Jump to content

stillsleepin

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

Reputation

0 Neutral
  1. stillsleepin
    OTL logfile created on: 2/24/2013 11:57:56 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 83.91% Memory free 8.90 Gb Paging File | 8.63 Gb Available in Paging File | 96.95% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070E:\pagef [binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 289.16 Gb Total Space | 129.41 Gb Free Space | 44.75% Space Free | Partition Type: NTFS Drive D: | 8.92 Gb Total Space | 0.81 Gb Free Space | 9.12% Space Free | Partition Type: NTFS Drive E: | 298.09 Gb Total Space | 68.65 Gb Free Space | 23.03% Space Free | Partition Type: NTFS Drive G: | 14.53 Gb Total Space | 14.43 Gb Free Space | 99.33% Space Free | Partition Type: FAT32 Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe () SRV - (FlipShareServer) -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe () SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (ABBYY.Licensing.FineReader.ScreenshotReader.9.0) -- C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe (ABBYY) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Remote UI Service) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation) SRV - (MCLServiceATL) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation) SRV - (ISSM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel® Corporation) SRV - (AlertService) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation) SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe () SRV - (M1 Server) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe () SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe (Intel® Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- File not found DRV - (NwlnkFlt) -- File not found DRV - (IpInIp) -- File not found DRV - (catchme) -- C:\Users\Owner\AppData\Local\Temp\catchme.sys File not found DRV - (TrueSight) -- C:\Windows\System32\drivers\TrueSight.sys () DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (RsFx0105) -- C:\Windows\System32\drivers\RsFx0105.sys (Microsoft Corporation) DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (hcw18bda) -- C:\Windows\System32\drivers\hcw18bda.sys (Hauppauge Computer Works, Inc) DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (SSKBFD) -- C:\Windows\System32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com)) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (MCSTRM) -- C:\Windows\System32\drivers\mcstrm.sys (RealNetworks, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9C78CC89-4D44-467E-9FED-43E4F41598BD}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt IE - HKLM\..\SearchScopes\{AD7F031B-1E37-4441-B0B7-2D53C0F148FA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{BA03F9B3-E0AA-409B-9357-5AA0C124EEC8}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{02BF8049-74E2-469F-9F5D-C0361F912E27}: "URL" = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms} IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{27A57C1C-EE9B-81EC-BDC1-8EA138781FE4}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z014&form=ZGAIDF IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC&rlz=1I7_____en IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{9C78CC89-4D44-467E-9FED-43E4F41598BD}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{AD7F031B-1E37-4441-B0B7-2D53C0F148FA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{BA03F9B3-E0AA-409B-9357-5AA0C124EEC8}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7 IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20121252,6902,0,63,0" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20121252,16900,0,63,0" FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10 FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.664 FF - prefs.js..extensions.enabledAddons: support%40ancestry.com:1.0.0.1 FF - prefs.js..extensions.enabledAddons: taahenxxmj%40taahenxxmj.org:2.5 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121012015120 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2 FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.4 FF - prefs.js..extensions.enabledItems: plugin2@gameplaylabs.com:2.0 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20121252,6902,0,63,0&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/04 22:22:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012/12/11 06:16:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 21:32:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/07 21:32:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57E72829-C158-4341-BBED-58F0AD1740FD}: C:\Program Files\Google\Google Photos Screensaver\FF_ext [2007/08/14 05:40:36 | 000,000,000 | ---D | M] [2010/02/20 11:42:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions [2013/01/29 16:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions [2012/12/27 10:44:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/07/11 19:57:50 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions\LogMeInClient@logmein.com [2011/04/04 22:22:33 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions\support@ancestry.com [2012/09/19 21:12:26 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions\amznUWL2@amazon.com.xpi [2008/01/18 23:49:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions\taahenxxmj@taahenxxmj.org.xpi [2010/12/05 04:18:21 | 000,001,919 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\searchplugins\bing-zugo.xml [2013/02/07 21:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009/07/04 21:33:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013/02/07 21:32:23 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/09/09 21:51:05 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/14 11:47:33 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Entanglement = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1\ CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ O1 HOSTS File: ([2013/02/04 20:54:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe () O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - HKU\S-1-5-21-3115292585-132024008-615525151-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3115292585-132024008-615525151-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3115292585-132024008-615525151-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\S-1-5-21-3115292585-132024008-615525151-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} http://mvod.web.aol.com/mce/new/ServiceMgr.CAB (ZtServiceManager Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://eserver.solcominc.com/dwa7W.cab (Domino Web Access 7 Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2350491D-60ED-45BD-9443-8EF8116A8580}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\awave.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awave.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/05/24 18:27:07 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - G:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/02/24 11:54:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2013/02/12 20:28:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Doctor Web [2013/02/07 21:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/02/07 20:58:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\mbar [2013/02/06 22:13:31 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe [2013/02/04 20:57:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/02/04 20:57:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp [2013/02/04 20:56:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/04 20:39:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/02/04 20:39:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/02/04 20:39:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/02/04 20:39:27 | 000,000,000 | ---D | C] -- C:\ComboFix [2013/02/04 20:36:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/02/04 20:35:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/02/04 20:33:29 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe [2013/02/03 23:36:14 | 000,000,000 | ---D | C] -- C:\found.000 [2013/02/03 17:22:33 | 000,000,000 | ---D | C] -- C:\FRST [2013/01/29 17:05:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine [2013/01/27 12:19:25 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com [2013/01/27 12:08:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Put back on desktop before running contents ========== Files - Modified Within 30 Days ========== [2013/02/24 11:54:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2013/02/24 11:49:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/24 11:46:03 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/24 11:46:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/24 11:46:01 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\spmonitor.job [2013/02/24 11:46:01 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job [2013/02/12 21:53:40 | 000,762,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/12 