Jump to content

Removed Win 7 2012 Security, now getting a reedirect.


ckoobs

Recommended Posts

Removed the 2012 security but now have a redirect and Malwarebytes isn't finding anything. I ran the TDSSkiller but it found nothing. Here is the OTL report.

THANKS!

OTL logfile created on: 12/12/2011 6:49:42 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\admin\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 47.18% Memory free

5.98 Gb Paging File | 4.16 Gb Available in Paging File | 69.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.66 Gb Total Space | 392.95 Gb Free Space | 84.39% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/12 18:46:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe

PRC - [2011/11/19 16:49:54 | 006,860,960 | ---- | M] (Spotify Ltd) -- C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe

PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/07/15 22:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/12/14 17:43:56 | 001,089,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK Wireless LAN Software\RtWLan.exe

PRC - [2009/09/01 11:20:12 | 000,036,864 | R--- | M] (Realtek) -- C:\Program Files\REALTEK Wireless LAN Software\RtlService.exe

PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/13 19:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PING.EXE

========== Modules (No Company Name) ==========

MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL

========== Win32 Services (SafeList) ==========

SRV - [2011/12/11 13:49:56 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/05/06 12:31:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/09/01 11:20:12 | 000,036,864 | R--- | M] (Realtek) [Auto | Running] -- C:\Program Files\REALTEK Wireless LAN Software\RtlService.exe -- (Realtek9xp)

SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/09/06 15:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/11/23 17:10:46 | 001,249,792 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2010/09/02 18:49:08 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)

DRV - [2010/02/10 19:17:24 | 009,936,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/09/28 03:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)

DRV - [2009/07/13 17:12:11 | 000,074,240 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)

DRV - [2009/06/27 07:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 1B A2 50 D7 B5 CC 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/09 20:14:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/09 00:02:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 12:08:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/09 20:14:47 | 000,000,000 | ---D | M]

[2011/05/05 14:10:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions

[2011/11/16 12:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/09 00:02:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2011/11/16 12:08:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/02 13:49:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/16 12:08:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Disabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: ShipRush FedEx (Enabled) = C:\Users\admin\AppData\Roaming\Mozilla\plugins\NPShipRush_FedEx.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa3\npPicasa3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\admin\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Angry Birds = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

CHR - Extension: avast! WebRep = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

Hosts file not found

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [iJNetworkScannerSelectorEX] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O13 - gopher Prefix: missing

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A3E97E-D61F-4E65-A213-B39F08A2EB80}: DhcpNameServer = 128.255.64.5 128.255.1.3 128.255.64.11

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06997A9-1095-4BAA-8CEC-B9C193DF5EB1}: DhcpNameServer = 10.0.1.1

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) -C:\Windows\System32\RtlGina\RtlGina.dll (Realtek)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 18:33:13 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes

[2011/12/11 18:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/11 18:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/12/11 18:33:01 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/12/11 18:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/12/12 18:46:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-469322670-3098272812-1794894432-1000UA.job

[2011/12/12 18:06:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/12 17:53:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-469322670-3098272812-1794894432-1000Core.job

[2011/12/11 19:22:52 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/11 19:22:52 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/11 19:15:28 | 2406,912,000 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/11 18:33:04 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/11 18:14:52 | 000,011,024 | -HS- | M] () -- C:\ProgramData\671621g0v745w477y613x4syf6g6

[2011/12/11 18:14:51 | 000,011,024 | -HS- | M] () -- C:\Users\admin\AppData\Local\671621g0v745w477y613x4syf6g6

[2011/11/26 17:05:25 | 000,000,215 | ---- | M] () -- C:\Users\admin\Desktop\LIMBO.url

[2011/11/23 14:19:51 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/11/23 14:19:51 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/11/19 01:44:39 | 000,002,359 | ---- | M] () -- C:\Users\admin\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/12/11 18:33:04 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/11 13:15:37 | 000,011,024 | -HS- | C] () -- C:\Users\admin\AppData\Local\671621g0v745w477y613x4syf6g6

