Jump to content

Dell1737

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Dell1737
    deltalima, Thank so much for your help! before I found Malwarebytes I was just using the antivirus Scanners, as it turns out, the "Jennycam.us" virus was buried to deep for them to work, now I know these viruses can be removed without reformatting the whole HD and reinstalling everything like I used to do.... again thanks for everything, seems like alot of work! I noticed the other Experts have paypal in there signatures, do you have a paypal email? Rich
  2. Dell1737
    Hi deltalima, All processes killed ========== COMMANDS ========== Restore point Set: OTL Restore Point ========== PROCESSES ========== ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0\ deleted successfully. File C:\Program Files\Free Ride Games\npExentCtl.dll not found. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. ========== FILES ========== C:\Program Files\mozilla firefox\searchplugins\babylon.xml moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 5452 bytes ->Temporary Internet Files folder emptied: 1000405 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 74616953 bytes ->Flash cache emptied: 41 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: fbwuser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: User2 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 7400 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 72.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05092013_111431 Files\Folders moved on Reboot... C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  3. Dell1737
    OTL.Txt Hi deltalima, looks like "Jennycam.us" is gone! it's great being able to access all Web Sites again and videos that weren't playing before are playing now, do you think theres still more malware on my comp? SystemLook 04.09.10 by jpshortstuff Log created at 03:04 on 09/05/2013 by Administrator Administrator - Elevation successful ========== regfind ========== Searching for "Jennycam.us" No data found. -= EOF =- Attached OTL.txt "Too Long"
  4. Dell1737
    TDSSKiller Report.txt heres the Results from TDSSKiller, it found 3 "suspicious" files, Realtek is for my WIFI adapter that I use 24/7 so I hope we don't have to delete that one had to attach the the Report "post too long" message
  5. Dell1737
    actually, since the "Jennycam.us" virus I've been getting a error box "Invalid Database File" that just pops up once in a while? and it just poped up a few minutes ago so I"ll run the TDSSKiller in case there is more malware
  6. Dell1737
    ok.... I ran OTL with your code and now I can goto any site without being redirected to the "Jennycam.us" page! you really know your stuff, the computer is working great... should I still run TDSSKiller to look for more <Malware> or skip? All processes killed ========== COMMANDS ========== Restore point Set: OTL Restore Point ========== PROCESSES ========== ========== OTL ========== Use Chrome's Settings page to remove the default_search_provider items. File C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kochbcmingebnmbcpbbpfpmipakoipge\4.2.0.8207_0 not found. C:\Program Files\Free Ride Games\npExentCtl.dll moved successfully. File C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.0.10_0\plugins/npDefaultTabSearch.dll not found. Service WinRing0_1_2_0 stopped successfully! Service WinRing0_1_2_0 deleted successfully! File C:\Users\Administrator\AppData\Local\Temp\tmp2B05.tmp File not found not found. Service drkokjnr stopped successfully! Service drkokjnr deleted successfully! File C:\Windows\system32\drivers\drkokjnr.sys File not found not found. Service hqgqtnxa stopped successfully! Service hqgqtnxa deleted successfully! File C:\Windows\system32\drivers\hqgqtnxa.sys File not found not found. Service jnldlrae stopped successfully! Service jnldlrae deleted successfully! File C:\Windows\system32\drivers\jnldlrae.sys File not found not found. Service mvsjswsw stopped successfully! Service mvsjswsw deleted successfully! File C:\Windows\system32\drivers\mvsjswsw.sys File not found not found. Service ocgzvzwg stopped successfully! Service ocgzvzwg deleted successfully! File C:\Windows\system32\drivers\ocgzvzwg.sys File not found not found. Service rswouoic stopped successfully! Service rswouoic deleted successfully! File C:\Windows\system32\drivers\rswouoic.sys File not found not found. Service sfdwpfse stopped successfully! Service sfdwpfse deleted successfully! File C:\Windows\system32\drivers\sfdwpfse.sys File not found not found. Service snozyqra stopped successfully! Service snozyqra deleted successfully! File C:\Windows\system32\drivers\snozyqra.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully. C:\Program Files\Hotspot Shield\HssIE\HssIE.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll deleted successfully. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully. C:\Program Files\Free Ride Games\GPlayer.exe moved successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found. File C:\Program Files\Free Ride Games\GPlayer.exe not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully. File C:\Program Files\Free Ride Games\GPlayer.exe not found. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully. File C:\Program Files\Free Ride Games\GPlayer.exe not found. Service DefaultTabSearch stopped successfully! Service DefaultTabSearch deleted successfully! File C:\Program Files\DefaultTab\DefaultTabSearch.exe File not found not found. Service DefaultTabUpdate stopped successfully! Service DefaultTabUpdate deleted successfully! File C:\Users\Stem\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe File not found not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== Folder C:\Program Files\AOL\DataMask by AOL not found. C:\ProgramData\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully. C:\ProgramData\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully. C:\ProgramData\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully. C:\ProgramData\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully. C:\ProgramData\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully. C:\ProgramData\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully. C:\ProgramData\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully. C:\ProgramData\Viewpoint\Viewpoint Experience Technology folder moved successfully. C:\ProgramData\Viewpoint folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 88207665 bytes ->Temporary Internet Files folder emptied: 116979000 bytes ->Java cache emptied: 374011 bytes ->FireFox cache emptied: 19693123 bytes ->Google Chrome cache emptied: 388157508 bytes ->Flash cache emptied: 798 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: fbwuser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 128 bytes ->Flash cache emptied: 56466 bytes User: Public User: User2 ->Temp folder emptied: 306321 bytes ->Temporary Internet Files folder emptied: 785136 bytes ->Google Chrome cache emptied: 64038391 bytes ->Flash cache emptied: 56466 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 377816365 bytes RecycleBin emptied: 128537 bytes Total Files Cleaned = 1,008.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: fbwuser ->Flash cache emptied: 0 bytes User: Public User: User2 ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: Administrator ->Java cache emptied: 0 bytes User: All Users User: Default User: Default User User: fbwuser User: Public User: User2 Total Java Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 05092013_003953 Files\Folders moved on Reboot... C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  7. Dell1737
    I ran GMER again with "ADS" checked and got a little more data, I unchecked it the first time because it shut down Windows unexpectedly, ran no problem the second time running with "ADS" checked... hope this helps Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-75ZCT2 rev.11.01A11 298.09GB Running: p4gewi0o.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldipow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E47A09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E811F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93A2A000, 0x2D5378, 0xE8000020] ? C:\Users\Administrator\AppData\Local\Temp\tmp9F2B.tmp The system cannot find the file specified. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4064] kernel32.dll!SetUnhandledExceptionFilter 7742F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs X6XSEx.Sys ---- Threads - GMER 2.1 ---- Thread System [4:4412] 9E4F2F2E ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721f66ee Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721f66ee (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 1376 ---- EOF - GMER 2.1 ----
  8. Dell1737
    Heres the results of GMER: thanks again for your help GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-08 18:01:43 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-75ZCT2 rev.11.01A11 298.09GB Running: p4gewi0o.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldipow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E47A09 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E811F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93A2A000, 0x2D5378, 0xE8000020] ? C:\Users\Administrator\AppData\Local\Temp\tmp9F2B.tmp The system cannot find the file specified. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4064] kernel32.dll!SetUnhandledExceptionFilter 7742F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs X6XSEx.Sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721f66ee Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721f66ee (not active ControlSet) ---- EOF - GMER 2.1 ----
  9. Dell1737