21:53:40 | 000,166,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/12 21:49:41 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013/02/12 21:47:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/12 21:01:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/12 20:58:18 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2013/02/12 20:26:18 | 111,230,896 | ---- | M] () -- C:\Users\Owner\Desktop\drweb-cureit.exe [2013/02/12 20:11:45 | 214,769,541 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/02/06 22:35:32 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/06 22:12:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe [2013/02/04 20:54:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/02/04 20:33:40 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe [2013/02/03 15:16:24 | 000,355,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/01/29 17:09:41 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys [2013/01/29 17:04:12 | 000,768,512 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller.exe [2013/01/29 16:46:43 | 000,580,235 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe [2013/01/29 16:12:04 | 000,881,914 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe [2013/01/27 12:19:25 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com [2013/01/26 19:02:32 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job [2013/01/26 13:55:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job ========== Files Created - No Company Name ========== [2013/02/12 20:20:54 | 111,230,896 | ---- | C] () -- C:\Users\Owner\Desktop\drweb-cureit.exe [2013/02/04 20:39:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/02/04 20:39:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/02/04 20:39:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/02/04 20:39:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/02/04 20:39:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/01/29 17:05:43 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys [2013/01/29 17:04:12 | 000,768,512 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller.exe [2013/01/29 16:46:43 | 000,580,235 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe [2013/01/29 16:12:04 | 000,881,914 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe [2012/12/22 08:29:53 | 000,000,055 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mbam.context.scan [2012/12/22 08:08:19 | 000,019,240 | -HS- | C] () -- C:\Users\Owner\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2012/12/22 08:08:19 | 000,019,240 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2012/12/16 10:41:46 | 000,751,078 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\1.bmp [2012/12/16 10:41:34 | 000,018,252 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\sound.mp3 [2012/12/16 10:41:28 | 000,114,890 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\1.jpg [2012/08/30 05:22:34 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe [2011/04/04 21:45:32 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~40492808r [2011/04/04 21:45:32 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~40492808 [2011/02/26 20:26:10 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2007/08/17 23:02:02 | 000,015,360 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >
  2. stillsleepin
    Yes it is.
  3. stillsleepin
    I'm sorry, maybe I've been absent long enough that the version of Dr. Web CureIt! is different now? I didn't find a scan tab so I wasn't able to do anything with Heuristic Analysis. I was also unable to find a place to select to save a report. I did run it twice and it didn't find anything.
  4. stillsleepin
    I ran the Malewarebytes Anti-Rootkit twice and fixdamage once. Both times, the Anti-Rootkit identified no threats. When booted in normal mode, the pc still locks up shortly after the pc comes up.
  5. stillsleepin
    TDSSKiller ran for 1:16, showed a finish of 3:17, processed 357 objects, found 12 threats and then the computer locked up.
  6. stillsleepin
    ComboFix 13-02-03.03 - Owner 02/04/2013 20:42:11.1.4 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2492 [GMT -6:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: Trend Micro Titanium *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Trend Micro Titanium *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . /wow section - STAGE 48 SED: can't read CuRun.dmp: No such file or directory SED: can't read CuRun.dmp: No such file or directory SED: can't read CuRun.dmp: No such file or directory SED: can't read CuRun.dmp: No such file or directory . /wow section - STAGE 50 . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\40492808 . . ((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 ))))))))))))))))))))))))))))))) . . 2013-02-05 02:53 . 2013-02-05 02:54 -------- d-----w- c:\users\Owner\AppData\Local\temp 2013-02-05 02:53 . 2013-02-05 02:53 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2013-02-05 02:53 . 2013-02-05 02:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-04 05:36 . 2013-02-04 05:36 -------- d-----w- C:\found.000 2013-02-03 23:22 . 2013-02-03 23:22 -------- d-----w- C:\FRST 2013-01-29 23:05 . 2013-01-29 23:09 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2013-01-28 02:50 . 2013-01-28 02:50 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-01-09 19:05 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 19:05 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 19:05 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 07:01 . 2012-04-13 08:38 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 07:01 . 2011-06-16 09:08 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 13:12 . 2012-12-21 09:00 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2012-12-21 09:00 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 22:49 . 2012-07-03 07:51 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-14 02:09 . 2012-12-13 09:18 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 01:58 . 2012-12-13 09:18 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 09:18 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 01:49 . 2012-12-13 09:18 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 09:18 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 01:44 . 2012-12-13 09:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-13 01:29 . 2012-12-13 03:27 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-08 13:46 . 2012-12-08 13:46 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Windows Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-05 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912] "SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-03-12 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-12 7770112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-12 81920] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-28 68592] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168] . c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish Media Detector.lnk - c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-3-2 1441792] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON] FactoryMode [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0;ABBYY.Licensing.FineReader.ScreenshotReader.9.0;c:\program files\ABBYY Screenshot Reader\NetworkLicenseServer.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-22 22:26 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 07:01] . 2013-01-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-05 19:07] . 2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 05:20] . 2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-18 05:20] . 2013-01-27 c:\windows\Tasks\HPCeeScheduleForOwner.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-05-25 18:56] . 2013-02-05 c:\windows\Tasks\SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC\sump.exe [2012-08-05 01:44] . 2013-02-05 c:\windows\Tasks\spmonitor.job - c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-08-05 01:44] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} - hxxp://mvod.web.aol.com/mce/new/ServiceMgr.CAB FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20121252,16900,0,63,0 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20121252,6902,0,63,0&p= FF - ExtSQL: 2012-12-11 06:16; {22C7F6C6-8D67-4534-92B5-529A0EC09405}; c:\program files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension FF - ExtSQL: 2012-12-25 17:01; addon@defaulttab.com; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions\addon@defaulttab.com.xpi . - - - - ORPHANS REMOVED - - - - . SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-04 20:54 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2013-02-04 20:57:10 ComboFix-quarantined-files.txt 2013-02-05 02:56 . Pre-Run: 135,714,922,496 bytes free Post-Run: 139,081,523,200 bytes free . - - End Of File - - 64902706B8775CE451538C6F0B569B11 It still locks up in normal mode.