[2011/12/11 13:15:37 | 000,011,024 | -HS- | C] () -- C:\ProgramData\671621g0v745w477y613x4syf6g6

[2011/11/26 17:05:25 | 000,000,215 | ---- | C] () -- C:\Users\admin\Desktop\LIMBO.url

[2011/08/31 22:09:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/05/05 16:24:46 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe

[2010/02/10 07:58:14 | 000,040,588 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin

[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 22:33:53 | 000,366,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/13 20:05:48 | 000,624,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/13 20:05:48 | 000,106,522 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/13 17:12:11 | 000,074,240 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys

[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/06/20 21:25:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BitZipper

[2011/05/05 15:09:32 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Braid

[2011/05/08 19:53:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Canon

[2011/05/19 12:19:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Downloaded Installations

[2011/12/11 19:21:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\EurekaLog

[2011/12/12 18:22:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Spotify

[2011/11/19 09:44:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\uTorrent

[2009/07/13 22:53:46 | 000,014,662 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 12/12/2011 6:49:42 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\admin\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 47.18% Memory free

5.98 Gb Paging File | 4.16 Gb Available in Paging File | 69.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.66 Gb Total Space | 392.95 Gb Free Space | 84.39% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series" = Canon MX420 series MP Drivers

"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 25

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F341511-4356-40FA-AB7F-C0C260DFADBC}" = ShipRush for FedEx - Ecommerce Edition

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007

"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)

"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EDD235BB-9FB4-4604-85ED-1B14A256F4E0}" = Adobe Photoshop Lightroom 3.2

"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes

"AC3Filter_is1" = AC3Filter 1.63b

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"avast" = avast! Free Antivirus

"BitZipper_is1" = BitZipper 2010

"Braid_is1" = Braid (Version 1.015)

"Canon MX420 series User Registration" = Canon MX420 series User Registration

"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonMyPrinter" = Canon My Printer

"CanonSolutionMenuEX" = Canon Solution Menu EX

"CueCard" = CueCard (remove only)

"DivX Setup" = DivX Setup

"Download Manager" = Download Manager 2.3.10

"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX

"Easy-WebPrint EX" = Canon Easy-WebPrint EX

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1

"NVIDIA Drivers" = NVIDIA Drivers

"PdaNet_is1" = PdaNet for Android 3.00

"Picasa 3" = Picasa 3

"Speed Dial Utility" = Canon Speed Dial Utility

"Spotify" = Spotify

"Steam App 1200" = Red Orchestra: Ostfront 41-45

"Steam App 18500" = Defense Grid: The Awakening

"Steam App 20540" = Company of Heroes: Tales of Valor

"Steam App 48000" = LIMBO

"Steam App 9340" = Company of Heroes: Opposing Fronts

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.11

"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/28/2011 8:44:55 PM | Computer Name = admin-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\bitzipper\BZSHLEXTLOADER.EXE".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/30/2011 8:08:44 PM | Computer Name = admin-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\bitzipper\BZSHLEXTLOADER.EXE".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/3/2011 1:33:17 PM | Computer Name = admin-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\bitzipper\BZSHLEXTLOADER.EXE".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/6/2011 4:40:39 PM | Computer Name = admin-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\bitzipper\BZSHLEXTLOADER.EXE".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/8/2011 9:10:00 PM | Computer Name = admin-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\bitzipper\BZSHLEXTLOADER.EXE".

