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-12 10:59 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-12 10:59 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-12 10:59 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-12 10:59 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-12 10:59 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-12 10:59 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-12 10:59 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-12 10:59 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-12 10:59 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-12 10:59 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-12 10:59 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45 . 2012-12-12 05:07 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:42 . 2012-12-12 05:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-11-08 19:29 . 2012-11-08 19:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-11-02 05:59 . 2012-12-12 05:07 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-11-02 05:11 . 2012-12-12 05:07 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-10-16 08:38 . 2012-11-27 22:20 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 22:20 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 22:20 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2009-01-13 22:45 . 2011-02-11 10:45 81920 ----a-w- c:\program files (x86)\Common Files\WIZ1x0SR_105SR_CFG.exe 2009-01-13 22:45 . 2011-02-11 10:45 81920 ----a-w- c:\program files\Common Files\WIZ1x0SR_105SR_CFG.exe 2006-12-01 13:54 . 2011-02-11 10:45 626688 ----a-w- c:\program files (x86)\Common Files\MSVCR80.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Aaron\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "SpybotSD TeaTimer"="d:\spybot - search & destroy\TeaTimer.exe" [2009-03-05 2260480] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312] "DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2010-04-01 357696] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-20 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032] "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;d:\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-15 398184] R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2012-12-15 682344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032] R3 atillk64;atillk64;d:\amd gpu clock tool\atillk64.sys [x] R3 cpuz130;cpuz130;c:\users\Aaron\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-12 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-12 79360] R3 dump_wmimmc;dump_wmimmc;d:\lunaplus\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-23 1255736] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 HWiNFO32;HWiNFO32 Kernel Driver;d:\hwinfo32\HWiNFO64A.SYS [2010-02-17 31104] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-12-07 379520] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-31 20968] S2 SBSDWSCService;SBSD Security Center Service;d:\spybot - search & destroy\SDWinSec.exe [2009-01-26 1153368] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 23:35] . 2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 23:35] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com mLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\ FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z147&form=ZGAADF&install_date=20121207&q= FF - ExtSQL: 2012-12-20 00:29; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . - - - - ORPHANS REMOVED - - - - . BHO-{11111111-1111-1111-1111-110211181104} - c:\program files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll Toolbar-Locked - (no file) SafeBoot-58095625.sys AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3974401158-4218961396-83953717-1001\Software\SecuROM\License information*] "datasecu"=hex:f4,4e,19,80,c0,4d,53,4f,35,a1,44,10,73,3d,23,72,21,27,01,29,b0, 83,1b,56,7e,e6,3c,bb,f1,a4,54,8d,6d,96,e2,11,d6,72,51,08,04,7d,81,8e,04,56,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-13 18:40:07 ComboFix-quarantined-files.txt 2013-01-14 02:40 ComboFix2.txt 2011-08-03 07:05 . Pre-Run: 14,730,108,928 bytes free Post-Run: 14,814,527,488 bytes free . - - End Of File - - 30FC43FE94EAEB7BEC27EBD143867D63
- January 14, 2013
- 17 replies
Im Infected, Getting constant redirecting when surfing the web

prozerran replied to prozerran's topic in Resolved Malware Removal Logs

I'm still getting redirecting.. and the site doesnt load.. just a white page. Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 29 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.1.102.55 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (18.0) Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` # AdwCleaner v2.105 - Logfile created 01/13/2013 at 02:04:06 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Aaron - AARON-PC # Boot Mode : Normal # Running from : C:\Users\Aaron\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Updater Service for StartNow Toolbar Stopped & Deleted : WajamUpdater ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility Folder Deleted : C:\Program Files (x86)\Wajam Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\ProgramData\Premium Folder Deleted : C:\ProgramData\WeCareReminder Folder Deleted : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Folder Deleted : C:\Users\Aaron\AppData\Local\Wajam Folder Deleted : C:\Users\Aaron\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Folder Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} Folder Deleted : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\extensions\wecarereminder@bryan ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKCU\Software\Wajam Key Deleted : HKCU\Software\wecarereminder Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1 Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\Software\StartNow Toolbar Key Deleted : HKLM\Software\Wajam Key Deleted : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\prefs.js C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\swy43anp.default\user.js ... Deleted ! Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,SkipScreen%40SkipScreen:0.[...] Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...] Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true); Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...] Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.install_folder", "C:\\Program Files (x86)\\StartNo[...] Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar"); -\\ Google Chrome v23.0.1271.97 File : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [10124 octets] - [13/01/2013 02:04:06] ########## EOF - C:\AdwCleaner[s1].txt - [10185 octets] ########## RogueKiller V8.4.3 [Jan 10 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Aaron [Admin rights] Mode : Remove -- Date : 01/13/2013 02:10:09 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [RUN][bLACKLISTDLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> DELETED [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\X6va001 (C:\Users\Aaron\AppData\Local\Temp\0018143.tmp) -> DELETED [services][ROGUE ST] HKLM\[...]\ControlSet001\Services\X6va002 (C:\Users\Aaron\AppData\Local\Temp\0028447.tmp) -> DELETED [services][ROGUE ST] HKLM\[...]\ControlSet002\Services\X6va001 (C:\Users\Aaron\AppData\Local\Temp\0018143.tmp) -> DELETED [services][ROGUE ST] HKLM\[...]\ControlSet002\Services\X6va002 (C:\Users\Aaron\AppData\Local\Temp\0028447.tmp) -> DELETED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] 50c508fb1730cba35f72ed5e146963f8 [bSP] 430eaf6ed8558d670d2c84579f07828f : Windows Vista MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 20001 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40966144 | Size: 119235 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 285159424 | Size: 337701 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST9500420AS +++++ --- User --- [MBR] 346058a5405d7640af2af52e3b13b18c [bSP] e6c2cebec9d5914c6fe029aa4b621d92 : Windows Vista/7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 238459 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488366080 | Size: 238477 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01132013_02d0210.txt >> RKreport[1]_S_01132013_02d0209.txt ; RKreport[2]_D_01132013_02d0210.txt
- January 13, 2013
- 17 replies
Im Infected, Getting constant redirecting when surfing the web

prozerran posted a topic in Resolved Malware Removal Logs

Please help me, here are my two logs. attach.txt dds.txt
- January 13, 2013
- 17 replies

Sign In

prozerran

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by prozerran

Im Infected, Getting constant redirecting when surfing the web

Im Infected, Getting constant redirecting when surfing the web

Im Infected, Getting constant redirecting when surfing the web

Im Infected, Getting constant redirecting when surfing the web

Im Infected, Getting constant redirecting when surfing the web

Im Infected, Getting constant redirecting when surfing the web

Im Infected, Getting constant redirecting when surfing the web

Im Infected, Getting constant redirecting when surfing the web

Im Infected, Getting constant redirecting when surfing the web

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information