  7. stillsleepin
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-02-2013 02 Ran by SYSTEM at 2013-02-03 23:47:13 Run:1 Running from G:\ ============================================== HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default value was restored successfully . [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}] should be deleted in normal mode (if present). C:\$Recycle.Bin\S-1-5-18\$79b005e273268a47eca5cdb3a313f029 moved successfully. C:\$Recycle.Bin\S-1-5-21-3115292585-132024008-615525151-1001\$79b005e273268a47eca5cdb3a313f029 moved successfully. C:\$Recycle.Bin\S-1-5-18\$79b005e273268a47eca5cdb3a313f029 not found. C:\Users\Owner\AppData\Local\{79b005e2-7326-8a47-eca5-cdb3a313f029} moved successfully. ==== End of Fixlog ==== When I booted in normal mode, it locked up, meaning thee screen froze shortly after displaying the desktop.
  8. stillsleepin
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-02-2013 02 Ran by SYSTEM at 03-02-2013 15:22:39 Running from G:\ Windows Vista Home Premium (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [hpsysdrv] "c:\hp\support\hpsysdrv.exe" [65536 2006-09-28] (Hewlett-Packard Company) HKLM\...\Run: [KBD] "C:\HP\KBD\KbdStub.EXE" [65536 2006-12-08] () HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro) HKLM\...\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [151552 2006-11-15] (Intel Corporation) HKLM\...\Run: [RtHDVCpl] "RtHDVCpl.exe" [x] HKLM\...\Run: [snapfishMediaDetector] "C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe" [1441792 2007-03-02] () HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.) HKLM\...\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart [90191 2007-03-12] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup [7770112 2007-03-12] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-03-12] (NVIDIA Corporation) HKLM\...\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [68592 2009-06-28] (Google Inc.) HKLM\...\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL "" [1111568 2011-10-08] (Trend Micro Inc.) HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [116752 2011-02-10] (Trend Micro Inc.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM\...\Run: [] [x] HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1773568 2007-03-12] (Hewlett-Packard) HKU\Default\...\Run: [Windows Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1233920 2009-04-10] (Microsoft Corporation) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1773568 2007-03-12] (Hewlett-Packard) HKU\Default User\...\Run: [Windows Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1233920 2009-04-10] (Microsoft Corporation) HKU\IUSR_NMPR\...\Run: [Windows Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1233920 2009-04-10] (Microsoft Corporation) HKU\Owner\...\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun [1233920 2009-04-10] (Microsoft Corporation) HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation) HKU\Owner\...\Run: [Windows Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1233920 2009-04-10] (Microsoft Corporation) HKU\Owner\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2007-08-05] (Google Inc.) HKU\Owner\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation) HKU\Owner\...\CurrentVersion\Windows: [Load] C:\Users\Owner\LOCALS~1\Temp\msezucw.com HKLM\...\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe [44168 2007-03-07] (soft thinks) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish Media Detector.lnk ShortcutTarget: Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe () Startup: C:\Users\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 ABBYY.Licensing.FineReader.ScreenshotReader.9.0; "C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY) 2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) 3 AlertService; "C:\Program Files\Intel\IntelDH\CCU\AlertService.exe" [188416 2006-09-11] (Intel® Corporation) 2 DQLWinService; "C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [208896 2006-09-03] () 2 FlipShare Service; "C:\Program Files\Flip Video\FlipShare\FlipShareService.exe" [460144 2011-05-06] () 2 FlipShareServer; "C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe" [1085440 2011-05-06] () 2 IntelDHSvcConf; "C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [29696 2006-05-10] (Intel® Corporation) 3 ISSM; "C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe" [75264 2006-09-11] (Intel® Corporation) 3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-08-31] () 2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation) 3 MCLServiceATL; "C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe" [167936 2006-09-11] (Intel® Corporation) 2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [43028328 2011-09-22] (Microsoft Corporation) 4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-03-31] (Microsoft Corporation) 3 Remote UI Service; "C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe" [544256 2006-09-11] (Intel® Corporation) 4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [370024 2011-09-22] (Microsoft Corporation) 2 wscsvc; "C:\Windows\system32\wscsvc.dll" [61440 2009-04-10] (Microsoft Corporation) 2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x] 2 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x] 3 RoxMediaDB9; "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" [x] 3 stllssvr; "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x] ==================== Drivers (Whitelisted) ==================== 3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [391168 2009-03-19] (Hauppauge Computer Works, Inc) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation) 3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-01-27] (Malwarebytes Corporation) 2 MCSTRM; C:\Windows\System32\Drivers\MCSTRM.sys [8413 2007-09-08] (RealNetworks, Inc.) 4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation) 3 SSKBFD; C:\Windows\System32\Drivers\sskbfd.sys [23920 2008-01-04] (Webroot Software Inc (www.webroot.com)) 2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [80464 2011-08-01] (Trend Micro Inc.) 2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [189520 2011-08-01] (Trend Micro Inc.) 2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64080 2011-08-01] (Trend Micro Inc.) 1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92112 2011-08-01] (Trend Micro Inc.) 3 TrueSight; \??