seychelles82 Posted May 6, 2012 ID:549075 Share Posted May 6, 2012 It seems as if msn iplay has redirected my Firefox browser to Bing and/or Yahoo instead of Google. I've tried a few things to get rid of it (and scanned with Malwarebytes as per instructions) but with no luck. I'm wondering if you guys can help out. Thanks for any help possible!Here are the DDS and Attach logs as requested:DDS.txt.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by ange_t at 19:10:45 on 2012-05-05Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3526 [GMT -7:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\IDT\WDM\AESTSr64.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exeC:\Windows\system32\conhost.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exec:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exeC:\Program Files (x86)\PDF Complete\pdfsvc.exeC:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\WUDFHost.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\spool\drivers\x64\3\WrtMon.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\Hewlett-Packard\HP Wireless Deluxe Desktop Combo\TSR\xDaemon.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exeC:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exeC:\Program Files (x86)\Google\Gmail Notifier\gnotify.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\System32\spool\drivers\x64\3\WrtProc.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\DllHost.exeC:\Users\ange_t\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\ange_t\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\ange_t\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\ange_t\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\ange_t\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\ange_t\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\ange_t\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\ange_t\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\ange_t\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\ange_t\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstartuStart Page = hxxp://www.firefox.com/uInternet Settings,ProxyOverride = *.localmWinlogon: Userinit=userinit.exeBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLLTB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileuRun: [Google Update] "C:\Users\ange_t\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [<NO NAME>] mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exemRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exemRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootmRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exemRun: [backupNowEZtray] "C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -kmRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exemRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: DhcpNameServer = 192.168.0.1TCP: Interfaces\{9CA92BFD-59FF-446F-887B-70B8A1DB7D8B} : DhcpNameServer = 192.168.0.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLLHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-X64: 0x1 - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLLBHO-X64: URLRedirectionBHO - No FileTB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FilemRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun-x64: [(Default)] mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exemRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exemRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -bootmRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exemRun-x64: [backupNowEZtray] "C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" -kmRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exemRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray.================= FIREFOX ===================.FF - ProfilePath - C:\Users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig#t_0FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dllFF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\ange_t\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dllFF - plugin: C:\Users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dllFF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true============= SERVICES / DRIVERS ===============.R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-6-18 89600]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-5-12 136360]R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-5-12 269480]R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-5 654408]R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-9-17 45312]R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-4-28 1128952]R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-28 2655768]R3 HpStkm01;USB Style Packet K + M Filter Driver;C:\Windows\system32\DRIVERS\HpStkm01.SYS --> C:\Windows\system32\DRIVERS\HpStkm01.SYS [?]R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-2-5 401920]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 HCW723x;Hauppauge WinTV 723x PCIe Card;C:\Windows\system32\DRIVERS\HCW723x.sys --> C:\Windows\system32\DRIVERS\HCW723x.sys [?]S3 HideMyIpSRV;HideMyIpSRV;C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe [2012-1-6 3249512]S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-4-29 2152152]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== Created Last 30 ================.2012-05-05 23:57:27 -------- d-----w- C:\Users\ange_t\AppData\Roaming\Malwarebytes2012-05-05 23:57:20 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-05-05 23:57:20 -------- d-----w- C:\ProgramData\Malwarebytes2012-05-05 23:57:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-05-04 10:37:38 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8703ADF6-89BE-4D2D-8FD6-63BFE039FC81}\mpengine.dll2012-05-02 23:54:15 -------- d-----w- C:\Users\ange_t\AppData\Roaming\DailyMagic2012-05-02 23:54:15 -------- d-----w- C:\ProgramData\DailyMagic2012-05-02 23:51:55 -------- d-----w- C:\Program Files (x86)\Dark Dimensions - Wax Beauty Collector's Edition2012-04-21 15:31:33 -------- d-----w- C:\Program Files (x86)\PuppetShow - Return to Joyville Collector's Edition2012-04-18 16:00:20 -------- d-----w- C:\Program Files (x86)\Spirits of Mystery - Song of the Phoenix Collector's Edition2012-04-13 12:22:16 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-04-11 02:26:00 81408 ----a-w- C:\Windows\System32\imagehlp.dll2012-04-11 02:26:00 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys2012-04-11 02:26:00 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2012-04-11 02:25:59 5120 ----a-w- C:\Windows\SysWow64\wmi.dll2012-04-11 02:25:59 5120 ----a-w- C:\Windows\System32\wmi.dll2012-04-11 02:25:59 220672 ----a-w- C:\Windows\System32\wintrust.dll2012-04-11 02:25:59 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2012-04-08 05:57:40 -------- d-----w- C:\Users\ange_t\AppData\Local\{C7ABEC35-5843-40A8-90E0-494B0151A30D}.