Dependent

Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/11/2011 4:44:56 PM | Computer Name = admin-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc964 Faulting module name: SHLWAPI.dll, version: 6.1.7600.16385, time

stamp: 0x4a5bdb05 Exception code: 0xc0000005 Fault offset: 0x000149fd Faulting process

id: 0x1560 Faulting application start time: 0x01ccb844e3b223f4 Faulting application

path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\SHLWAPI.dll

Report

Id: fb7ebade-2438-11e1-a72a-002454879dc8

Error - 12/11/2011 9:37:57 PM | Computer Name = admin-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc964 Faulting module name: SHLWAPI.dll, version: 6.1.7600.16385, time

stamp: 0x4a5bdb05 Exception code: 0xc0000005 Fault offset: 0x000149fd Faulting process

id: 0x7f0 Faulting application start time: 0x01ccb86dd2f01f25 Faulting application

path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\SHLWAPI.dll

Report

Id: ead808ed-2461-11e1-ae17-002454879dc8

Error - 12/11/2011 11:59:08 PM | Computer Name = admin-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc964 Faulting module name: SHLWAPI.dll, version: 6.1.7600.16385, time

stamp: 0x4a5bdb05 Exception code: 0xc0000005 Fault offset: 0x000149fd Faulting process

id: 0x1020 Faulting application start time: 0x01ccb8814e6fe7af Faulting application

path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\SHLWAPI.dll

Report

Id: a40dadf1-2475-11e1-ae17-002454879dc8

Error - 12/12/2011 1:02:40 AM | Computer Name = admin-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc964 Faulting module name: SHLWAPI.dll, version: 6.1.7600.16385, time

stamp: 0x4a5bdb05 Exception code: 0xc0000005 Fault offset: 0x000149fd Faulting process

id: 0xb38 Faulting application start time: 0x01ccb88a95d4aa0c Faulting application

path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\SHLWAPI.dll

Report

Id: 842c019f-247e-11e1-ae17-002454879dc8

Error - 12/12/2011 7:54:41 PM | Computer Name = admin-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc964 Faulting module name: jvm.dll, version: 20.0.0.11, time stamp:

0x4da6f198 Exception code: 0xc0000005 Fault offset: 0x0005e6b2 Faulting process id:

0x43c Faulting application start time: 0x01ccb9289216908a Faulting application path:

C:\Windows\System32\ping.exe Faulting module path: C:\PROGRA~1\Java\jre6\bin\client\jvm.dll

Report

Id: a7f26efa-251c-11e1-ae17-002454879dc8

[ System Events ]

Error - 12/12/2011 1:36:35 AM | Computer Name = admin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 12/12/2011 8:21:39 AM | Computer Name = admin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 12/12/2011 8:21:40 AM | Computer Name = admin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 12/12/2011 7:47:05 PM | Computer Name = admin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 12/12/2011 7:47:12 PM | Computer Name = admin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 12/12/2011 7:47:13 PM | Computer Name = admin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 12/12/2011 7:47:17 PM | Computer Name = admin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 12/12/2011 8:06:11 PM | Computer Name = admin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 12/12/2011 8:06:13 PM | Computer Name = admin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 12/12/2011 8:06:14 PM | Computer Name = admin-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

< End of report >

Still having issues. I also think this virus might be messing with my computer's ability to read my battery. As soon as I removed the security virus and started getting the redirect problems, my computer told me to replace my battery b/c it is bad. Either that or it is a total random coincidence. Bu the battery was holding a good charge 1.5 hours-ish before that.

Link to post
Share on other sites

Welcome to the fourm

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/12/11 18:14:52 | 000,011,024 | -HS- | M] () -- C:\ProgramData\671621g0v745w477y613x4syf6g6
    [2011/12/11 18:14:51 | 000,011,024 | -HS- | M] () -- C:\Users\admin\AppData\Local\671621g0v745w477y613x4syf6g6


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

-------------------------

Then......

Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

MrC

Link to post
Share on other sites

oops didn't see that second part. will do that now.