\C:\Windows\system32\drivers\TrueSight.sys [15616 2013-01-29] () 4 blbdrive; [x] 3 IpInIp; [x] 3 NwlnkFlt; [x] 3 NwlnkFwd; [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-01-29 18:28 - 2013-01-29 18:28 - 00056398 ____A C:\Users\Owner\Desktop\Extras.Txt 2013-01-29 18:26 - 2013-01-29 18:26 - 00078406 ____A C:\Users\Owner\Desktop\OTL.Txt 2013-01-29 18:13 - 2013-01-29 18:13 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe 2013-01-29 15:05 - 2013-01-29 15:09 - 00015616 ____A C:\Windows\System32\Drivers\TrueSight.sys 2013-01-29 15:05 - 2013-01-29 15:09 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine 2013-01-29 15:04 - 2013-01-29 15:04 - 00768512 ____A C:\Users\Owner\Desktop\RogueKiller.exe 2013-01-29 14:48 - 2013-01-29 14:48 - 00012558 ____A C:\AdwCleaner[s1].txt 2013-01-29 14:46 - 2013-01-29 14:46 - 00580235 ____A C:\Users\Owner\Desktop\adwcleaner.exe 2013-01-29 14:12 - 2013-01-29 14:12 - 00881914 ____A C:\Users\Owner\Desktop\SecurityCheck.exe 2013-01-27 18:50 - 2013-01-27 18:50 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-01-27 18:34 - 2013-01-27 18:34 - 00000000 ____A C:\Users\Owner\Desktop\New Text Document.txt 2013-01-27 10:26 - 2013-01-27 10:26 - 00016547 ____A C:\Users\Owner\Desktop\attach.txt 2013-01-27 10:26 - 2013-01-27 10:26 - 00014402 ____A C:\Users\Owner\Desktop\dds.txt 2013-01-27 10:19 - 2013-01-27 10:19 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com 2013-01-27 10:08 - 2013-01-27 10:11 - 00000000 ____D C:\Users\Owner\Desktop\Put back on desktop before running contents 2013-01-09 11:05 - 2012-11-22 17:35 - 02048000 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-01-09 11:05 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll 2013-01-09 11:05 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2013-01-09 11:05 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll ==================== One Month Modified Files and Folders ======== 2013-02-03 15:22 - 2013-02-03 15:22 - 00000000 ____D C:\FRST 2013-02-03 13:16 - 2006-11-02 04:47 - 00355072 ____A C:\Windows\System32\FNTCACHE.DAT 2013-02-03 13:13 - 2009-12-17 21:20 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-02-03 13:13 - 2007-05-24 16:40 - 00000000 ____D C:\Windows\SMINST 2013-02-03 13:12 - 2012-12-07 08:56 - 00000324 ____A C:\Windows\Tasks\spmonitor.job 2013-02-03 13:12 - 2012-08-05 12:32 - 00000270 ____A C:\Windows\Tasks\SpeedUpMyPC.job 2013-02-03 13:12 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-02-03 13:12 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-02-03 13:12 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-01-29 18:28 - 2013-01-29 18:28 - 00056398 ____A C:\Users\Owner\Desktop\Extras.Txt 2013-01-29 18:26 - 2013-01-29 18:26 - 00078406 ____A C:\Users\Owner\Desktop\OTL.Txt 2013-01-29 18:13 - 2013-01-29 18:13 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe 2013-01-29 15:09 - 2013-01-29 15:05 - 00015616 ____A C:\Windows\System32\Drivers\TrueSight.sys 2013-01-29 15:09 - 2013-01-29 15:05 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine 2013-01-29 15:04 - 2013-01-29 15:04 - 00768512 ____A C:\Users\Owner\Desktop\RogueKiller.exe 2013-01-29 14:48 - 2013-01-29 14:48 - 00012558 ____A C:\AdwCleaner[s1].txt 2013-01-29 14:46 - 2013-01-29 14:46 - 00580235 ____A C:\Users\Owner\Desktop\adwcleaner.exe 2013-01-29 14:12 - 2013-01-29 14:12 - 00881914 ____A C:\Users\Owner\Desktop\SecurityCheck.exe 2013-01-27 19:01 - 2012-04-13 00:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-01-27 18:59 - 2006-11-02 04:37 - 00000000 __RHD C:\Users\Public\Recorded TV 2013-01-27 18:53 - 2007-06-08 20:04 - 01908711 ____A C:\Windows\WindowsUpdate.log 2013-01-27 18:50 - 2013-01-27 18:50 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys 2013-01-27 18:42 - 2007-08-05 14:32 - 00000000 ____D C:\Users\Owner\Local Settings\Google 2013-01-27 18:42 - 2007-08-05 14:32 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\Google 2013-01-27 18:42 - 2007-08-05 14:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Google 2013-01-27 18:34 - 2013-01-27 18:34 - 00000000 ____A C:\Users\Owner\Desktop\New Text Document.txt 2013-01-27 10:41 - 2012-12-08 05:46 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-01-27 10:26 - 2013-01-27 10:26 - 00016547 ____A C:\Users\Owner\Desktop\attach.txt 2013-01-27 10:26 - 2013-01-27 10:26 - 00014402 ____A C:\Users\Owner\Desktop\dds.txt 2013-01-27 10:19 - 2013-01-27 10:19 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com 2013-01-27 10:11 - 2013-01-27 10:08 - 00000000 ____D C:\Users\Owner\Desktop\Put back on desktop before running contents 2013-01-27 09:40 - 2006-11-02 05:01 - 00032592 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-01-26 19:39 - 2009-12-17 21:20 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-01-26 17:02 - 2012-07-30 05:23 - 00000322 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job 2013-01-26 11:55 - 2009-03-24 21:18 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job 2013-01-19 02:03 - 2007-05-24 16:42 - 01666596 ____A C:\Windows\PFRO.log 2013-01-13 06:19 - 2009-05-10 05:20 - 00000400 ____A C:\Windows\Tasks\EasyShare Registration Task.job 2013-01-13 01:13 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-01-13 01:02 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-01-12 16:25 - 2007-05-24 16:30 - 00000000 ____D C:\Windows\PCHEALTH 2013-01-10 01:36 - 2006-11-02 02:33 - 00929830 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-10 01:07 - 2007-05-24 16:29 - 00000000 ____D C:\Users\All Users\Microsoft Help 2013-01-10 01:07 - 2007-05-24 16:29 - 00000000 ____D C:\Users\All Users\Application Data\Microsoft Help 2013-01-08 23:01 - 2012-04-13 00:38 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-01-08 23:01 - 2011-06-16 01:08 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$79b005e273268a47eca5cdb3a313f029 C:\$Recycle.Bin\S-1-5-18\$79b005e273268a47eca5cdb3a313f029\L C:\$Recycle.Bin\S-1-5-18\$79b005e273268a47eca5cdb3a313f029\U ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3115292585-132024008-615525151-1001\$79b005e273268a47eca5cdb3a313f029 C:\$Recycle.Bin\S-1-5-21-3115292585-132024008-615525151-1001\$79b005e273268a47eca5cdb3a313f029\L C:\$Recycle.Bin\S-1-5-21-3115292585-132024008-615525151-1001\$79b005e273268a47eca5cdb3a313f029\U ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$79b005e273268a47eca5cdb3a313f029 ZeroAccess: C:\Users\Owner\AppData\Local\{79b005e2-7326-8a47-eca5-cdb3a313f029} C:\Users\Owner\AppData\Local\{79b005e2-7326-8a47-eca5-cdb3a313f029}\L C:\Users\Owner\AppData\Local\{79b005e2-7326-8a47-eca5-cdb3a313f029}\U C:\Users\Owner\AppData\Local\{79b005e2-7326-8a47-eca5-cdb3a313f029}\L\00000004.