==================== Find3M ====================.2012-05-05 23:29:31 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys2012-02-15 19:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys2012-02-15 19:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll2012-02-14 19:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll.============= FINISH: 19:11:04.47 ===============Attach.txt..UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 5/4/2011 10:05:08 PMSystem Uptime: 5/5/2012 5:00:45 PM (2 hours ago).Motherboard: PEGATRON CORPORATION | | 2AB6Processor: Intel® Core i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 919 GiB total, 788.718 GiB free.D: is FIXED (NTFS) - 13 GiB total, 1.56 GiB free.E: is CDROM ()G: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.Ad-AwareAdobe AIRAdobe Flash Player 10 ActiveXAdobe Reader X (10.1.3)Agatha Christie - Peril at End HouseAmazon Games & Software DownloaderAmazon MP3 Downloader 1.0.12Apple Application SupportApple Software UpdateAvira AntiVir Personal - Free AntivirusBejeweled 2 DeluxeBig Fish Games: Game ManagerBlackhawk Striker 2Blasterball 3Bounce SymphonyBuild-a-lot 2Cake ManiaCanon DIGITAL CAMERA Solution Disk Software GuideCANON iMAGE GATEWAY Task for ZoomBrowser EXCanon Internet Library for ZoomBrowser EXCanon MOV DecoderCanon MOV EncoderCanon MovieEdit Task for ZoomBrowser EXCanon MP Navigator 2.2Canon MP530 User RegistrationCanon Personal Printing GuideCanon PowerShot SD1400 IS_IXUS 130 Camera User GuideCanon Utilities CameraWindowCanon Utilities CameraWindow DC 8Canon Utilities Easy-PhotoPrintCanon Utilities Movie Uploader for YouTubeCanon Utilities MyCameraCanon Utilities PhotoStitchCanon Utilities ZoomBrowser EXCanon ZoomBrowser EX Memory Card UtilityChuzzle DeluxeConvertHelper 2.2CyberLink DVD Suite DeluxeD3DX10Dark Dimensions: Wax Beauty Collector's EditionDark Parables: The Exiled PrinceDefinition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDiner Dash 2 Restaurant RescueDora's World AdventureDVD Menu Pack for HP MediaSmart VideoEscape Rosecliff IslandFairway SolitaireFairway™Farm FrenzyFATEFinal Drive NitroGoogle ChromeGoogle Gmail NotifierHaunted Legends: The Bronze HorsemanHeroes of Hellas 2 - OlympiaHewlett-Packard ACLM.NET v1.1.2.0Hidden Mysteries ®: Civil WarHide My IP 5.3HiJackThisHP Customer Experience EnhancementsHP GamesHP MAINSTREAM KEYBOARDHP MediaSmart DVDHP MediaSmart MusicHP MediaSmart PhotoHP MediaSmart VideoHP MediaSmart/TouchSmart NetflixHP MovieStoreHP OdometerHP Remote SolutionHP SetupHP Setup ManagerHP Support AssistantHP Support InformationHP UpdateHP Wireless Deluxe Desktop ComboHulu DesktopIDT AudioIntel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsJewel Quest Solitaire 2Junk Mail filter updateKoboLabelPrintLightScribe System SoftwareMaestro: Music of Death Collector's EditionMahjong Towers Eternity ™Malwarebytes Anti-Malware version 1.61.0.1400Microsoft Office 2010Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft WSE 3.0 RuntimeMidnight Mysteries: Devil on the Mississippi Collector's EditionMidnight Mysteries: Salem Witch TrialsMidnight Mysteries: The Edgar Allan Poe ConspiracyMovie Theme Pack for HP MediaSmart VideoMozilla Firefox 11.0 (x86 en-US)Mozilla Thunderbird 11.0.1 (x86 en-US)MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Mystery Case Files: Huntsville ™Mystery Case Files: Ravenhearst ®NTI Backup Now EZPDF Complete Special EditionPenguins!PhotoNow!Plants vs. ZombiesPlayReady PC Runtime x86Poker Superstars IIIPolar BowlerPolar GolferPower2GoPowerDirectorPressReaderPresto! PageManager 7.15.14PuppetShow: Lost Town Collector's EditionPuppetShow: Mystery of Joyville ™PuppetShow: Return to Joyville Collector's EditionQuickTimeRecovery ManagerRedrum ™RoxioNow PlayerScanSoft OmniPage SE 4.0Security Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598039) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit EditionShades of Death: Royal BloodShadow Wolf Mysteries: Curse of the Full MoonSpirits of Mystery: Song of the Phoenix Collector's EditionSpotifyThe Agency of Anomalies: Cinderstone OrphanageThe FoolTimeless: The Forgotten TownUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Excel 2010 (KB2553439) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553270) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553385) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597091) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553248) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate Installer for WildTangent Games AppVirtual FamiliesVirtual Villagers 4 - The Tree of LifeVLC media player 1.1.11Wheel of Fortune 2WildTangent GamesWildTangent Games AppWildTangent Games App (HP Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Player Firefox PluginYahoo! Software UpdateZinio Reader 4Zuma Deluxe.==== Event Viewer Messages From Past Week ========.5/4/2012 4:42:37 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer ANGELA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9CA92BFD-59FF-446F-887B-70B8A1DB7D8B}. The master browser is stopping or an election is being forced.5/4/2012 3:35:57 AM, Error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== Link to post Share on other sites More sharing options...
Elise Posted May 6, 2012 ID:549097 Share Posted May 6, 2012 Hello and COMBOFIX---------------Please download ComboFix from one of these locations:BleepingcomputerForoSpywareDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe and follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply. Link to post Share on other sites More sharing options...
seychelles82 Posted May 6, 2012 Author ID:549251 Share Posted May 6, 2012 Hi, I did as you instructed,everything ran smoothly and I saved the log for Combofix. But then when I tried to open the log, I received the error message 'Illegal operation attempted on a registry key that has been marked for deletion'. I receive that for every other operation/program I attempt as well and and now can't access anything. I'm on my laptop right now, and really don't wan't to reboot the desktop for fear of something heinous happening, Any help would be greatly appreciated. Link to post Share on other sites More sharing options...