    ok. removed the programs you specified, don't know why there still showing up in a few places? Ran OTL and I'll post those results now... going to run GMER and be back with results in a few, OTL logfile created on: 5/8/2013 2:32:17 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.59% Memory free 5.99 Gb Paging File | 4.40 Gb Available in Paging File | 73.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297.99 Gb Total Space | 238.32 Gb Free Space | 79.98% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.) PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.) PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe () PRC - C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\AOL Desktop 9.7\waol.exe (AOL Inc.) PRC - C:\Program Files\AOL Desktop 9.7\shellmon.exe (AOL Inc.) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Users\Administrator\Desktop\PCMeter\PCMeterV0.3.exe (AddGadgets) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\AOL\1367732423\ee\aolsoftware.exe (AOL Inc.) PRC - C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC) ========== Modules (No Company Name) ========== MOD - C:\Program Files\AOL Desktop 9.7\zlib.dll () MOD - C:\Program Files\AOL Desktop 9.7\libcef.dll () MOD - C:\Program Files\AOL Desktop 9.7\libGLESv2.dll () MOD - C:\Program Files\AOL Desktop 9.7\libEGL.dll () MOD - C:\Program Files\AOL Desktop 9.7\avcodec-54.dll () MOD - C:\Program Files\AOL Desktop 9.7\avformat-54.dll () MOD - C:\Program Files\AOL Desktop 9.7\avutil-51.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MCESidebarCtrl\04963ea62d2cf90bfc1225bf11f11e59\MCESidebarCtrl.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehshell\8b774924750abed3185570922871989a\ehshell.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\e26eca09671bb3080b96ef36cc2e11ba\Microsoft.MediaCenter.Sports.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7c6a11cf74acbfe5c8c8d654c7cadf45\Microsoft.MediaCenter.Shell.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\b8e516ed0f2c0bee78580ac0a758d7b3\mcstoredb.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\744604b4a3bb3625de9541f0f81a3893\mcstore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mcepg\1355556186a0cfcef21dadab36b38355\mcepg.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\840830c6a4fd76901574202fa9e7c9ef\Microsoft.MediaCenter.UI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\a0715e7b679c7dd85fa64ab9e7b7ead0\Microsoft.MediaCenter.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\454ecc5a1795270b2dbe55bfe3dd87be\ehiProxy.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\1ea01658676f73cf48ebde8e904a0464\System.Configuration.Install.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.6.gadget\SystemInfo.dll () MOD - C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.6.gadget\GetCoreTempInfoNET.dll () MOD - C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.6.gadget\CoreTempReader.dll () MOD - C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll () MOD - C:\Program Files\SetPoint\khalwrapper.dll () ========== Services (SafeList) ========== SRV - (DefaultTabUpdate) -- C:\Users\Stem\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe File not found SRV - (DefaultTabSearch) -- C:\Program Files\DefaultTab\DefaultTabSearch.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (hshld) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.) SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe () SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (Realtek87B) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC) ========== Driver Services (SafeList) ========== DRV - (WinRing0_1_2_0) -- C:\Users\Administrator\AppData\Local\Temp\tmp2B05.tmp File not found DRV - (snozyqra) -- C:\Windows\system32\drivers\snozyqra.sys File not found DRV - (sfdwpfse) -- C:\Windows\system32\drivers\sfdwpfse.sys File not found DRV - (rswouoic) -- C:\Windows\system32\drivers\rswouoic.sys File not found DRV - (ocgzvzwg) -- C:\Windows\system32\drivers\ocgzvzwg.sys File not found DRV - (mvsjswsw) -- C:\Windows\system32\drivers\mvsjswsw.sys File not found DRV - (jnldlrae) -- C:\Windows\system32\drivers\jnldlrae.sys File not found DRV - (hqgqtnxa) -- C:\Windows\system32\drivers\hqgqtnxa.sys File not found DRV - (drkokjnr) -- C:\Windows\system32\drivers\drkokjnr.sys File not found DRV - (ATMFVsp) -- system32\DRIVERS\ATMFVsp.sys File not found DRV - (ATMFNVsp) -- system32\DRIVERS\ATMFNVsp.sys File not found DRV - (ATMFNET) -- system32\DRIVERS\ATMFNET.sys File not found DRV - (ATMFMdm) -- system32\DRIVERS\ATMFMdm.sys File not found DRV - (ATMFFLT) -- system32\DRIVERS\ATMFFLT.sys File not found DRV - (ATMFCVsp) -- system32\DRIVERS\ATMFCVsp.sys File not found DRV - (ATMFBUS) -- system32\DRIVERS\ATMFBUS.sys File not found DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.) DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (TsLwWfF) -- C:\Windows\System32\drivers\TsLwWfF.sys (TamoSoft) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation) DRV - (X6XSEx) -- C:\Program Files\Free Ride Games\X6XSEx.sys (Exent Technologies Ltd.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdserd) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI Corporation) DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (RTL8187) -- C:\Windows\System32\drivers\rtl8187.sys (Realtek Semiconductor Corporation ) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (wanatw) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=590&systemid=1&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS480 IE - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: sss%40sentrybay.com:5.6.0.8207 FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: afurladvisor%40anchorfree.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/25 10:53:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/25 10:53:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/25 12:17:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/27 06:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2013/03/23 07:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\extensions [2013/03/25 08:46:31 | 000,000,000 | ---D | M] (Hotspot Shield) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} [2013/04/25 12:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/05/03 18:44:44 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com File not found (No name found) -- C:\PROGRAM FILES\AOL\DATAMASK BY AOL\FFEXT [2013/04/25 10:53:36 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013/04/25 12:17:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/01/17 09:59:39 | 000,002,362 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013/04/25 12:17:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/04/25 12:17:23 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Conduit (Enabled) CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN15291429738283060&ctid=CT3282134&sspv=SB_CHWSP04 CHR - default_search_provider: suggest_url = CHR - homepage: http://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.0.10_0\plugins/npDefaultTabSearch.dll CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - Extension: TinEye Reverse Image Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\ CHR - Extension: RealDownloader = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\ CHR - Extension: Wikipedia\u2122 search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc\1.1_0\ CHR - Extension: Image Search Options = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl\0.0.7_0\ CHR - Extension: DataMask by AOL = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kochbcmingebnmbcpbbpfpmipakoipge\4.2.0.8207_0\ O1 HOSTS File: ([2013/04/22 21:46:52 | 000,009,475 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 184.22.81.15 www.imeetzu.com O1 - Hosts: 184.22.81.15 imeetzu.com O1 - Hosts: 184.22.81.15 www.omegle.com O1 - Hosts: 184.22.81.15 omegle.com O1 - Hosts: 184.22.81.15 www.runescape.com O1 - Hosts: 184.22.81.15 runescape.com O1 - Hosts: 184.22.81.15 google.com O1 - Hosts: 184.22.81.15 www.google.ae O1 - Hosts: 184.22.81.15 www.google.com.af O1 - Hosts: 184.22.81.15 www.google.com.ag O1 - Hosts: 184.22.81.15 www.google.off.ai O1 - Hosts: 184.22.81.15 www.google.am O1 - Hosts: 184.22.81.15 www.google.com.ar O1 - Hosts: 184.22.81.15 www.google.as O1 - Hosts: 184.22.81.15 www.google.at O1 - Hosts: 184.22.81.15 www.google.com.au O1 - Hosts: 184.22.81.15 www.google.az O1 - Hosts: 184.22.81.15 www.google.ba O1 - Hosts: 184.22.81.15 www.google.com.bd O1 - Hosts: 184.22.81.15 www.google.be O1 - Hosts: 184.22.81.15 www.google.bg O1 - Hosts: 184.22.81.15 www.google.com.bh O1 - Hosts: 184.22.81.15 www.google.bi O1 - Hosts: 184.22.81.15 www.google.com.bo O1 - Hosts: 184.22.81.15 www.google.com.br O1 - Hosts: 323 more lines... O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stem\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1367732423\ee\aolsoftware.exe (AOL Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [starter] C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.) O4 - HKU\S-1-5-21-3002901495-3278968862-1281311716-500..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-3002901495-3278968862-1281311716-500..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.7\AOL.EXE (AOL Inc.) O4 - HKU\S-1-5-21-3002901495-3278968862-1281311716-500..