@ C:\Users\Owner\AppData\Local\{79b005e2-7326-8a47-eca5-cdb3a313f029}\L\55490ac4 ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2012-12-12 19:27] - [2012-08-21 03:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 3069.88 MB Available physical RAM: 2545.58 MB Total Pagefile: 2775.16 MB Available Pagefile: 2626.31 MB Total Virtual: 2047.88 MB Available Virtual: 1975.51 MB ==================== Partitions ============================= 1 Drive c: (HP) (Fixed) (Total:289.16 GB) (Free:124.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (Recovery) (Fixed) (Total:8.92 GB) (Free:0.72 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive e: (HP_PAVILION) (Fixed) (Total:298.09 GB) (Free:68.65 GB) NTFS 5 Drive g: (KINGSTON) (Removable) (Total:14.53 GB) (Free:14.43 GB) FAT32 10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 298 GB 1528 KB Disk 1 Online 298 GB 1528 KB Disk 2 Online 15 GB 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 No Media 0 B 0 B Partitions of Disk 0: =============== ACTIVE - Mark the selected basic partition as active. ADD - Add a mirror to a simple volume. ASSIGN - Assign a drive letter or mount point to the selected volume. ATTRIBUTES - Manipulate volume attributes. AUTOMOUNT - Enable and disable automatic mounting of basic volumes. BREAK - Break a mirror set. CLEAN - Clear the configuration information, or all information, off the disk. CONVERT - Convert between different disk formats. CREATE - Create a volume or partition. DELETE - Delete an object. DETAIL - Provide details about an object. EXIT - Exit DiskPart. EXTEND - Extend a volume. FILESYSTEMS - Display current and supported file systems on the volume. FORMAT - Format the volume or partition. GPT - Assign attributes to the selected GPT partition. HELP - Display a list of commands. IMPORT - Import a disk group. INACTIVE - Mark the selected basic partition as inactive. LIST - Display a list of objects. ONLINE - Online a disk that is currently marked as offline. REM - Does nothing. This is used to comment scripts. REMOVE - Remove a drive letter or mount point assignment. REPAIR - Repair a RAID-5 volume with a failed member. RESCAN - Rescan the computer looking for disks and volumes. RETAIN - Place a retained partition under a simple volume. SELECT - Shift the focus to an object. SETID - Change the partition type. SHRINK - Reduce the size of the selected volume. ========================================================= Partitions of Disk 1: =============== ACTIVE - Mark the selected basic partition as active. ADD - Add a mirror to a simple volume. ASSIGN - Assign a drive letter or mount point to the selected volume. ATTRIBUTES - Manipulate volume attributes. AUTOMOUNT - Enable and disable automatic mounting of basic volumes. BREAK - Break a mirror set. CLEAN - Clear the configuration information, or all information, off the disk. CONVERT - Convert between different disk formats. CREATE - Create a volume or partition. DELETE - Delete an object. DETAIL - Provide details about an object. EXIT - Exit DiskPart. EXTEND - Extend a volume. FILESYSTEMS - Display current and supported file systems on the volume. FORMAT - Format the volume or partition. GPT - Assign attributes to the selected GPT partition. HELP - Display a list of commands. IMPORT - Import a disk group. INACTIVE - Mark the selected basic partition as inactive. LIST - Display a list of objects. ONLINE - Online a disk that is currently marked as offline. REM - Does nothing. This is used to comment scripts. REMOVE - Remove a drive letter or mount point assignment. REPAIR - Repair a RAID-5 volume with a failed member. RESCAN - Rescan the computer looking for disks and volumes. RETAIN - Place a retained partition under a simple volume. SELECT - Shift the focus to an object. SETID - Change the partition type. SHRINK - Reduce the size of the selected volume. ========================================================= Partitions of Disk 2: =============== ACTIVE - Mark the selected basic partition as active. ADD - Add a mirror to a simple volume. ASSIGN - Assign a drive letter or mount point to the selected volume. ATTRIBUTES - Manipulate volume attributes. AUTOMOUNT - Enable and disable automatic mounting of basic volumes. BREAK - Break a mirror set. CLEAN - Clear the configuration information, or all information, off the disk. CONVERT - Convert between different disk formats. CREATE - Create a volume or partition. DELETE - Delete an object. DETAIL - Provide details about an object. EXIT - Exit DiskPart. EXTEND - Extend a volume. FILESYSTEMS - Display current and supported file systems on the volume. FORMAT - Format the volume or partition. GPT - Assign attributes to the selected GPT partition. HELP - Display a list of commands. IMPORT - Import a disk group. INACTIVE - Mark the selected basic partition as inactive. LIST - Display a list of objects. ONLINE - Online a disk that is currently marked as offline. REM - Does nothing. This is used to comment scripts. REMOVE - Remove a drive letter or mount point assignment. REPAIR - Repair a RAID-5 volume with a failed member. RESCAN - Rescan the computer looking for disks and volumes. RETAIN - Place a retained partition under a simple volume. SELECT - Shift the focus to an object. SETID - Change the partition type. SHRINK - Reduce the size of the selected volume. ========================================================= Last Boot: 2013-02-03 03:35 ==================== End Of Log ============================ Farbar Recovery Scan Tool (x86) Version: 02-02-2013 02 Ran by SYSTEM at 2013-02-03 15:50:31 Running from G:\ ================== Search: "services.exe" ===================
  9. stillsleepin