Elise Posted May 6, 2012 ID:549253 Share Posted May 6, 2012 No worries, one restart will fix this. Please reboot and post me the combofix log. Link to post Share on other sites More sharing options...
seychelles82 Posted May 6, 2012 Author ID:549255 Share Posted May 6, 2012 Okay thanks, will do Link to post Share on other sites More sharing options...
seychelles82 Posted May 6, 2012 Author ID:549259 Share Posted May 6, 2012 Okay, here's the Combofix log:'ComboFix 12-05-06.03 - ange_t 05/06/2012 12:39:29.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4714 [GMT -7:00]Running from: c:\users\ange_t\Desktop\ComboFix.exeAV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\autorun.infC:\Thumbs.dbc:\users\Public\invokesi.exe..((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))..2012-05-06 19:43 . 2012-05-06 19:43 -------- d-----w- c:\users\Ron\AppData\Local\temp2012-05-06 19:43 . 2012-05-06 19:43 -------- d-----w- c:\users\Guest\AppData\Local\temp2012-05-06 19:43 . 2012-05-06 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp2012-05-05 23:57 . 2012-05-05 23:57 -------- d-----w- c:\users\ange_t\AppData\Roaming\Malwarebytes2012-05-05 23:57 . 2012-05-05 23:57 -------- d-----w- c:\programdata\Malwarebytes2012-05-05 23:57 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-05-05 23:57 . 2012-05-05 23:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-05-04 10:37 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8703ADF6-89BE-4D2D-8FD6-63BFE039FC81}\mpengine.dll2012-05-02 23:54 . 2012-05-02 23:54 -------- d-----w- c:\users\ange_t\AppData\Roaming\DailyMagic2012-05-02 23:54 . 2012-05-02 23:54 -------- d-----w- c:\programdata\DailyMagic2012-04-15 18:43 . 2012-04-15 18:43 -------- d-----w- c:\programdata\McAfee2012-04-15 18:43 . 2012-04-15 18:43 -------- d-----w- c:\program files (x86)\Common Files\Adobe2012-04-13 12:22 . 2012-05-05 23:29 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-04-11 02:26 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-11 02:26 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll2012-04-11 02:26 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-04-11 02:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll2012-04-11 02:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-11 02:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-04-11 02:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-05-05 23:29 . 2011-06-10 02:26 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-02-23 17:18 . 2011-05-12 08:00 279656 ------w- c:\windows\system32\MpSigStub.exe2012-02-22 00:55 . 2012-02-22 00:55 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-02-17 06:38 . 2012-03-14 01:05 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-02-17 05:34 . 2012-03-14 01:05 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-02-17 04:58 . 2012-03-14 01:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-02-17 04:57 . 2012-03-14 01:05 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-02-15 19:01 . 2012-02-15 19:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys2012-02-15 19:01 . 2012-02-15 19:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2012-02-10 06:36 . 2012-03-14 01:06 1544192 ----a-w- c:\windows\system32\DWrite.dll2012-02-10 05:38 . 2012-03-14 01:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]"BackupNowEZtray"="c:\program files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2010-09-17 577792]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]R3 HCW723x;Hauppauge WinTV 723x PCIe Card;c:\windows\system32\DRIVERS\HCW723x.sys [x]R3 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe [2011-06-04 3249512]R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-05 17152]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-09-17 45312]S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]S3 HpStkm01;USB Style Packet K + M Filter Driver;c:\windows\system32\DRIVERS\HpStkm01.SYS [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]..Contents of the 'Scheduled Tasks' folder.2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514862649-4236670434-3941293867-1000Core.job- c:\users\ange_t\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 05:16].2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514862649-4236670434-3941293867-1000UA.job- c:\users\ange_t\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 05:16].2012-04-07 c:\windows\Tasks\HPCeeScheduleForANGE_T-HP$.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15].2012-05-05 c:\windows\Tasks\HPCeeScheduleForange_t.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-28 167960]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-28 391704]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-28 418328]"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]"HP Input Device Main Program"="c:\program files\Hewlett-Packard\HP Wireless Deluxe Desktop Combo\TSR\xDaemon.exe" [2008-10-17 530432].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.firefox.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig#t_0FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.- - - - ORPHANS REMOVED - - - -.AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isuAddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Avira\AntiVir Desktop\avguard.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Common Files\LightScribe\LSSrvc.exec:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2012-05-06 12:48:31 - machine was rebootedComboFix-quarantined-files.txt 2012-05-06 19:48.Pre-Run: 849,931,653,120 bytes freePost-Run: 850,174,660,608 bytes free.- - End Of File - - 5B0C471DFA330AF4053BAB0BB6CBB6AF Link to post Share on other sites More sharing options...
Elise Posted May 7, 2012 ID:549335 Share Posted May 7, 2012 Hi there, Lets do also an additional rootkit scan.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply. Link to post Share on other sites More sharing options...
seychelles82 Posted May 7, 2012 Author ID:549427 Share Posted May 7, 2012 Hi there - I ran TDSSKiller and according to the scan no objects were found. Would you like for me to post the log anyway? Link to post Share on other sites More sharing options...
Elise Posted May 7, 2012 ID:549430 Share Posted May 7, 2012 No need to. Do you still experience redirects at this point? Link to post Share on other sites More sharing options...
seychelles82 Posted May 7, 2012 Author ID:549432 Share Posted May 7, 2012 Unfortunately I'm still having the same problem. Link to post Share on other sites More sharing options...
Elise Posted May 7, 2012 ID:549436 Share Posted May 7, 2012 Does this actually happen when you got to Google and try to do a search, have you tried to change the settings manually? What browser is affected? Link to post Share on other sites More sharing options...
seychelles82 Posted May 7, 2012 Author ID:549446 Share Posted May 7, 2012 It affects Firefox only, I have no issues with Chrome. I have Google defaulted for my search bar in Firefox and there's no issue with redirection there. It solely redirects when I attempt to search in Firefox's address bar. Link to post Share on other sites More sharing options...