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O15 - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{036BEE32-ADF8-4545-A30B-1F58E63E0FE2}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CE62BF1-B672-4A6D-802E-4CB49D5343DA}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A5F0E29-CD98-4B27-B1B0-8491E9616787}: DhcpNameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A1DE32-301C-4595-BD15-84AD4E594649}: DhcpNameServer = 172.26.38.1 172.26.38.2 O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - C:\Windows\System32\RtlGina\RtlGina.dll (Realtek) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{228e0012-8c19-11e1-88e1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{228e0012-8c19-11e1-88e1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/08 14:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint [2013/05/08 14:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\MetaStream [2013/05/08 14:13:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2013/05/08 10:36:18 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.com [2013/05/07 13:00:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Themes [2013/05/07 03:42:45 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll [2013/05/07 03:16:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logitech [2013/05/07 03:14:41 | 000,170,512 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\kemutb.dll [2013/05/07 03:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SetPoint [2013/05/07 03:14:40 | 000,145,936 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemUtil.dll [2013/05/07 03:14:40 | 000,117,264 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemWnd.dll [2013/05/07 03:14:40 | 000,084,496 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemXML.dll [2013/05/07 03:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2013/05/07 03:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2013/05/07 03:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\SetPoint [2013/05/07 03:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Dell [2013/05/07 03:02:00 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys [2013/05/07 03:01:59 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll [2013/05/07 03:01:59 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\System32\snymsico.dll [2013/05/07 03:01:59 | 000,048,128 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys [2013/05/07 03:01:59 | 000,044,544 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys [2013/05/07 03:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom [2013/05/07 02:41:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Dell Updates [2013/05/07 00:16:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\PCMeter [2013/05/04 22:41:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AOL [2013/05/04 22:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia [2013/05/04 22:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL [2013/05/04 22:41:13 | 000,058,696 | ---- | C] (AOL Inc.) -- C:\Windows\System32\AOLParconLink.exe [2013/05/04 22:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint [2013/05/04 22:40:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AOL Downloads [2013/05/04 22:40:41 | 000,033,588 | ---- | C] (America Online, Inc.) -- C:\Windows\System32\drivers\wanatw4.sys [2013/05/04 22:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP [2013/05/04 22:40:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AOL [2013/05/04 22:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL [2013/05/04 22:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare [2013/05/04 22:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.7 [2013/05/04 22:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL [2013/05/04 22:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads [2013/05/03 18:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [2013/05/03 18:43:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hotspot Shield [2013/04/30 22:28:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com [2013/04/30 22:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013/04/30 22:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013/04/30 22:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/04/30 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2013/04/30 21:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/04/30 21:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/04/30 21:12:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/04/30 21:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/04/30 21:10:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Programs [2013/04/25 12:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/04/25 10:54:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RealNetworks [2013/04/25 10:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks [2013/04/25 10:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2013/04/25 10:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2013/04/25 10:53:12 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2013/04/25 10:53:04 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2013/04/25 10:53:04 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2013/04/25 10:53:03 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2013/04/25 10:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2013/04/25 10:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Real [2013/04/25 10:52:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Real [2013/04/25 10:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2013/04/25 08:28:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Oracle [2013/04/24 23:08:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Misc [2013/04/24 20:28:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013/04/24 20:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013/04/24 20:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/04/24 20:26:58 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/04/24 20:26:58 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/04/24 20:26:57 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/04/24 20:26:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/04/24 20:26:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/04/24 20:26:55 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/04/24 20:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013/04/24 20:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013/04/24 12:25:44 | 000,037,064 | ---- | C] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys [2013/04/24 12:12:34 | 000,040,648 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys [2013/04/23 12:14:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\aircrack-ng-1.1-win [2013/04/22 21:43:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinZip [2013/04/22 20:17:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\oclHashcat-plus-0.14 [2013/04/22 14:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TamoSoft [2013/04/22 14:53:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\CommView for WiFi [2013/04/22 14:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CommView for WiFi [2013/04/22 14:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi [2013/04/22 14:45:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\crack-wi-fi-passwords-for-beginners [2013/04/22 14:04:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\WinZip [2013/04/22 14:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2013/04/22 14:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2013/04/22 14:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2013/04/22 13:27:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SentryBay [2013/04/22 13:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\AOL [2013/04/22 13:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SentryBay [2013/04/22 12:29:19 | 012,143,656 | ---- | C] (White Sky, Inc.) -- C:\Users\Administrator\Desktop\aolonepoint.exe [2013/04/22 12:01:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\SentryBay [2013/04/22 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\SentryBay [2013/04/21 18:35:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013/04/18 11:04:50 | 000,163,840 | ---- | C] (America Online) -- C:\Windows\System32\jgdw400.dll [2013/04/18 11:04:50 | 000,027,648 | ---- | C] (Johnson-Grace Company) -- C:\Windows\System32\jgpl400.dll [2013/04/14 11:17:17 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/04/14 11:17:15 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/04/14 11:17:14 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/04/14 11:17:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/04/14 11:17:14 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/04/14 11:17:13 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/04/14 11:17:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013/04/14 11:17:13 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/04/14 11:17:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/04/14 11:17:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/04/12 13:39:18 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/04/12 13:39:14 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/04/12 13:39:14 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/04/12 13:39:13 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll ========== Files - Modified Within 30 Days ========== [2013/05/08 14:31:22 | 000,014,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/08 14:31:22 | 000,014,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/08 14:29:42 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/05/08 14:29:42 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/05/08 14:26:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/08 14:25:32 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/08 14:25:29 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job [2013/05/08 14:24:11 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013/05/08 14:23:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/08 14:23:55 | 2411,900,928 | -HS- | M] () -- C:\hiberfil.sys [2013/05/08 14:14:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3002901495-3278968862-1281311716-1000UA.job [2013/05/08 14:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/08 14:13:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2013/05/08 14:08:55 | 000,377,856 | ---- | M] () -- C:\Users\Administrator\Desktop\p4gewi0o.exe [2013/05/08 10:43:09 | 000,816,128 | ---- | M] () -- C:\Users\Administrator\Desktop\RogueKiller.exe [2013/05/08 10:36:23 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.com [2013/05/08 00:51:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2013/05/08 00:51:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2013/05/07 03:15:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf [2013/05/07 03:15:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf [2013/05/07 03:14:41 | 000,001,849 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk [2013/05/07 03:10:02 | 000,002,020 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk [2013/05/07 02:45:18 | 000,000,368 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Digital Clock_Settings.ini [2013/05/07 02:13:52 | 000,000,578 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\All