    OTL logfile created on: 1/29/2013 8:15:58 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 84.32% Memory free 8.90 Gb Paging File | 8.66 Gb Available in Paging File | 97.35% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070E:\pagef [binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 289.16 Gb Total Space | 125.08 Gb Free Space | 43.26% Space Free | Partition Type: NTFS Drive D: | 8.92 Gb Total Space | 0.81 Gb Free Space | 9.12% Space Free | Partition Type: NTFS Drive E: | 298.09 Gb Total Space | 68.65 Gb Free Space | 23.03% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe () SRV - (FlipShareServer) -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe () SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (ABBYY.Licensing.FineReader.ScreenshotReader.9.0) -- C:\Program Files\ABBYY Screenshot Reader\NetworkLicenseServer.exe (ABBYY) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Remote UI Service) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel® Corporation) SRV - (MCLServiceATL) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel® Corporation) SRV - (ISSM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel® Corporation) SRV - (AlertService) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel® Corporation) SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe () SRV - (M1 Server) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe () SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe (Intel® Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- File not found DRV - (NwlnkFlt) -- File not found DRV - (IpInIp) -- File not found DRV - (TrueSight) -- C:\Windows\System32\drivers\TrueSight.sys () DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (RsFx0105) -- C:\Windows\System32\drivers\RsFx0105.sys (Microsoft Corporation) DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (hcw18bda) -- C:\Windows\System32\drivers\hcw18bda.sys (Hauppauge Computer Works, Inc) DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (SSKBFD) -- C:\Windows\System32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com)) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (MCSTRM) -- C:\Windows\System32\drivers\mcstrm.sys (RealNetworks, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9C78CC89-4D44-467E-9FED-43E4F41598BD}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt IE - HKLM\..\SearchScopes\{AD7F031B-1E37-4441-B0B7-2D53C0F148FA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKLM\..\SearchScopes\{BA03F9B3-E0AA-409B-9357-5AA0C124EEC8}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ig?hl=enhtt [binary data over 200 bytes] IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{02BF8049-74E2-469F-9F5D-C0361F912E27}: "URL" = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms} IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{27A57C1C-EE9B-81EC-BDC1-8EA138781FE4}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z014&form=ZGAIDF IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{9C78CC89-4D44-467E-9FED-43E4F41598BD}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{AD7F031B-1E37-4441-B0B7-2D53C0F148FA}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..\SearchScopes\{BA03F9B3-E0AA-409B-9357-5AA0C124EEC8}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7 IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3115292585-132024008-615525151-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20121252,6902,0,63,0" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,205,0_0,StartPage,20121252,16900,0,63,0" FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10 FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.664 FF - prefs.js..extensions.enabledAddons: support%40ancestry.com:1.0.0.1 FF - prefs.js..extensions.enabledAddons: taahenxxmj%40taahenxxmj.org:2.5 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121012015120 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2 FF - prefs.js..extensions.enabledItems: amznUWL2@amazon.com:1.4 FF - prefs.js..extensions.enabledItems: plugin2@gameplaylabs.com:2.0 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=w3i&type=W3i_DS,157,0_0,Search,20121252,6902,0,63,0&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/04 22:22:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012/12/11 06:16:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/08 07:46:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/08 07:46:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{57E72829-C158-4341-BBED-58F0AD1740FD}: C:\Program Files\Google\Google Photos Screensaver\FF_ext [2007/08/14 05:40:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/08 07:46:25 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/08 07:46:18 | 000,000,000 | ---D | M] [2010/02/20 11:42:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions [2013/01/29 16:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions [2012/12/27 10:44:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/07/11 19:57:50 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions\LogMeInClient@logmein.com [2011/04/04 22:22:33 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions\support@ancestry.com [2012/09/19 21:12:26 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions\amznUWL2@amazon.com.xpi [2008/01/18 23:49:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions\taahenxxmj@taahenxxmj.org.xpi [2010/12/05 04:18:21 | 000,001,919 | -H-- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\searchplugins\bing-zugo.xml [2012/12/08 07:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YMH3S2LZ.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM.XPI [2009/07/04 21:33:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012/12/08 07:46:24 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/09/09 21:51:05 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/14 11:47:33 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Entanglement = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1\ CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ O1 HOSTS File: ([2011/08/01 19:28:26 | 000,000,791 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.goodhockey.com O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe () O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) F3 - HKU\S-1-5-21-3115292585-132024008-615525151-1001 WinNT: Load - (C:\Users\Owner\LOCALS~1\Temp\msezucw.com) - File not found O7 - HKU\S-1-5-21-3115292585-132024008-615525151-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-3115292585-132024008-615525151-1001\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} http://mvod.web.aol.com/mce/new/ServiceMgr.CAB (ZtServiceManager Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://eserver.solcominc.com/dwa7W.cab (Domino Web Access 7 Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2350491D-60ED-45BD-9443-8EF8116A8580}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\awave.