Elise Posted May 7, 2012 ID:549448 Share Posted May 7, 2012 Please see if the following fixes it.CF-SCRIPT-------------We need to execute a CF-script.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:Firefox::FF - ProfilePath - c:\users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\FF - user.js: yahoo.ytff.general.dontshowhpoffer - trueSave this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Link to post Share on other sites More sharing options...
seychelles82 Posted May 7, 2012 Author ID:549457 Share Posted May 7, 2012 Okay, here's the CF log:ComboFix 12-05-06.03 - ange_t 05/07/2012 9:16.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4835 [GMT -7:00]Running from: c:\users\ange_t\Desktop\ComboFix.exeCommand switches used :: c:\users\ange_t\Desktop\CFScript.txtAV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))..2012-05-07 16:20 . 2012-05-07 16:20 -------- d-----w- c:\users\Ron\AppData\Local\temp2012-05-07 16:20 . 2012-05-07 16:20 -------- d-----w- c:\users\Guest\AppData\Local\temp2012-05-07 16:20 . 2012-05-07 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp2012-05-05 23:57 . 2012-05-05 23:57 -------- d-----w- c:\users\ange_t\AppData\Roaming\Malwarebytes2012-05-05 23:57 . 2012-05-05 23:57 -------- d-----w- c:\programdata\Malwarebytes2012-05-05 23:57 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-05-05 23:57 . 2012-05-05 23:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-05-04 10:37 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8703ADF6-89BE-4D2D-8FD6-63BFE039FC81}\mpengine.dll2012-05-02 23:54 . 2012-05-02 23:54 -------- d-----w- c:\users\ange_t\AppData\Roaming\DailyMagic2012-05-02 23:54 . 2012-05-02 23:54 -------- d-----w- c:\programdata\DailyMagic2012-04-15 18:43 . 2012-04-15 18:43 -------- d-----w- c:\programdata\McAfee2012-04-15 18:43 . 2012-04-15 18:43 -------- d-----w- c:\program files (x86)\Common Files\Adobe2012-04-13 12:22 . 2012-05-05 23:29 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-04-11 02:26 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys2012-04-11 02:26 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll2012-04-11 02:26 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll2012-04-11 02:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll2012-04-11 02:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll2012-04-11 02:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2012-04-11 02:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-05-05 23:29 . 2011-06-10 02:26 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-02-23 17:18 . 2011-05-12 08:00 279656 ------w- c:\windows\system32\MpSigStub.exe2012-02-22 00:55 . 2012-02-22 00:55 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-02-17 06:38 . 2012-03-14 01:05 1031680 ----a-w- c:\windows\system32\rdpcore.dll2012-02-17 05:34 . 2012-03-14 01:05 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll2012-02-17 04:58 . 2012-03-14 01:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys2012-02-17 04:57 . 2012-03-14 01:05 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys2012-02-15 19:01 . 2012-02-15 19:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys2012-02-15 19:01 . 2012-02-15 19:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2012-02-10 06:36 . 2012-03-14 01:06 1544192 ----a-w- c:\windows\system32\DWrite.dll2012-02-10 05:38 . 2012-03-14 01:06 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll..((((((((((((((((((((((((((((( SnapShot@2012-05-06_19.45.07 ))))))))))))))))))))))))))))))))))))))))).+ 2011-05-05 05:06 . 2012-05-06 20:24 58698 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin- 2009-07-14 05:10 . 2012-05-06 05:07 35044 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2012-05-06 20:24 35044 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin+ 2011-05-05 06:03 . 2012-05-06 20:24 12578 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2514862649-4236670434-3941293867-1000_UserData.bin+ 2011-05-08 06:30 . 2012-05-06 20:21 4446 c:\windows\system32\wdi\ERCQueuedResolutions.dat+ 2011-05-19 23:45 . 2012-05-06 19:46 1512 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin- 2012-05-06 19:44 . 2012-05-06 19:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-05-07 16:24 . 2012-05-07 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat- 2012-05-06 19:44 . 2012-05-06 19:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2012-05-07 16:24 . 2012-05-07 16:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2011-05-06 21:52 . 2012-05-07 14:21 349042 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin- 2009-07-14 02:36 . 2012-05-06 05:09 628304 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2012-05-06 20:25 628304 c:\windows\system32\perfh009.dat- 2009-07-14 02:36 . 2012-05-06 05:09 108482 c:\windows\system32\perfc009.dat+ 2009-07-14 02:36 . 2012-05-06 20:25 108482 c:\windows\system32\perfc009.dat+ 2009-07-14 05:01 . 2012-05-07 16:20 390360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 05:01 . 2012-05-06 19:44 390360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2011-05-05 05:55 . 2012-05-07 16:20 48870124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2514862649-4236670434-3941293867-1000-8192.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424]"BackupNowEZtray"="c:\program files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe" [2010-09-17 577792]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]R3 HCW723x;Hauppauge WinTV 723x PCIe Card;c:\windows\system32\DRIVERS\HCW723x.sys [x]R3 HideMyIpSRV;HideMyIpSRV;c:\program files (x86)\Hide My IP\HideMyIpSrv.exe [2011-06-04 3249512]R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-05 17152]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2010-09-17 45312]S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-05-06 1128952]S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]S3 HpStkm01;USB Style Packet K + M Filter Driver;c:\windows\system32\DRIVERS\HpStkm01.SYS [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]..Contents of the 'Scheduled Tasks' folder.2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514862649-4236670434-3941293867-1000Core.job- c:\users\ange_t\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 05:16].2012-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514862649-4236670434-3941293867-1000UA.job- c:\users\ange_t\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 05:16].2012-04-07 c:\windows\Tasks\HPCeeScheduleForANGE_T-HP$.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15].2012-05-05 c:\windows\Tasks\HPCeeScheduleForange_t.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]..--------- x86-64 -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-28 167960]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-28 391704]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-28 418328]"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]"HP Input Device Main Program"="c:\program files\Hewlett-Packard\HP Wireless Deluxe Desktop Combo\TSR\xDaemon.exe" [2008-10-17 530432].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.firefox.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig#t_0..[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Avira\AntiVir Desktop\avguard.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Common Files\LightScribe\LSSrvc.exec:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2012-05-07 09:28:12 - machine was rebootedComboFix-quarantined-files.txt 2012-05-07 16:28ComboFix2.txt 2012-05-06 19:48.Pre-Run: 850,172,719,104 bytes freePost-Run: 850,099,585,024 bytes free.- - End Of File - - 1422E5D4AD68525F37F423F7004C1D5D Link to post Share on other sites More sharing options...