CPU MeterV3_Settings.ini [2013/05/07 00:53:31 | 000,000,263 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Battery Meter_Settings.ini [2013/05/07 00:14:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3002901495-3278968862-1281311716-1000Core.job [2013/05/04 22:41:27 | 000,001,103 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk [2013/05/04 22:41:26 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk [2013/05/04 22:30:56 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Windows\System32\AOLParconLink.exe [2013/05/04 22:28:32 | 000,000,335 | ---- | M] () -- C:\Windows\nsreg.dat [2013/05/04 21:46:55 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/05/04 21:46:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/05/03 18:48:53 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2013/05/02 08:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013/04/30 22:28:51 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/04/30 21:12:32 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/25 10:53:45 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013/04/25 10:53:12 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2013/04/25 10:53:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2013/04/25 10:53:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2013/04/25 10:53:03 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2013/04/24 20:26:48 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/04/24 20:26:44 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/04/24 20:26:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/04/24 20:26:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/04/24 20:26:42 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013/04/24 20:26:42 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/04/24 12:25:44 | 000,037,064 | ---- | M] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys [2013/04/24 12:12:34 | 000,040,648 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys [2013/04/24 00:32:22 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2013/04/22 22:41:40 | 002,245,758 | ---- | M] () -- C:\Users\Administrator\Documents\Easy WIFI Radar 1.0.5v Installer.exe [2013/04/22 21:46:52 | 000,009,475 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/04/22 21:41:17 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk [2013/04/22 13:25:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_epfilter_01009.Wdf [2013/04/22 12:29:50 | 012,143,656 | ---- | M] (White Sky, Inc.) -- C:\Users\Administrator\Desktop\aolonepoint.exe [2013/04/18 11:04:50 | 000,163,840 | ---- | M] (America Online) -- C:\Windows\System32\jgdw400.dll [2013/04/18 11:04:50 | 000,027,648 | ---- | M] (Johnson-Grace Company) -- C:\Windows\System32\jgpl400.dll [2013/04/14 11:20:20 | 000,268,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/05/08 14:08:55 | 000,377,856 | ---- | C] () -- C:\Users\Administrator\Desktop\p4gewi0o.exe [2013/05/08 10:42:58 | 000,816,128 | ---- | C] () -- C:\Users\Administrator\Desktop\RogueKiller.exe [2013/05/08 00:51:19 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2013/05/08 00:51:19 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2013/05/07 03:15:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf [2013/05/07 03:15:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf [2013/05/07 03:14:41 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk [2013/05/07 03:10:02 | 000,002,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk [2013/05/07 00:19:27 | 000,000,578 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\All CPU MeterV3_Settings.ini [2013/05/07 00:08:37 | 000,000,368 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Digital Clock_Settings.ini [2013/05/06 17:32:31 | 000,000,263 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Battery Meter_Settings.ini [2013/05/04 22:41:27 | 000,001,103 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk [2013/05/04 22:41:26 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk [2013/05/04 22:28:32 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2013/05/03 18:48:53 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk [2013/04/30 22:28:51 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/04/30 21:12:32 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/25 10:53:45 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013/04/22 22:41:40 | 002,245,758 | ---- | C] () -- C:\Users\Administrator\Documents\Easy WIFI Radar 1.0.5v Installer.exe [2013/04/22 14:03:49 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk [2013/04/22 13:25:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_epfilter_01009.Wdf [2013/03/23 11:30:06 | 000,000,387 | ---- | C] () -- C:\Users\Administrator\advanced_ip_scanner_Favorites.bin [2013/03/23 08:08:52 | 000,000,124 | ---- | C] () -- C:\Users\Administrator\advanced_ip_scanner_MAC.bin [2013/03/15 19:04:30 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2013/03/15 06:33:04 | 000,007,598 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg [2012/05/20 22:04:23 | 000,003,160 | ---- | C] () -- C:\Windows\System32\MRT.INI [2012/04/28 06:42:21 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2012/04/23 13:39:38 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012/04/21 18:21:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} < End of report > NOW THE SECOND REPORT "EXTRAS" OTL Extras logfile created on: 5/8/2013 2:32:17 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.59% Memory free 5.99 Gb Paging File | 4.40 Gb Available in Paging File | 73.55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297.99 Gb Total Space | 238.32 Gb Free Space | 79.98% Space Free | Partition Type: NTFS Computer Name: HOME | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3002901495-3278968862-1281311716-500\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009B3F76-E2A6-4BBA-8ECE-3752C6064CE0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{091FD56E-60CD-4F5C-BDE8-03B40F77D8E2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{19D73310-D753-4469-A701-C8669C4642D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1F75ECD5-E86A-4289-BA05-56FDEB282D5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{21F96128-7ADC-4257-B485-AE65958D7329}" = rport=10243 | protocol=6 | dir=out | app=system | "{26162079-58D1-4A13-933B-680C4278B6E2}" = lport=139 | protocol=6 | dir=in | app=system | "{2F9F07A9-156D-46B7-9168-D630D0AA0E22}" = lport=445 | protocol=6 | dir=in | app=system | "{38EE3BF7-2FAF-44C7-85BD-1D01671240F4}" = lport=2869 | protocol=6 | dir=in | app=system | "{420B28EE-707F-4917-87FB-109C15C454EA}" = rport=138 | protocol=17 | dir=out | app=system | "{5B2F8C94-AD8C-4123-97E2-C32EEAE37080}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface | "{629A8E50-4ECD-44F9-8DAA-027E326D3E6D}" = rport=139 | protocol=6 | dir=out | app=system | "{62D34D07-23D9-4669-B13E-66907CA81333}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{63AEF0E9-100F-4299-BEF5-CB43030E62C4}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | "{66F64F82-6ABF-463E-8218-DA55EA23CCE2}" = lport=138 | protocol=17 | dir=in | app=system | "{71A0D943-8E81-48C7-A263-8592E59EFF47}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{7C53AED1-33FE-4BD3-8171-5BAC67A3D849}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{802FFF4B-65AA-4C3F-9777-FB2F697821D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{85BDA737-42DA-4529-B0A7-FDC71D45B466}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8B8F0508-D360-4884-A501-1A3978433437}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9E4BEF77-BDA5-4381-822A-D326E6FAD158}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A127FD4B-A0A8-47B2-A7E3-A3FA8ABC6A9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B1CEC84D-7791-48FD-B26A-F1FC3C403FF1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BAA27B76-F92A-40E0-8DF9-5434EEC66E07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C1F935D1-EAA5-4C8B-9BD6-7F4E1F13C7D7}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | "{C30B62DC-85D4-4F3F-8905-C0812DE71C44}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CADF3BCA-0E82-4BC4-957D-4CE41D4BC013}" = lport=10243 | protocol=6 | dir=in | app=system | "{CC90737B-DFF4-481F-A86F-DA9DA63ACAB0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{D0D40DCE-B676-4675-A7C0-FC8AF3776926}" = rport=445 | protocol=6 | dir=out | app=system | "{D368BD42-C569-47A4-AA86-30ADFA8946F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D93D1157-54F2-46BF-BC06-61FD10E97938}" = lport=137 | protocol=17 | dir=in | app=system | "{DC38B0BE-E231-414E-83FB-9416A926B621}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | "{E67F6B05-5276-4B55-9DD9-DC4F738DDFF9}" = rport=137 | protocol=17 | dir=out | app=system | "{EABFD2C9-99FE-414C-8730-736952382E76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EBF679C5-D679-4308-8982-F1E0C22D1C22}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EE770399-B3FA-4685-A0BF-8D8340EF2651}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F19EA5BB-2B50-450D-946D-5470E7EBEFAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1173D141-9E9D-4EF8-9610-C6AEAE838CAA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{239167BD-0F1E-4EE3-94F5-4D6555AA5FE8}" = protocol=17 | dir=in | app=c:\program files\itibiti soft phone\itibiti.exe | "{24D33C1A-59C6-4D31-BB0A-E7ED4F9162C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2744835C-42C6-4ACB-BDBE-AEFC5BE03AAC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{2E06CC47-96C3-46F3-BF41-5FF690B013CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{32C3F048-F216-4708-8E1C-D3E89E55C29F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{33E3EC46-B4CA-459D-961E-2405CAE79763}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{33E83602-B63B-4187-8867-233E1D2D2C71}" = protocol=6 | dir=in | app=c:\users\stem\appdata\local\google\google talk plugin\googletalkplugin.exe | "{361AFF01-8021-4DA1-B855-E1DA7BF0E49B}" = protocol=17 | dir=in | app=c:\program files\realtek\rtl8187 wireless lan utility\rtwlan.exe | "{38F2FB55-B7AD-462D-ACBD-424A1C10CE23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3D2F434F-336C-4F5B-8068-A7E2D2AAC591}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3E37D22A-E096-43B8-AE80-B7A9140E8E0E}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7\waol.exe | "{3FAA5DEC-D20F-4EBB-A862-3C323360AD3D}" = protocol=17 | dir=in | app=c:\users\stem\appdata\local\google\google talk plugin\googletalkplugin.exe | "{406C3798-4369-4BE8-A74E-65DA857F3BD8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{47F06259-F964-4E4E-8CFA-354708862380}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "{4898EFC3-19AE-4033-83E5-120CBDC47E1A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{4B313D4F-0483-409D-BB61-7E62912ACB58}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe | "{4CEEF212-3BE3-4898-83EA-5B8732E314A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{543A7D4F-B181-4AB1-AEC3-A1A7DAC838AB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{65B64F72-4DF9-4CAC-AAD9-66FD50CA99DA}" = protocol=17 | dir=in | app=c:\users\stem\appdata\local\google\google talk plugin\googletalkplugin.exe | "{688115EB-8D5D-4020-B77E-91A927B05678}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1367732423\ee\aolsoftware.exe | "{6A7495FC-525E-48D2-A3A3-B4F10B8A7394}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "{7A6A9DFB-BA3F-4A8E-86C8-9E31812CBFD9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | "{7BE49DFA-545D-4131-A9F3-798EC501C469}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7F37F4E7-FADB-4737-890A-A642600F8765}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{971C50A1-07AB-458C-88F2-2774FA92BF79}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{9B4ED8D0-41DF-486F-9CB4-53A3A4F4A026}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1367732423\ee\aolsoftware.exe | "{9E669978-5CBF-424C-BAA7-B44A8483C375}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "{A26EF4AE-D84D-427F-B341-E0894740C379}" = protocol=6 | dir=in | app=c:\program files\itibiti soft phone\itibiti.exe | "{A58EE36A-497E-4A68-8B15-C2ECAC1B728C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | "{A8E24FDC-AD13-4CCB-A578-30A1E9025DD4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AC77B2AB-0787-41E6-B5B3-B738B988DA01}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | "{AD70FC21-B495-4CCD-A8AD-8FEDEA83D8BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AE43062B-FE5D-4B75-8C9A-0333556B07AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AFC2275F-B498-49D7-AC2E-0C93535DCC66}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | "{B47C4387-ED27-425B-BAEB-A32FA08D039E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BB63BD37-4F02-4112-9637-2071E416FB2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BC9A05CB-B5CC-4FB3-B666-37CDEE980D65}" = protocol=6 | dir=out | app=system | "{C19D1A2A-2343-40B8-BBD7-DE1EB2ED90FC}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7\aolbrowser\aolbrowser.exe | "{C4D151A7-B108-4102-91C6-3161EF5A8C7C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C564D9F7-55B6-4D8A-9B90-BEDD957EB31B}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7\waol.exe | "{C6667F69-6F86-4EF7-8A1A-37BD8FA2E1CF}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe | "{CAFF00F2-2B34-409D-B7BB-A9867332FA59}" = protocol=6 | dir=in | app=c:\program files\realtek\rtl8187 wireless lan utility\rtwlan.exe | "{D88038DE-3BCD-4274-82AB-B6E15845925F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DCCBF1FD-F443-4C88-8FF8-83C78B97386B}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7\aolbrowser\aolbrowser.exe | "{DECA7434-84D8-405F-A9EC-79A6F14A7207}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | "{DEEB8114-0C73-4227-934F-71CB6EFE673E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{E1D5EB95-5933-44E3-8253-0C24BBD16628}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | "{E56171B1-B403-4BED-827E-6619A0D0889A}" = protocol=6 | dir=in | app=c:\users\stem\appdata\local\google\google talk plugin\googletalkplugin.exe | "{EB8748A6-C309-4787-BA27-E688EFE47443}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F40DCEB8-8399-432D-A906-D23DE2A2AA1F}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "TCP Query User{1136D5D5-30D2-4359-A1C8-04A542E0BC00}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe | "TCP Query User{44EE037C-3BCF-469E-B6ED-182CB874335E}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "TCP Query User{A6C4610C-9F14-4D04-83E2-B4E8D19F3547}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "TCP Query User{DBB6FF2B-CC81-4D98-968A-63DEF395B97E}C:\users\administrator\desktop\aircrack-ng-1.1-win\aircrack-ng-1.1-win\bin\buddy-ng.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\aircrack-ng-1.1-win\aircrack-ng-1.1-win\bin\buddy-ng.exe | "TCP Query User{EB23C033-10BF-42C1-A054-619C4F2FA6F4}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "UDP Query User{27720E58-8AE7-480D-95EB-2D48177EC830}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "UDP Query User{4379F761-E1E7-4134-AAE2-02FFE87D9EDD}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | "UDP Query User{4A9D7509-6335-442A-ABCC-0FE4FB82B56D}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | "UDP Query User{8CE2250C-5E75-4576-A339-927E418FDB8B}C:\users\administrator\desktop\aircrack-ng-1.1-win\aircrack-ng-1.1-win\bin\buddy-ng.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\aircrack-ng-1.1-win\aircrack-ng-1.1-win\bin\buddy-ng.exe | "UDP Query User{963F9A75-B130-459B-A711-E605D6BF3BAA}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00 "{2B9B1B9E-45E5-4A76-9CA8-E06F897A3201}" = Cricket Broadband 1.0 "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant "{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) "{C2B9C70F-165E-450D-9EC1-F7B160016291}" = Living 3D Dolphin "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}" = CommView for WiFi "{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher "{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = SetPoint "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "exent_466550" = The Treasures of Montezuma "exent_706250" = Roads of Rome "exent_708650" = Unlikely Suspects "Google Chrome" = Google Chrome "HotspotShield" = Hotspot Shield 2.93 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "RealPlayer 16.0" = RealPlayer "Swarm Gold1.0" = Swarm Gold ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3002901495-3278968862-1281311716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 5/7/2013 9:14:27 PM | Computer Name = Home | Source = Application Error | ID = 1000 Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting process id: 0x734 Faulting application start time: 0x01ce4b89596f4e1c Faulting application path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Report Id: a00f89d9-b77c-11e2-8d0b-00038a000015 Error - 5/8/2013 3:11:22 AM | Computer Name = Home | Source = Application Error | ID = 1000 Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting process id: 0x70 Faulting application start time: 0x01ce4bbb35eb481d Faulting application path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Report Id: 7c8c2025-b7ae-11e2-bee2-00c0ca3f28d5 Error - 5/8/2013 3:22:35 AM | Computer Name = Home | Source = Application Error | ID = 1000 Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting process id: 0x7fc Faulting application start time: 0x01ce4bbcc73af04e Faulting application path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Report Id: 0de07b75-b7b0-11e2-a38f-00038a000015 Error - 5/8/2013 3:56:02 AM | Computer Name = Home | Source = Application Error | ID = 1000 Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting process id: 0x7cc Faulting application start time: 0x01ce4bc173072510 Faulting application path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Report Id: b9a7fd18-b7b4-11e2-a35f-00038a000015 Error - 5/8/2013 3:59:14 AM | Computer Name = Home | Source = Application Error | ID = 1000 Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting process id: 0x7d4 Faulting application start time: 0x01ce4bc1e5f77600 Faulting application path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Report Id: 2c95eca8-b7b5-11e2-a3ba-00038a000015 Error - 5/8/2013 4:36:09 AM | Computer Name = Home | Source = Application Error | ID = 1000 Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting process id: 0x7ec Faulting application start time: 0x01ce4bc70da5b7a4 Faulting application path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Report Id: 54442e4c-b7ba-11e2-a340-00038a000015 Error - 5/8/2013 6:40:10 AM | Computer Name = Home | Source = Application Error | ID = 1000 Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting process id: 0x7d4 Faulting application start time: 0x01ce4bd860fec88e Faulting application path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Report Id: a79f6218-b7cb-11e2-a81d-00038a000015 Error - 5/8/2013 6:51:59 AM | Computer Name = Home | Source = Application Error | ID = 1000 Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting process id: 0x7e0 Faulting application start time: 0x01ce4bda07d7af59 Faulting application path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Report Id: 4e754b3c-b7cd-11e2-a3bb-00038a000015 Error - 5/8/2013 11:42:41 AM | Computer Name = Home | Source = Application Error | ID = 1000 Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting process id: 0x7d4 Faulting application start time: 0x01ce4c02a3e0c1b9 Faulting application path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Report Id: ea81d841-b7f5-11e2-bee0-00038a000015 Error - 5/8/2013 5:11:55 PM | Computer Name = Home | Source = Application Error | ID = 1000 Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting process id: 0x1508 Faulting application start time: 0x01ce4c30ab0ab927 Faulting application path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Report Id: e90e2786-b823-11e2-bee0-00038a000015 [ System Events ] Error - 3/16/2013 9:23:56 AM | Computer Name = Home | Source = Service Control Manager | ID = 7000 Description = The DefaultTabUpdate service failed to start due to the following error: %%2 Error - 3/16/2013 9:24:09 AM | Computer Name = Home | Source = atikmdag | ID = 43029 Description = Display is not active Error - 3/16/2013 9:24:09 AM | Computer Name = Home | Source = Service Control Manager | ID = 7034 Description = The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). Error - 3/16/2013 9:24:20 AM | Computer Name = Home | Source = atikmdag | ID = 43029 Description = Display is not active Error - 3/16/2013 11:17:38 AM | Computer Name = Home | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 3/16/2013 11:17:38 AM | Computer Name = Home | Source = atikmdag | ID = 43029 Description = Display is not active Error - 3/16/2013 11:17:43 AM | Computer Name = Home | Source = Service Control Manager | ID = 7000 Description = The DefaultTabUpdate service failed to start due to the following error: %%2 Error - 3/16/2013 11:17:45 AM | Computer Name = Home | Source = SNMP | ID = 16713180 Description = The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error - 3/16/2013 11:17:57 AM | Computer Name = Home | Source = Service Control Manager | ID = 7034 Description = The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s). Error - 3/16/2013 11:18:08 AM | Computer Name = Home | Source = atikmdag | ID = 43029 Description = Display is not active < End of report ></key></extension></extension></local>