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awave.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/05/24 18:27:07 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3bcdd59e-3f9e-11dc-83fd-001bfc5237f9}\Shell\AutoRun\command - "" = K:\mri.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/01/29 20:13:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2013/01/29 17:05:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine [2013/01/27 20:50:17 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/01/27 12:19:25 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com [2013/01/27 12:08:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Put back on desktop before running contents [2013/01/09 13:05:33 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/01/09 13:05:03 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll ========== Files - Modified Within 30 Days ========== [2013/01/29 20:13:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2013/01/29 17:09:41 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys [2013/01/29 17:04:12 | 000,768,512 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller.exe [2013/01/29 16:54:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/29 16:50:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/29 16:50:25 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\spmonitor.job [2013/01/29 16:50:25 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job [2013/01/29 16:50:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/29 16:50:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/29 16:46:43 | 000,580,235 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe [2013/01/29 16:12:04 | 000,881,914 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe [2013/01/27 21:01:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/27 20:50:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/01/27 12:19:25 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com [2013/01/26 21:39:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/26 19:02:32 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job [2013/01/26 13:55:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013/01/19 04:06:58 | 000,001,997 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/13 08:19:00 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job [2013/01/10 03:36:20 | 000,762,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/01/10 03:36:20 | 000,166,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/01/10 03:29:23 | 000,355,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/01/09 01:01:14 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/01/09 01:01:14 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013/01/29 17:05:43 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys [2013/01/29 17:04:12 | 000,768,512 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller.exe [2013/01/29 16:46:43 | 000,580,235 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe [2013/01/29 16:12:04 | 000,881,914 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe [2012/12/22 08:29:53 | 000,000,055 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mbam.context.scan [2012/12/22 08:08:19 | 000,019,240 | -HS- | C] () -- C:\Users\Owner\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2012/12/22 08:08:19 | 000,019,240 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2012/12/16 10:41:46 | 000,751,078 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\1.bmp [2012/12/16 10:41:34 | 000,018,252 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\sound.mp3 [2012/12/16 10:41:28 | 000,114,890 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\1.jpg [2012/08/30 05:22:34 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe [2011/04/04 21:45:32 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~40492808r [2011/04/04 21:45:32 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~40492808 [2011/04/04 21:45:28 | 000,000,336 | -H-- | C] () -- C:\ProgramData\40492808 [2011/02/26 20:26:10 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2011/02/21 20:37:57 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe [2007/08/17 23:02:02 | 000,015,360 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2012/07/02 20:42:51 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\{79b005e2-7326-8a47-eca5-cdb3a313f029}\L [2012/07/07 11:01:39 | 000,000,000 | -HSD | M] -- C:\Users\Owner\AppData\Local\{79b005e2-7326-8a47-eca5-cdb3a313f029}\U [2012/07/03 01:58:02 | 000,000,804 | ---- | M] () -- C:\Users\Owner\AppData\Local\{79b005e2-7326-8a47-eca5-cdb3a313f029}\L\00000004.@ [2012/08/28 20:59:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$79b005e273268a47eca5cdb3a313f029\L [2012/08/28 20:59:38 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$79b005e273268a47eca5cdb3a313f029\U [2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >
  10. stillsleepin