Elise Posted May 7, 2012 ID:549461 Share Posted May 7, 2012 Is the issue fixed now? If not, please run the following scan.OTL-----Please download OTL from one of the following mirrors:This is THE Mirror[*]Save it to your desktop.[*]Double click on the icon on your desktop.[*]Click the "Scan All Users" checkbox.[*]Push the button.[*]Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimized Link to post Share on other sites More sharing options...
seychelles82 Posted May 7, 2012 Author ID:549470 Share Posted May 7, 2012 Posting the logs separately since it's over character limit to post at once. Just wanted to say thanks, and sorry this is so time-consuming.OTL logOTL logfile created on: 5/7/2012 9:50:23 AM - Run 1OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\ange_t\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy5.91 Gb Total Physical Memory | 3.77 Gb Available Physical Memory | 63.80% Memory free11.82 Gb Paging File | 9.53 Gb Available in Paging File | 80.66% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 918.70 Gb Total Space | 791.83 Gb Free Space | 86.19% Space Free | Partition Type: NTFSDrive D: | 12.72 Gb Total Space | 1.56 Gb Free Space | 12.27% Space Free | Partition Type: NTFSComputer Name: ANGE_T-HP | User Name: ange_t | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - File not found --PRC - [2012/05/07 09:44:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\ange_t\Desktop\OTL.exePRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2012/03/17 17:03:54 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exePRC - [2011/07/06 11:12:47 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exePRC - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exePRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exePRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exePRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exePRC - [2010/10/05 07:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010/10/05 07:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2010/09/17 15:28:14 | 000,577,792 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exePRC - [2010/09/17 15:28:06 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exePRC - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exePRC - [2009/05/08 16:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exePRC - [2009/05/08 16:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exePRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exePRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exePRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exePRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exePRC - [2005/07/15 14:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe========== Modules (No Company Name) ==========MOD - [2012/05/05 16:29:31 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dllMOD - [2012/04/18 23:44:10 | 000,071,680 | ---- | M] () -- C:\Users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko11\WINNT_x86-msvc\SSSLauncher.dllMOD - [2012/03/17 17:03:54 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dllMOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exeMOD - [2009/02/19 17:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dllMOD - [2008/09/29 17:37:44 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll========== Win32 Services (SafeList) ==========SRV:64bit: - [2011/06/24 02:23:14 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)SRV:64bit: - [2010/08/05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)SRV - [2011/09/02 06:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)SRV - [2011/07/06 11:12:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)SRV - [2011/06/04 02:56:02 | 003,249,512 | ---- | M] (Hide My IP) [On_Demand | Stopped] -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)SRV - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)SRV - [2010/10/05 07:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®SRV - [2010/10/05 07:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®SRV - [2010/09/17 15:28:06 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)SRV - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2011/07/06 11:12:47 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)DRV:64bit: - [2011/07/06 11:12:47 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)DRV:64bit: - [2011/06/09 18:35:04 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)DRV:64bit: - [2011/05/25 17:50:58 | 001,843,712 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW723x.sys -- (HCW723x)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/01/27 16:57:14 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®DRV:64bit: - [2010/10/14 09:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®DRV:64bit: - [2010/09/13 06:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010/09/02 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2010/03/01 14:59:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cqcpu.sys -- (cqcpu)DRV:64bit: - [2010/03/01 14:59:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)DRV:64bit: - [2010/02/26 00:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)DRV:64bit: - [2009/09/11 17:18:28 | 000,032,768 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)DRV:64bit: - [2008/08/29 18:21:26 | 000,014,336 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpStkm01.sys -- (HpStkm01)DRV:64bit: - [2007/04/24 10:33:30 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125obex.sys -- (s125obex)DRV:64bit: - [2007/04/24 10:33:28 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mgmt.sys -- (s125mgmt) Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM)DRV:64bit: - [2007/04/24 10:33:26 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mdm.sys -- (s125mdm)DRV:64bit: - [2007/04/24 10:33:24 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125mdfl.sys -- (s125mdfl)DRV:64bit: - [2007/04/24 10:33:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)DRV - [2011/05/05 01:09:35 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {950FF3B3-89E4-40E4-A63C-7E06564A33E6}IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDFIE:64bit: - HKLM\..\SearchScopes\{950FF3B3-89E4-40E4-A63C-7E06564A33E6}: "URL" = http://www.google.co...ge={startPage};IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDFIE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=DesktopsIE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDFIE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDFIE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=DesktopsIE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBoxIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.firefox.com/IE - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\..\SearchScopes,DefaultScope = {950FF3B3-89E4-40E4-A63C-7E06564A33E6}IE - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...hTerms}&locale=IE - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDFIE - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}IE - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\..\SearchScopes\{950FF3B3-89E4-40E4-A63C-7E06564A33E6}: "URL" = http://www.google.co...&rlz=1I7TSHB_enIE - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDFIE - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}IE - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=DesktopsIE - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "bing"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://www.google.com/ig#t_0"FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ange_t\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ange_t\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/17 17:03:54 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/15 11:43:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/04/01 23:42:07 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins[2011/05/05 00:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ange_t\AppData\Roaming\Mozilla\Extensions[2012/05/01 19:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\extensions[2012/05/01 13:16:31 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}[2012/04/02 18:33:20 | 000,000,000 | ---D | M] (Liquid Words) -- C:\Users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}[2012/03/04 12:19:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}[2012/03/30 16:50:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}[2012/04/23 10:04:36 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}[2012/03/01 01:54:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}[2011/05/06 19:15:52 | 000,002,884 | ---- | M] () -- C:\Users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\searchplugins\hyperwords.xml[2012/04/02 18:33:23 | 000,002,888 | ---- | M] () -- C:\Users\ange_t\AppData\Roaming\Mozilla\Firefox\Profiles\2ogcqy5a.default\searchplugins\liquid-words.xml[2011/12/28 19:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012/02/13 20:44:01 | 000,142,743 | ---- | M] () (No name found) -- C:\USERS\ANGE_T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OGCQY5A.DEFAULT\EXTENSIONS\{89F8DDE0-010A-11DA-8CD6-0800200C9A66}.XPI[2012/04/13 05:31:32 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\ANGE_T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OGCQY5A.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI[2012/01/01 10:59:28 | 000,078,602 | ---- | M] () (No name found) -- C:\USERS\ANGE_T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OGCQY5A.DEFAULT\EXTENSIONS\{AF79F858-4B25-4CA4-822B-B5DB1BE628FC}.XPI[2012/01/06 17:25:39 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ANGE_T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OGCQY5A.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI[2012/01/01 10:47:44 | 005,438,597 | ---- | M] () (No name found) -- C:\USERS\ANGE_T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OGCQY5A.