Farbar Service Scanner

Ran by admin (administrator) on 16-12-2011 at 13:51:23

Microsoft Windows 7 Home Premium (X86)

********************************************************

Service Check:

==============

File Check:

===========

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys

[2011-06-15 15:35] - [2011-04-24 20:35] - 0338944 ____A (Microsoft Corporation) 0DB7A48388D54D154EBEC120461A0FCD

C:\Windows\system32\Drivers\tdx.sys

[2009-07-13 17:12] - [2009-07-13 17:12] - 0074240 ____A () 06BA6763DF05F7F08E70BAB14ED73D12

C:\Windows\system32\Drivers\tcpip.sys

[2011-08-10 11:57] - [2011-06-20 23:39] - 1286016 ____A (Microsoft Corporation) C2DAAEB48F3A47C410B041A0D2382EE1

C:\Windows\system32\dnsrslvr.dll

[2011-05-05 14:14] - [2011-03-02 23:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

Connection Status:

==================

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

**** End of log ****

Link to post
Share on other sites

Farbar Service Scanner

Ran by admin (administrator) on 16-12-2011 at 15:01:49

Windows 7 Home Premium (X86)

************************************************

================== Search: "tdx.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

[2009-07-13 17:12] - [2009-07-13 17:12] - 0074240 ____A () 06BA6763DF05F7F08E70BAB14ED73D12

C:\Windows\System32\drivers\tdx.sys

[2009-07-13 17:12] - [2009-07-13 17:12] - 0074240 ____A () 06BA6763DF05F7F08E70BAB14ED73D12

C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys

[2011-07-02 10:49] - [2010-11-20 02:39] - 0074752 ____A (Microsoft Corporation) B459575348C20E8121D6039DA063C704

====== End Of Search ======

Link to post
Share on other sites

Show files extensions: enable this

http://windows.microsoft.com/en-US/windows-vista/Show-or-hide-file-name-extensions

Then.................

Please find this file and upload it to VirusTotal for a free scan and copy the url of the results so I can see them.

C:\Windows\System32\drivers\tdx.sys

http://virustotal.com

http://virusscan.jotti.org/en <----use this one if VrusTotal is busy

MrC

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    C:\Windows\System32\drivers\tdx.sys|C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys /replace


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

========== FILES ==========

File C:\Windows\System32\drivers\tdx.sys successfully replaced with C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys

OTL by OldTimer - Version 3.2.31.0 log created on 12162011_160056

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Sorry for the delay. I was traveling. I had uninstalled Avast before running, but it says here that it was still running?

ComboFix 11-12-16.03 - admin 12/18/2011 11:26:24.2.4 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3061.2331 [GMT -6:00]

Running from: c:\users\admin\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))

.

.

2011-12-18 17:30 . 2011-12-18 17:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-12-16 23:04 . 2011-12-18 17:30 -------- d-----w- c:\users\admin\AppData\Local\temp

2011-12-16 22:54 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-12-16 19:33 . 2011-12-16 19:33 -------- d-----w- C:\_OTL

2011-12-15 02:35 . 2011-12-15 02:35 -------- d-----w- c:\windows\system32\Adobe

2011-12-12 00:33 . 2011-12-12 00:33 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes

2011-12-12 00:33 . 2011-12-12 00:33 -------- d-----w- c:\programdata\Malwarebytes

2011-12-06 20:37 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36D897DF-9EC9-4D1E-BEA1-AB61A2191C83}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-01 21:46 . 2011-05-24 02:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-16 18:08 . 2011-05-05 20:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

"Steam"="c:\program files\Steam\Steam.exe" [2011-08-07 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-15 1213848]

"IJNetworkScannerSelectorEX"="c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-10 13834856]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

.

c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2011-5-13 477736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-06 1343400]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Realtek9xp;Realtek9xp;c:\program files\REALTEK Wireless LAN Software\RtlService.exe [2009-09-01 36864]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]

S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-03 13312]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469322670-3098272812-1794894432-1000Core.job

- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-28 09:26]

.

2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-469322670-3098272812-1794894432-1000UA.job

- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-28 09:26]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\av991y2l.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-12-18 11:31:34

ComboFix-quarantined-files.txt 2011-12-18 17:31

ComboFix2.txt 2011-12-17 01:46

.

Pre-Run: 425,441,775,616 bytes free

Post-Run: 425,389,449,216 bytes free

.

- - End Of File - - 4D3D841B28CEA728FDE8A37BF0E9A0F0

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.