  10. Dell1737
    Ran Malarebytes without finding this and can't seem to navigate to these popular sites in any of my browsers, Google, Firefox, IE. just get that screen asking to complete a survey, although malwarebytes has been blocking it all I get now is a blank page... after looking at the DDS file it looks like I have a few issues... your help is greatly appreciated heres the files from DDS: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2 Run by Administrator at 11:40:52 on 2013-05-08 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3067.1655 [GMT -7:00] . AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Hotspot Shield\bin\openvpnas.exe C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files\Hotspot Shield\bin\hsswd.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe C:\Windows\System32\tcpsvcs.exe C:\Windows\System32\snmp.exe C:\Program Files\AOL\DataMask by AOL\epservice.exe C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Program Files\AOL\DataMask by AOL\ep.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\AOL\DataMask by AOL\dps.exe C:\Program Files\AOL\DataMask by AOL\pl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\AOL\1367732423\ee\aolsoftware.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\system32\taskeng.exe C:\Program Files\SetPoint\SetPoint.exe C:\Users\Administrator\Desktop\PCMeter\PCMeterV0.3.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Hotspot Shield\bin\openvpntray.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k ipripsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uProxyOverride = <local> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll BHO: DataMask by AOL: {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - c:\program files\aol\datamask by aol\epbho32.dll BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - c:\program files\appgraffiti\AppGraffiti.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll BHO: DataMask by AOL: {ff507020-a257-4527-a222-b6f5732e55ee} - c:\program files\aol\datamask by aol\plbho32.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [Akamai NetSession Interface] "c:\users\administrator\appdata\local\akamai\netsession_win.exe" mRun: [starter] c:\program files\driver-soft\drivergenius\StarterW3i.exe mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Data Protection Suite] "c:\program files\aol\datamask by aol\dps.exe" mRun: [PhishLock] "c:\program files\aol\datamask by aol\pl.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [HostManager] c:\program files\common files\aol\1367732423\ee\AOLSoftware.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 TCP: NameServer = 192.168.1.1 TCP: Interfaces\{036BEE32-ADF8-4545-A30B-1F58E63E0FE2} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{036BEE32-ADF8-4545-A30B-1F58E63E0FE2}\14D616E64616 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{036BEE32-ADF8-4545-A30B-1F58E63E0FE2}\2656C6B696E6E2332663E2765756374737 : DHCPNameServer = 192.168.169.1 TCP: Interfaces\{4CE62BF1-B672-4A6D-802E-4CB49D5343DA} : DHCPNameServer = 192.168.42.129 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\2516D6164616 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\34624472370264275656027596F56496 : DHCPNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\458656026456564696E676023547164796F6E6 : DHCPNameServer = 192.168.254.254 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\4596070797D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\86F6D656027457563747 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\E4F62747865627E61557563747D456564796E676 : DHCPNameServer = 4.2.2.1 TCP: Interfaces\{8A5F0E29-CD98-4B27-B1B0-8491E9616787} : DHCPNameServer = 8.8.8.8 TCP: Interfaces\{B0A1DE32-301C-4595-BD15-84AD4E594649} : DHCPNameServer = 172.26.38.1 172.26.38.2 AppInit_DLLs= c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll SSODL: WebCheck - <orphaned> SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 184.22.81.15 www.imeetzu.com Hosts: 184.22.81.15 imeetzu.com Hosts: 184.22.81.15 www.omegle.com Hosts: 184.22.81.15 omegle.com Hosts: 184.22.81.15 www.runescape.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\oys2u84h.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll FF - plugin: c:\program files\free ride games\npExentCtl.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2013-03-25 09:13; afurladvisor@anchorfree.com; c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com FF - ExtSQL: 2013-04-22 13:25; sss@sentrybay.com; c:\program files\aol\datamask by aol\ffext FF - ExtSQL: 2013-04-25 10:53; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296] R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-4-24 40648] R1 MpKsl92a13521;MpKsl92a13521;c:\programdata\microsoft\microsoft antimalware\definition updates\{07c6ffc2-2077-4578-a224-1bcc9923734f}\MpKsl92a13521.sys [2013-5-8 29904] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\drivers\TsLwWfF.sys [2012-10-6 23184] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128] R2 EntryProtect;DataMask by AOL;c:\program files\aol\datamask by aol\epservice.exe [2012-11-13 45960] R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-4-26 570664] R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-4-26 390440] R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-30 418376] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-30 701512] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056] R2 Realtek87B;Realtek87B;c:\program files\realtek\rtl8187 wireless lan utility\RtlService.exe [2013-3-15 40960] R2 X6XSEx;X6XSEx;c:\program files\free ride games\X6XSEx.sys [2012-4-28 46184] R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224] R3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys [2013-4-22 18240] R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-7 273448] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-30 22856] R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-1-27 7087616] R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2013-3-15 375808] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-4-24 37064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2012-4-2 621568] S2 DefaultTabUpdate;DefaultTabUpdate;"c:\users\stem\appdata\roaming\defaulttab\defaulttab\dtupdate.exe" --> c:\users\stem\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [?] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-29 14848] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-29 49664] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-22 1343400] . =============== Created Last 30 ================ . 2013-05-08 15:42:49 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07c6ffc2-2077-4578-a224-1bcc9923734f}\MpKsl92a13521.sys 2013-05-07 19:52:28 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07c6ffc2-2077-4578-a224-1bcc9923734f}\mpengine.dll 2013-05-07 10:42:45 53248 ----a-w- c:\windows\system32\CSVer.dll 2013-05-07 10:14:41 170512 ----a-w- c:\windows\system32\kemutb.dll 2013-05-07 10:14:40 84496 ----a-w- c:\windows\system32\KemXML.dll 2013-05-07 10:14:40 145936 ----a-w- c:\windows\system32\KemUtil.dll 2013-05-07 10:14:40 117264 ----a-w- c:\windows\system32\KemWnd.dll 2013-05-07 10:14:14 -------- d-----w- c:\program files\SetPoint 2013-05-07 10:09:51 -------- d-----w- c:\program files\Dell 2013-05-07 10:02:00 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys 2013-05-07 10:01:59 90112 ----a-w- c:\windows\system32\snymsico.dll 2013-05-07 10:01:59 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys 2013-05-07 10:01:59 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys 2013-05-07 10:01:59 172032 ----a-w- c:\windows\system32\rixdicon.dll 2013-05-07 10:00:04 -------- d-----w- c:\program files\Broadcom 2013-05-07 07:17:01 -------- d-----w- c:\windows\system32\wbem\framework\root\AddGadgets 2013-05-07 07:17:01 -------- d-----w- c:\windows\system32\wbem\framework\root 2013-05-07 07:17:01 -------- d-----w- c:\windows\system32\wbem\Framework 2013-05-06 18:50:29 6906960 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-05-05 05:41:31 -------- d-----w- c:\users\administrator\appdata\roaming\AOL 2013-05-05 05:41:13 58696 ----a-w- c:\windows\system32\AOLParconLink.exe 2013-05-05 05:41:13 -------- d-----w- c:\programdata\Viewpoint 2013-05-05 05:41:13 -------- d-----w- c:\program files\Viewpoint 2013-05-05 05:40:41 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys 2013-05-05 05:40:32 -------- d-----w- c:\users\administrator\appdata\local\AOL 2013-05-05 05:40:08 -------- d-----w- c:\program files\common files\AOL 2013-05-05 05:40:07 -------- d-----w- c:\program files\common files\aolshare 2013-05-05 05:40:07 -------- d-----w- c:\program files\AOL Desktop 9.7 2013-05-04 01:43:48 -------- d-----w- c:\users\administrator\appdata\roaming\Hotspot Shield 2013-05-01 05:28:54 -------- d-----w- c:\users\administrator\appdata\roaming\SUPERAntiSpyware.com 