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI[2011/07/19 17:15:57 | 000,237,596 | ---- | M] () (No name found) -- C:\USERS\ANGE_T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OGCQY5A.DEFAULT\EXTENSIONS\HOMO_NUDUS@LIVEJOURNAL.COM.XPI[2011/10/16 02:14:18 | 000,025,950 | ---- | M] () (No name found) -- C:\USERS\ANGE_T\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2OGCQY5A.DEFAULT\EXTENSIONS\PBUPLOAD@PHOTOBUCKET.COM.XPI[2012/03/17 17:03:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2012/02/11 13:43:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2012/01/23 20:19:11 | 000,002,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bingober10903658.xml[2012/01/23 17:47:06 | 000,002,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bingober1779300.xml[2012/02/11 13:43:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\ange_t\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ange_t\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\ange_t\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllCHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLCHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dllCHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dllCHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Google Update (Enabled) = C:\Users\ange_t\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dllCHR - Extension: Google Translate = C:\Users\ange_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\CHR - Extension: Angry Birds = C:\Users\ange_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\ange_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.4_0\CHR - Extension: X-notifier (Gmail, Hotmail, Yahoo, AOL ...) = C:\Users\ange_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\apebebenniibdlpbookhgelaghfnaonp\1.0.5_0\CHR - Extension: WOT = C:\Users\ange_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.13_0\CHR - Extension: Adblock Plus (Beta) = C:\Users\ange_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\CHR - Extension: Google Search = C:\Users\ange_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Dark atmosphere = C:\Users\ange_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpikgkkfdoabncoileilaglepbpdhek\1.0_0\CHR - Extension: LiveJournal Extension = C:\Users\ange_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmfgnboikinlhnaomlhalipemjbmfgi\2.5.10_0\CHR - Extension: Poppit = C:\Users\ange_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\CHR - Extension: Bitdefender QuickScan = C:\Users\ange_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\CHR - Extension: Gmail = C:\Users\ange_t\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2012/05/07 09:24:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O3 - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [HP Input Device Main Program] C:\Program Files\Hewlett-Packard\HP Wireless Deluxe Desktop Combo\TSR\xDaemon.exe ()O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)O4 - HKLM..\Run: [backupNowEZtray] C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)O4 - HKLM..\Run: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\..Trusted Domains: localhost ([]http in Local intranet)O15 - HKU\S-1-5-21-2514862649-4236670434-3941293867-1000\..Trusted Ranges: GD ([http] in Local intranet)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CA92BFD-59FF-446F-887B-70B8A1DB7D8B}: DhcpNameServer = 192.168.0.1O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\gopher - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/05/07 09:44:30 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\ange_t\Desktop\OTL.exe[2012/05/07 09:28:14 | 000,000,000 | ---D | C] -- C:\Windows\temp[2012/05/07 09:24:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN[2012/05/07 07:52:15 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ange_t\Desktop\TDSSKiller.exe[2012/05/06 12:37:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2012/05/06 12:37:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2012/05/06 12:37:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2012/05/06 12:37:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2012/05/06 12:37:44 | 000,000,000 | ---D | C] -- C:\Qoobox[2012/05/06 12:35:34 | 004,485,787 | R--- | C] (Swearware) -- C:\Users\ange_t\Desktop\ComboFix.exe[2012/05/05 19:06:37 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\ange_t\Desktop\dds.com[2012/05/05 16:57:27 | 000,000,000 | ---D | C] -- C:\Users\ange_t\AppData\Roaming\Malwarebytes[2012/05/05 16:57:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2012/05/05 16:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/05/05 16:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2012/05/05 16:57:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2012/05/05 16:46:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\ange_t\Desktop\HijackThis.exe[2012/05/02 16:54:15 | 000,000,000 | ---D | C] -- C:\Users\ange_t\AppData\Roaming\DailyMagic[2012/05/02 16:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DailyMagic[2012/04/15 11:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee[2012/04/15 11:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe[2012/04/15 11:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe[2012/04/15 11:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe[2012/04/13 05:22:16 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2012/04/10 19:28:45 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2012/04/10 19:28:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2012/04/10 19:28:44 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2012/04/10 19:28:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2012/04/10 19:28:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2012/04/10 19:28:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll[2012/04/10 19:28:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll[2012/04/10 19:28:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2012/04/10 19:28:43 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl[2012/04/10 19:28:43 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl[2012/04/10 19:28:43 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2012/04/10 19:28:36 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe[2012/04/10 19:28:36 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe[2012/04/10 19:28:36 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe[2012/04/10 19:26:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll[2012/04/10 19:26:00 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys[2012/04/10 19:25:59 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll[2012/04/07 22:57:40 | 000,000,000 | ---D | C] -- C:\Users\ange_t\AppData\Local\{C7ABEC35-5843-40A8-90E0-494B0151A30D}[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/05/07 09:44:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\ange_t\Desktop\OTL.exe[2012/05/07 09:37:55 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/05/07 09:37:55 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/05/07 09:35:12 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/05/07 09:35:12 | 000,628,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/05/07 09:35:12 | 000,108,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/05/07 09:30:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/05/07 09:30:28 | 463,364,095 | -HS- | M] () -- C:\hiberfil.sys[2012/05/07 09:24:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2012/05/07 09:21:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2514862649-4236670434-3941293867-1000UA.job[2012/05/07 07:50:51 | 002,055,783 | ---- | M] () -- C:\Users\ange_t\Desktop\tdsskiller.zip[2012/05/06 22:21:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2514862649-4236670434-3941293867-1000Core.job[2012/05/06 12:35:32 | 004,485,787 | R--- | M] (Swearware) -- C:\Users\ange_t\Desktop\ComboFix.exe[2012/05/06 01:08:22 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat[2012/05/06 01:08:22 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat[2012/05/05 19:06:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\ange_t\Desktop\dds.com[2012/05/05 16:57:20 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/05/05 16:46:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\ange_t\Desktop\HijackThis.exe[2012/05/05 16:29:31 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2012/05/05 16:29:31 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2012/05/05 16:28:02 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForange_t.job[2012/05/04 03:35:27 | 000,002,411 | ---- | M] () -- C:\Users\ange_t\Desktop\Google Chrome.lnk[2012/05/04 03:35:27 | 000,002,121 | ---- | M] () -- C:\Users\ange_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2012/05/02 16:52:20 | 000,001,326 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk[2012/05/02 10:00:04 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ange_t\Desktop\TDSSKiller.exe[2012/04/15 11:43:25 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[2012/04/07 16:25:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForANGE_T-HP$.job[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]========== Files Created - No Company Name ==========[2012/05/07 07:50:55 | 002,055,783 | ---- | C] () -- C:\Users\ange_t\Desktop\tdsskiller.zip[2012/05/06 12:37:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2012/05/06 12:37:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2012/05/06 12:37:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2012/05/06 12:37:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2012/05/06 12:37:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2012/05/05 16:57:20 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/05/02 16:52:20 | 000,001,326 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk[2012/04/15 11:43:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk[2012/04/15 11:43:25 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[2011/06/12 15:13:22 | 000,001,854 | ---- | C] () -- C:\Users\ange_t\AppData\Roaming\GhostObjGAFix.xml[2011/05/15 21:37:51 | 000,000,898 | ---- | C] () -- C:\Program Files (x86)\Windows Easy Transfer.lnk[2011/05/14 13:15:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL[2011/05/14 13:14:01 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll[2011/05/14 13:01:42 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI[2011/05/08 01:09:05 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat[2011/05/08 01:09:05 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat[2011/04/28 12:58:55 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[2011/04/28 12:06:20 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll[2011/01/27 16:55:22 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2011/01/27 16:55:22 