    Hello, I have checkup.txt and the AdwCleaner[s1].txt below, but when I run RogueKiller from the desktop (as administrator) in safe mode, I get a message box that says "RogueKiller.exe has stopped working A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." When I click on properties, both file version and program version are 8.4.3.0. Results of screen317's Security Check version 0.99.57 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Trend Micro Titanium Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.1 Java 6 Update 31 Java 7 Update 5 Java 6 Update 2 Java 6 Update 3 Java 6 Update 7 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 8 Adobe Reader out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 17.0.1 Firefox out of Date! Google Chrome 24.0.1312.52 Google Chrome 24.0.1312.56 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log`````````````````````` # AdwCleaner v2.109 - Logfile created 01/29/2013 at 16:48:20 # Updated 26/01/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Owner - OWNER-PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Owner\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : DefaultTabSearch Stopped & Deleted : DefaultTabUpdate ***** [Files / Folders] ***** File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\extensions\addon@defaulttab.com.xpi File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\searchplugins\search-here.xml Folder Deleted : C:\Program Files\Ask.com Folder Deleted : C:\Program Files\DefaultTab Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Folder Deleted : C:\Users\Owner\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Owner\AppData\Roaming\DefaultTab Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Deleted : HKCU\Software\61e2e24fb6013e6b Key Deleted : HKCU\Software\APN Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab Key Deleted : HKCU\Software\Ask.com Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\DefaultTab Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Zugo Key Deleted : HKLM\Software\APN Key Deleted : HKLM\Software\AskToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\Software\DefaultTab Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\prefs.js C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ymh3s2lz.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.order.2", "Ask.com"); Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.bing.com/search?pc=Z014&form=ZGAAD[...] Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.bing.com", "1300512336"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.ebay.", "1297132777"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.google.", "1295317603"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.hrblock.com,.taxact.com,.taxactonline.com,tur[...] Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.msn.com", "1296521241"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.myspace.com", "1297132777"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.yahoo.com", "1296521241"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_.youtube.com", "1296521241"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_/", "1291544347"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_amazon.com,www.ebay.,livingsocial.com,groupon.[...] Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_dealsplugin.com", "1292548576"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_dealsplugin.com/", "1296176290"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_facebook.com", "1291544347"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_h", "1300936370"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_hxxp", "1295317603"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_hxxp://www.facebook.com/plugins/like.php?href=[...] Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_iqquizgame.com", "1295086173"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_iqquizgame.com/", "1296176290"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_mail.aol.com", "1297399537"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_play-ga.me", "1295317603"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_play-ga.me/", "1296176290"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_revealmycrush.com", "1291943485"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_revealmycrush.com/", "1296176290"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_unlock-this.com", "1295086173"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1296003925"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_unlock-this.com/plugin", "1295575011"); Deleted : user_pref("extensions.crushcalc@gameplaylabs.com.rule_www.google.", "1294375232"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1300937578"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_.bing.com", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_.ebay.", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_.google.", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_.hrblock.com,.taxact.com,.taxactonline.com,turbo[...] Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_.msn.com", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_.myspace.com", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_.yahoo.com", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_.youtube.com", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_dealsplugin.com/", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_facebook.com", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_h", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_hxxp", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_iqquizgame.com/", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_mail.aol.com", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_play-ga.me/", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_revealmycrush.com/", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_theclickcheck.com", "1301008702"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1300937632"); Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/plugin", "1300937632"); -\\ Google Chrome v24.0.1312.56 File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [12427 octets] - [29/01/2013 16:48:20] ########## EOF - C:\AdwCleaner[s1].txt - [12488 octets] ##########
  11. stillsleepin
    I'm sorry for the delay. Now my keyboard does not seem to want to work on the infected pc and that is preventing me from getting into safe mode. In normal mode, my pc locks up after a minute or two, so I need safe mode to get anything done. I tried rebooting (several times) and I replaced the batteries with fresh ones, but it still isn't working. Tomorrow I will buy a cheap keyboard that I can plug in and attempt to get back to safe mode with networking and then download and run the programs.
  12. stillsleepin
    Hello, I am infected with TrojanRansom and PUM.UserWLoad. Malwarebytes detects them but it does not seem to remove them. I've run Malwarebytes, selected to remove them, rebooted, run Malwarebytes again without doing anything else and they are detected again. I greatly appreciate any help you can give me. attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.