2013-05-01 05:28:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-05-01 05:28:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-05-01 04:12:49 -------- d-----w- c:\users\administrator\appdata\roaming\Malwarebytes 2013-05-01 04:12:32 -------- d-----w- c:\programdata\Malwarebytes 2013-05-01 04:12:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-05-01 04:12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-05-01 04:10:08 -------- d-----w- c:\users\administrator\appdata\local\Programs 2013-04-25 17:54:11 -------- d-----w- c:\users\administrator\appdata\roaming\RealNetworks 2013-04-25 17:53:35 -------- d-----w- c:\program files\RealNetworks 2013-04-25 17:53:32 -------- d-----w- c:\programdata\RealNetworks 2013-04-25 17:53:22 -------- d-----w- c:\program files\common files\xing shared 2013-04-25 03:26:58 866720 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-04-25 03:26:58 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-25 03:26:55 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-24 19:25:44 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys 2013-04-24 19:12:34 40648 ----a-w- c:\windows\system32\drivers\hssdrv6.sys 2013-04-23 20:02:54 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll 2013-04-23 20:02:54 706640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{42322a06-2bea-4729-adc4-f3a9fdbf2a16}\gapaengine.dll 2013-04-23 18:09:01 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-23 04:43:38 -------- d-----w- c:\users\administrator\appdata\roaming\WinZip 2013-04-22 21:53:18 -------- d-----w- c:\programdata\TamoSoft 2013-04-22 21:52:32 -------- d-----w- c:\program files\CommViewWiFi 2013-04-22 21:04:37 -------- d-----w- c:\users\administrator\appdata\local\WinZip 2013-04-22 20:27:11 -------- d-----w- c:\users\administrator\appdata\roaming\SentryBay 2013-04-22 20:25:00 18240 ----a-w- c:\windows\system32\drivers\epfilter.sys 2013-04-22 20:24:30 -------- d-----w- c:\programdata\SentryBay 2013-04-22 19:01:59 -------- d-----w- c:\users\administrator\appdata\local\SentryBay 2013-04-22 19:01:59 -------- d-----w- c:\program files\SentryBay 2013-04-22 01:35:31 71168 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNBPP4.DLL 2013-04-18 18:04:41 348160 ----a-w- c:\windows\system32\msvcr71.dll 2013-04-18 18:04:40 499712 ----a-w- c:\windows\system32\msvcp71.dll 2013-04-12 20:39:18 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-04-12 20:39:16 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-12 20:39:14 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-12 20:39:14 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-12 20:39:13 69632 ----a-w- c:\windows\system32\smss.exe 2013-04-12 20:39:13 38912 ----a-w- c:\windows\system32\csrsrv.dll . ==================== Find3M ==================== . 2013-05-05 04:46:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-05 04:46:55 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-03-24 13:26:08 124 ----a-w- c:\users\administrator\advanced_ip_scanner_MAC.bin 2013-03-24 13:26:07 387 ----a-w- c:\users\administrator\advanced_ip_scanner_Favorites.bin 2013-02-21 10:30:16 1766912 ----a-w- c:\windows\system32\wininet.dll 2013-02-21 10:29:39 2877440 ----a-w- c:\windows\system32\jscript9.dll 2013-02-21 10:29:37 61440 ----a-w- c:\windows\system32\iesetup.dll 2013-02-21 10:29:37 109056 ----a-w- c:\windows\system32\iesysprep.dll 2013-02-19 12:01:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-19 11:10:53 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-12 03:32:46 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys . ============= FINISH: 11:41:42.31 =============== Attach file: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/21/2012 6:25:04 PM System Uptime: 5/8/2013 8:42:05 AM (3 hours ago) . Motherboard: Dell Inc. | | 0P786H Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 238.33 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP69: 4/22/2013 2:53:53 PM - Device Driver Package Install: TamoSoft Network Service RP70: 4/23/2013 1:02:03 PM - Windows Update RP71: 4/24/2013 8:26:26 PM - Installed Java 7 Update 21 RP72: 4/29/2013 4:18:05 PM - Windows Update RP73: 5/3/2013 9:27:43 AM - Windows Update RP74: 5/3/2013 6:44:47 PM - Device Driver Package Install: Anchorfree Inc Network Service RP75: 5/3/2013 6:45:57 PM - Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters RP76: 5/3/2013 7:05:34 PM - Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters RP77: 5/6/2013 11:50:03 AM - Windows Update RP78: 5/6/2013 5:05:25 PM - Removed InstallIQ Updater RP79: 5/7/2013 2:59:36 AM - Installed Broadcom Gigabit NetLink Controller. RP81: 5/7/2013 3:01:49 AM - Installed RICOH Media Driver ver.2.07.01.00 RP82: 5/7/2013 3:09:39 AM - Installed QuickSet. RP84: 5/7/2013 3:17:59 AM - Installed RICOH Media Driver ver.2.07.01.00 RP85: 5/7/2013 12:51:02 PM - Windows Update . ==== Hosts File Hijack ====================== . Hosts: 184.22.81.15 www.imeetzu.com Hosts: 184.22.81.15 imeetzu.com Hosts: 184.22.81.15 www.omegle.com Hosts: 184.22.81.15 omegle.com Hosts: 184.22.81.15 www.runescape.com Hosts: 184.22.81.15 runescape.com Hosts: 184.22.81.15 google.com Hosts: 184.22.81.15 www.google.ae Hosts: 184.22.81.15 www.google.com.af Hosts: 184.22.81.15 www.google.com.ag Hosts: 184.22.81.15 www.google.off.ai Hosts: 184.22.81.15 www.google.am Hosts: 184.22.81.15 www.google.com.ar Hosts: 184.22.81.15 www.google.as Hosts: 184.22.81.15 www.google.at Hosts: 184.22.81.15 www.google.com.au Hosts: 184.22.81.15 www.google.az Hosts: 184.22.81.15 www.google.ba Hosts: 184.22.81.15 www.google.com.bd Hosts: 184.22.81.15 www.google.be Hosts: 184.22.81.15 www.google.bg Hosts: 184.22.81.15 www.google.com.bh Hosts: 184.22.81.15 www.google.bi Hosts: 184.22.81.15 www.google.com.bo Hosts: 184.22.81.15 www.google.com.br Hosts: 184.22.81.15 www.google.bs Hosts: 184.22.81.15 www.google.co.bw Hosts: 184.22.81.15 www.google.com.bz Hosts: 184.22.81.15 www.google.ca Hosts: 184.22.81.15 www.google.cd Hosts: 184.22.81.15 www.google.cg Hosts: 184.22.81.15 www.google.ch Hosts: 184.22.81.15 www.google.ci Hosts: 184.22.81.15 www.google.co.ck Hosts: 184.22.81.15 www.google.cl Hosts: 184.22.81.15 www.google.cn Hosts: 184.22.81.15 www.google.com.co Hosts: 184.22.81.15 www.google.co.cr Hosts: 184.22.81.15 www.google.com.cu Hosts: 184.22.81.15 www.google.cz Hosts: 184.22.81.15 www.google.de Hosts: 184.22.81.15 www.google.dj Hosts: 184.22.81.15 www.google.dk Hosts: 184.22.81.15 www.google.dm Hosts: 184.22.81.15 www.google.com.do Hosts: 184.22.81.15 www.google.com.ec Hosts: 184.22.81.15 www.google.ee Hosts: 184.22.81.15 www.google.com.eg Hosts: 184.22.81.15 www.google.es Hosts: 184.22.81.15 www.google.com.et Hosts: 184.22.81.15 www.google.fi Hosts: 184.22.81.15 www.google.com.fj Hosts: 184.22.81.15 www.google.fm Hosts: 184.22.81.15 www.google.fr Hosts: 184.22.81.15 www.google.ge Hosts: 184.22.81.15 www.google.gg Hosts: 184.22.81.15 www.google.com.gi Hosts: 184.22.81.15 www.google.gl Hosts: 184.22.81.15 www.google.gm Hosts: 184.22.81.15 www.google.gr Hosts: 184.22.81.15 www.google.com.gt Hosts: 184.22.81.15 www.google.gy Hosts: 184.22.81.15 www.google.com.hk Hosts: 184.22.81.15 www.google.hn Hosts: 184.22.81.15 www.google.hr Hosts: 184.22.81.15 www.google.ht Hosts: 184.22.81.15 www.google.hu Hosts: 184.22.81.15 www.google.co.id Hosts: 184.22.81.15 www.google.ie Hosts: 184.22.81.15 www.google.co.il Hosts: 184.22.81.15 www.google.co.im Hosts: 184.22.81.15 www.google.co.in Hosts: 184.22.81.15 www.google.is Hosts: 184.22.81.15 www.google.it Hosts: 184.22.81.15 www.google.co.je Hosts: 184.22.81.15 www.google.com.jm Hosts: 184.22.81.15 www.google.jo Hosts: 184.22.81.15 www.google.co.jp Hosts: 184.22.81.15 www.google.co.ke Hosts: 184.22.81.15 www.google.kg Hosts: 184.22.81.15 www.google.co.kr Hosts: 184.22.81.15 www.google.kz Hosts: 184.22.81.15 www.google.li Hosts: 184.22.81.15 www.google.lk Hosts: 184.22.81.15 www.google.co.ls Hosts: 184.22.81.15 www.google.lt Hosts: 184.22.81.15 www.google.lu Hosts: 184.22.81.15 www.google.lv Hosts: 184.22.81.15 www.google.com.ly Hosts: 184.22.81.15 www.google.co.ma Hosts: 184.22.81.15 www.google.md Hosts: 184.22.81.15 www.google.mn Hosts: 184.22.81.15 www.google.ms Hosts: 184.22.81.15 www.google.com.mt Hosts: 184.22.81.15 www.google.mu Hosts: 184.22.81.15 www.google.mw Hosts: 184.22.81.15 www.google.com.mx Hosts: 184.22.81.15 www.google.com.my Hosts: 184.22.81.15 www.google.com.na Hosts: 184.22.81.15 www.google.com.nf Hosts: 184.22.81.15 www.google.com.ng Hosts: 184.22.81.15 www.google.com.ni Hosts: 184.22.81.15 www.google.nl Hosts: 184.22.81.15 www.google.no Hosts: 184.22.81.15 www.google.com.np Hosts: 184.22.81.15 www.google.nr Hosts: 184.22.81.15 www.google.nu Hosts: 184.22.81.15 www.google.co.nz Hosts: 184.22.81.15 www.google.com.om Hosts: 184.22.81.15 www.google.com.pa Hosts: 184.22.81.15 www.google.com.pe Hosts: 184.22.81.15 www.google.com.ph Hosts: 184.22.81.15 www.google.com.pk Hosts: 184.22.81.15 www.google.pl Hosts: 184.22.81.15 www.google.pn Hosts: 184.22.81.15 www.google.com.pr Hosts: 184.22.81.15 www.google.pt Hosts: 184.22.81.15 www.google.com.py Hosts: 184.22.81.15 www.google.com.qa Hosts: 184.22.81.15 www.google.ro Hosts: 184.22.81.15 www.google.rw Hosts: 184.22.81.15 www.google.com.sa Hosts: 184.22.81.15 www.google.com.sb Hosts: 184.22.81.15 www.google.sc Hosts: 184.22.81.15 www.google.se Hosts: 184.22.81.15 www.google.com.sg Hosts: 184.22.81.15 www.google.sh Hosts: 184.22.81.15 www.google.si Hosts: 184.22.81.15 www.google.sk Hosts: 184.22.81.15 www.google.sn Hosts: 184.22.81.15 www.google.sm Hosts: 184.22.81.15 www.google.com.sv Hosts: 184.22.81.15 www.google.co.th Hosts: 184.22.81.15 www.google.com.tj Hosts: 184.22.81.15 www.google.tm Hosts: 184.22.81.15 www.google.to Hosts: 184.22.81.15 www.google.tp Hosts: 184.22.81.15 www.google.com.tr Hosts: 184.22.81.15 www.google.tt Hosts: 184.22.81.15 www.google.com.tw Hosts: 184.22.81.15 www.google.com.ua Hosts: 184.22.81.15 www.google.co.ug Hosts: 184.22.81.15 www.google.com.uy Hosts: 184.22.81.15 www.google.co.uz Hosts: 184.22.81.15 www.google.com.vc Hosts: 184.22.81.15 www.google.co.ve