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2010/09/21 10:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL========== Alternate Data Streams ==========@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:639F0420@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:2CDA7452@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:AFC732F7@Alternate Data Stream - 244 bytes -> C:\ProgramData\Temp:ED2D63E4@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:93F3E4C9@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:C76CFF82@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:852F2262@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:54380FEC@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:B6E6C4EA@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:D6D084A5@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:A9223B61@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:737160C1@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:1B389835@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:85C3B823@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:2BC498A4@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:B3606FCC@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:BD34FFC5@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:E91ADC66@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:6F1F66C0@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:72A1B66A@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:4673E9EA@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:260575F1@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E92B63EF@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:84C34762@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:319D783D@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:D5C2DDAE@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:B6E58523@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:6A9CA6CB@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:9C3AAD57@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DB4758C6@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:AABECEFB@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:025DF3DE@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:2F70C0B4@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CBAB74CB@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:754E278B@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9F38BF31@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:79875988@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:62AF94A0@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4A8EB1C4@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:05670151@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:FD11E093@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:F610C203@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E8B61305@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D026A5A4@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:5E73E1C2@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:095AB0B3@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:F56BE392@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C178954A@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:491270B8@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:207C4C79@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0785072C@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:FC70A22A@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:F5B51004@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:53EC0FE9@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:012BC84F@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5164A01F@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:14B2E0BD@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0BACBDD9@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A4E7D25F@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:8B79243A@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:89CC3B44@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:884C7316@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:2D133896@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:D51F4BAE@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B6D84F71@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:1234ADAE@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:F135A76C@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:BE0654D6@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:A4AF8D0D@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:22D489B6@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:0ED1C542@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:FB71A279@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:EE198B1F@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C37283B5@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:BD0A043E@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4AC7B5C1@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:ECF3C50F@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:6294B369@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1416AAA6@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:ED0B32CA@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:DC7EDF41@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:CBAF0C30@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:70BDB805@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:DBC3D477@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A6F30843@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4C31986D@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A53FFC56@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:943971F5@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:6ECE93A8@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5A9F1AE5@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2E636DD9@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2B40A7DB@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2AF322BF@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:04B1A0AC@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:65C4D44A@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:65B8AF94@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:4CD3F344@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2A874675@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:B4258C5D@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:9FD757A9@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:038F4577@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FCBEDCFD@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D999FFD5@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:BECA50FF@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:697DDE2B@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:12258D63@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:F5D01D7C@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B36361EE@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A9562832@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6896CCCE@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:59465B40@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1B96CF22@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:FB4262DE@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:5133A494@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4244811A@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:02CC0035@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:F26F5952@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:7DC5D762@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:ED2998F5@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C78DADEA@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5A2E8BBF@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:553A851E@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:27974442@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:26499772@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CC6A54A8@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:B3C7433B@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:76463A36@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:1E942FB9@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6A0A47E7@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:5E8C18F1@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:56FBA78D@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1B7E2022@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:EC3A9923@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:85376176@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:774C075A@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:474022C7@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:206470A5@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:E2CFA9CD@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:678C1866@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:20EB6823@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:DC0B1070@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:BEF18713@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:A6D89509@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F33C37D5@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E6CDFB4A@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:89A5891E@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:6CF828C2@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4F8B72C9@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2979C892@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:DA5888A7@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:8C6D2EC3@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:E3615992@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:C3C72D5F@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:1604D047@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:E0888117@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BCFEA004@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:3595B780@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:AD2DB2F9@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:45912F61@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DBEF355E@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:A3E39C6A< End of report > Link to post Share on other sites More sharing options...