Hosts: 184.22.81.15 www.google.vg Hosts: 184.22.81.15 www.google.co.vi Hosts: 184.22.81.15 www.google.com.vn Hosts: 184.22.81.15 www.google.vu Hosts: 184.22.81.15 www.google.ws Hosts: 184.22.81.15 www.google.co.za Hosts: 184.22.81.15 www.google.co.zm Hosts: 184.22.81.15 google.ae Hosts: 184.22.81.15 google.com.af Hosts: 184.22.81.15 google.com.ag Hosts: 184.22.81.15 google.off.ai Hosts: 184.22.81.15 google.am Hosts: 184.22.81.15 google.com.ar Hosts: 184.22.81.15 google.as Hosts: 184.22.81.15 google.at Hosts: 184.22.81.15 google.com.au Hosts: 184.22.81.15 google.az Hosts: 184.22.81.15 google.ba Hosts: 184.22.81.15 google.com.bd Hosts: 184.22.81.15 google.be Hosts: 184.22.81.15 google.bg Hosts: 184.22.81.15 google.com.bh Hosts: 184.22.81.15 google.bi Hosts: 184.22.81.15 google.com.bo Hosts: 184.22.81.15 google.com.br Hosts: 184.22.81.15 google.bs Hosts: 184.22.81.15 google.co.bw Hosts: 184.22.81.15 google.com.bz Hosts: 184.22.81.15 google.ca Hosts: 184.22.81.15 google.cd Hosts: 184.22.81.15 google.cg Hosts: 184.22.81.15 google.ch Hosts: 184.22.81.15 google.ci Hosts: 184.22.81.15 google.co.ck Hosts: 184.22.81.15 google.cl Hosts: 184.22.81.15 google.cn Hosts: 184.22.81.15 google.com.co Hosts: 184.22.81.15 google.co.cr Hosts: 184.22.81.15 google.com.cu Hosts: 184.22.81.15 google.cz Hosts: 184.22.81.15 google.de Hosts: 184.22.81.15 google.dj Hosts: 184.22.81.15 google.dk Hosts: 184.22.81.15 google.dm Hosts: 184.22.81.15 google.com.do Hosts: 184.22.81.15 google.com.ec Hosts: 184.22.81.15 google.ee Hosts: 184.22.81.15 google.com.eg Hosts: 184.22.81.15 google.es Hosts: 184.22.81.15 google.com.et Hosts: 184.22.81.15 google.fi Hosts: 184.22.81.15 google.com.fj Hosts: 184.22.81.15 google.fm Hosts: 184.22.81.15 google.fr Hosts: 184.22.81.15 google.ge Hosts: 184.22.81.15 google.gg Hosts: 184.22.81.15 google.com.gi Hosts: 184.22.81.15 google.gl Hosts: 184.22.81.15 google.gm Hosts: 184.22.81.15 google.gr Hosts: 184.22.81.15 google.com.gt Hosts: 184.22.81.15 google.gy Hosts: 184.22.81.15 google.com.hk Hosts: 184.22.81.15 google.hn Hosts: 184.22.81.15 google.hr Hosts: 184.22.81.15 google.ht Hosts: 184.22.81.15 google.hu Hosts: 184.22.81.15 google.co.id Hosts: 184.22.81.15 google.ie Hosts: 184.22.81.15 google.co.il Hosts: 184.22.81.15 google.co.im Hosts: 184.22.81.15 google.co.in Hosts: 184.22.81.15 google.is Hosts: 184.22.81.15 google.it Hosts: 184.22.81.15 google.co.je Hosts: 184.22.81.15 google.com.jm Hosts: 184.22.81.15 google.jo Hosts: 184.22.81.15 google.co.jp Hosts: 184.22.81.15 google.co.ke Hosts: 184.22.81.15 google.kg Hosts: 184.22.81.15 google.co.kr Hosts: 184.22.81.15 google.kz Hosts: 184.22.81.15 google.li Hosts: 184.22.81.15 google.lk Hosts: 184.22.81.15 google.co.ls Hosts: 184.22.81.15 google.lt Hosts: 184.22.81.15 google.lu Hosts: 184.22.81.15 google.lv Hosts: 184.22.81.15 google.com.ly Hosts: 184.22.81.15 google.co.ma Hosts: 184.22.81.15 google.md Hosts: 184.22.81.15 google.mn Hosts: 184.22.81.15 google.ms Hosts: 184.22.81.15 google.com.mt Hosts: 184.22.81.15 google.mu Hosts: 184.22.81.15 google.mw Hosts: 184.22.81.15 google.com.mx Hosts: 184.22.81.15 google.com.my Hosts: 184.22.81.15 google.com.na Hosts: 184.22.81.15 google.com.nf Hosts: 184.22.81.15 google.com.ng Hosts: 184.22.81.15 google.com.ni Hosts: 184.22.81.15 google.nl Hosts: 184.22.81.15 google.no Hosts: 184.22.81.15 google.com.np Hosts: 184.22.81.15 google.nr Hosts: 184.22.81.15 google.nu Hosts: 184.22.81.15 google.co.nz Hosts: 184.22.81.15 google.com.om Hosts: 184.22.81.15 google.com.pa Hosts: 184.22.81.15 google.com.pe Hosts: 184.22.81.15 google.com.ph Hosts: 184.22.81.15 google.com.pk Hosts: 184.22.81.15 google.pl Hosts: 184.22.81.15 google.pn Hosts: 184.22.81.15 google.com.pr Hosts: 184.22.81.15 google.pt Hosts: 184.22.81.15 google.com.py Hosts: 184.22.81.15 google.com.qa Hosts: 184.22.81.15 google.ro Hosts: 184.22.81.15 google.ru Hosts: 184.22.81.15 google.rw Hosts: 184.22.81.15 google.com.sa Hosts: 184.22.81.15 google.com.sb Hosts: 184.22.81.15 google.sc Hosts: 184.22.81.15 google.se Hosts: 184.22.81.15 google.com.sg Hosts: 184.22.81.15 google.sh Hosts: 184.22.81.15 google.si Hosts: 184.22.81.15 google.sk Hosts: 184.22.81.15 google.sn Hosts: 184.22.81.15 google.sm Hosts: 184.22.81.15 google.com.sv Hosts: 184.22.81.15 google.co.th Hosts: 184.22.81.15 google.com.tj Hosts: 184.22.81.15 google.tm Hosts: 184.22.81.15 google.to Hosts: 184.22.81.15 google.tp Hosts: 184.22.81.15 google.com.tr Hosts: 184.22.81.15 google.tt Hosts: 184.22.81.15 google.com.tw Hosts: 184.22.81.15 google.com.ua Hosts: 184.22.81.15 google.co.ug Hosts: 184.22.81.15 google.co.uk Hosts: 184.22.81.15 google.com.uy Hosts: 184.22.81.15 google.co.uz Hosts: 184.22.81.15 google.com.vc Hosts: 184.22.81.15 google.co.ve Hosts: 184.22.81.15 google.vg Hosts: 184.22.81.15 google.co.vi Hosts: 184.22.81.15 google.com.vn Hosts: 184.22.81.15 google.vu Hosts: 184.22.81.15 google.ws Hosts: 184.22.81.15 google.co.za Hosts: 184.22.81.15 google.co.zm Hosts: 184.22.81.15 www.youtube.com Hosts: 184.22.81.15 youtube.com Hosts: 184.22.81.15 msn.com Hosts: 184.22.81.15 facebook.com Hosts: 184.22.81.15 www.yahoo.com Hosts: 184.22.81.15 yahoo.com Hosts: 184.22.81.15 www.hotmail.com Hosts: 184.22.81.15 hotmail.com Hosts: 184.22.81.15 www.bing.com Hosts: 184.22.81.15 bing.com Hosts: 184.22.81.15 www.twitter.com Hosts: 184.22.81.15 twitter.com Hosts: 184.22.81.15 myspace.com Hosts: 184.22.81.15 192.168.1.254 Hosts: 184.22.81.15 localhost Hosts: 184.22.81.15 www.wordpress.org Hosts: 184.22.81.15 wordpress.org Hosts: 184.22.81.15 wikipedia.org Hosts: 184.22.81.15 www.wikipedia.org Hosts: 184.22.81.15 blogspot.com Hosts: 184.22.81.15 wordpress.com Hosts: 184.22.81.15 live.com Hosts: 184.22.81.15 www.ebay.com Hosts: 184.22.81.15 ebay.com Hosts: 184.22.81.15 www.amazon.com Hosts: 184.22.81.15 amazon.com Hosts: 184.22.81.15 www.tumblr.com Hosts: 184.22.81.15 tumblr.com Hosts: 184.22.81.15 www.paypal.com Hosts: 184.22.81.15 paypal.com Hosts: 184.22.81.15 imdb.com Hosts: 184.22.81.15 www.imdb.com Hosts: 184.22.81.15 www.steampowered.com Hosts: 184.22.81.15 steampowered.com Hosts: 184.22.81.15 minecraft.com Hosts: 184.22.81.15 www.minecraft.net Hosts: 184.22.81.15 minecraft.net Hosts: 184.22.81.15 www.minecraft.com Hosts: 184.22.81.15 www.google.com/search ==== Installed Programs ====================== . Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.02) Akamai NetSession Interface AOL Uninstaller (Choose which Products to Remove) AppGraffiti Apple Software Update Broadcom Gigabit NetLink Controller CDDRV_Installer CommView for WiFi Cricket Broadband 1.0 DataMask by AOL DefaultTab DefaultTab Chrome Driver Genius Professional Edition Google Chrome Google Earth Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Hotspot Shield 2.93 Java 7 Update 21 Java Auto Updater KhalInstallWrapper Living 3D Dolphin Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service QuickSet RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer REALTEK Wireless LAN Driver and Utility RealUpgrade 1.1 RICOH Media Driver ver.2.07.01.00 Roads of Rome Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) SetPoint SUPERAntiSpyware Swarm Gold The Treasures of Montezuma U3Launcher Unlikely Suspects Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Viewpoint Media Player Windows 7 USB/DVD Download Tool WinZip 17.0 . ==== Event Viewer Messages From Past Week ======== . 5/8/2013 8:46:37 AM, Error: Service Control Manager [7000] - The WinRing0_1_2_0 service failed to start due to the following error: The system cannot find the file specified. 5/8/2013 8:42:42 AM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. 5/8/2013 8:42:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DefaultTabSearch service to connect. 5/8/2013 8:42:41 AM, Error: Service Control Manager [7000] - The DefaultTabUpdate service failed to start due to the following error: The system cannot find the file specified. 5/8/2013 8:42:41 AM, Error: Service Control Manager [7000] - The DefaultTabSearch service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 5/8/2013 8:42:18 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter 5/8/2013 8:42:18 AM, Error: atikmdag [43029] - Display is not active 5/8/2013 12:56:07 AM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:56:07 AM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:56:07 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:56:07 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:56:07 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure. 5/8/2013 12:56:07 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure. 5/8/2013 12:11:28 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:11:28 AM, Error: Service Control Manager [7038] - The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:11:28 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 5/8/2013 12:11:28 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure. 5/8/2013 12:11:28 AM, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: The service did not start due to a logon failure. 5/8/2013 12:11:28 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure. 5/6/2013 6:14:14 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243 5/4/2013 9:36:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 5/4/2013 9:19:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} 5/4/2013 9:16:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1176.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 5/4/2013 9:16:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 5/4/2013 9:06:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/4/2013 9:06:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/4/2013 9:06:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/4/2013 9:06:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/4/2013 9:06:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6 5/4/2013 10:40:37 PM, Error: Service Control Manager [7030] - The AOL Connectivity Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 5/3/2013 7:06:03 PM, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). 5/3/2013 7:05:59 PM, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.