seychelles82 Posted May 7, 2012 Author ID:549472 Share Posted May 7, 2012 Extras logOTL Extras logfile created on: 5/7/2012 9:50:23 AM - Run 1OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\ange_t\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy5.91 Gb Total Physical Memory | 3.77 Gb Available Physical Memory | 63.80% Memory free11.82 Gb Paging File | 9.53 Gb Available in Paging File | 80.66% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 918.70 Gb Total Space | 791.83 Gb Free Space | 86.19% Space Free | Partition Type: NTFSDrive D: | 12.72 Gb Total Space | 1.56 Gb Free Space | 12.27% Space Free | Partition Type: NTFSComputer Name: ANGE_T-HP | User Name: ange_t | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)[HKEY_USERS\S-1-5-21-2514862649-4236670434-3941293867-1000\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0BD0439A-32BE-45D9-9A03-E1E6731414E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{1342C5D7-5F48-4BF4-B911-C70DF9BE1634}" = lport=2869 | protocol=6 | dir=in | app=system |"{15DE4F69-C372-4F1D-9479-9AE66B121342}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |"{1E911A1B-5CB8-4B03-9DB1-2E309238EA88}" = lport=137 | protocol=17 | dir=in | app=system |"{232BC11E-57F8-4161-8325-AD02467B5ECB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{25006926-5FA4-4536-B30C-59416D35BC37}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |"{25E644E7-7709-4D2E-9C99-EBA90808A976}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{332FC65F-8625-48DF-A0AA-15745939B8F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{43C109DE-10D5-4B6D-BB67-C6AD498F00D8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |"{4598CA1E-AB9E-4A93-B82E-D2A214C23F04}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{4A8C56E5-FD3E-45F0-9CB1-E46DD4FCC9B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |"{70ACC380-8E5E-4DD7-9F34-D56E3A6F9FBE}" = lport=10243 | protocol=6 | dir=in | app=system |"{7D898E8E-ECD3-45FB-8520-0488845BE521}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{83EEDFBE-DBEE-4C7E-9441-48184F77D6D5}" = lport=138 | protocol=17 | dir=in | app=system |"{8A3992B4-F3C8-47A0-8986-91C31D70C726}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{910073A7-E8F7-4183-BDD3-0CAC7628906E}" = lport=139 | protocol=6 | dir=in | app=system |"{910DDCF5-952F-4A4C-A060-2D20B552913E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |"{96EF1DB8-C627-4027-81F9-D97A1316C796}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{9C605D67-FFD7-42F0-8B2A-EB8F4B8F4691}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{B0F861A9-8025-49F7-ACD9-DFBF84A6BDBD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{B2245307-9373-4AB8-AC6D-BD013E6DC47B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{B69205FF-0832-4EB5-833E-33E07C44A303}" = rport=139 | protocol=6 | dir=out | app=system |"{BD503801-D446-487D-91AB-B34AC6464377}" = rport=137 | protocol=17 | dir=out | app=system |"{C8B10C30-4AA8-4E96-B367-2152FD17DB09}" = rport=445 | protocol=6 | dir=out | app=system |"{CCCD557B-56AB-4078-9B00-6F042F361C26}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |"{CED33EDA-EFD6-4F4B-BBC2-0D589D0382AE}" = rport=10243 | protocol=6 | dir=out | app=system |"{D1AF6D90-77F2-4770-B53C-A0215590399A}" = lport=445 | protocol=6 | dir=in | app=system |"{D9F8CD60-8301-406C-B427-51D60AC72EB2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{DACCB072-DCC5-4D23-9D26-DBD32183D69B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |"{DC6311DC-97D0-41D2-86D8-88ED116078C1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |"{E964D7B3-8D04-41DC-8DAD-E6992D39BC6C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{F4981083-E228-446C-94A6-3DBE4F8C2885}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{F70DEB6E-013B-44BD-A3FB-F309E408C38F}" = rport=138 | protocol=17 | dir=out | app=system |"{F8402A2B-C13D-4A89-B2C0-A062B8366156}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0240D6B3-2C4A-4A77-AEF4-7F015577AE4A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{067C9194-D0B5-4F03-9948-4DDDDBA0C722}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |"{06D820B1-4EC3-4E80-8A69-03D8DE5F401B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{06DFD80D-8AAD-453A-BF66-F9D368F2289E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{0D11F0EF-D27C-473C-AEB7-3BA99820A9C2}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |"{0EBD02D8-2313-4EEE-9965-8C92C36F9F69}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{29C931CA-B7E5-4E0A-927B-9A71A7FD1171}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |"{2FF00C43-FD1A-4D98-A376-5E1EFA41DF32}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |"{3FAAD9D0-2B58-4B69-8C78-94004A2CE7D4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |"{42E04CF6-BABC-40DA-916C-06E05FBE2037}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{43BCE35A-F56E-4B81-B284-AA271090F077}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |"{4D796980-B46E-4C1F-B57A-0770E4E744A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{56B3B582-076E-4D49-B0AC-5513E1440437}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |"{72680A1A-7691-4B03-843C-AF8698098111}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |"{766DE5EF-4080-4644-8F59-B487797E585E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{7CEEA0FD-0BE7-4639-9A32-49F79125BB97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |"{7D45FA36-D850-4BEF-9D23-64909BC1E438}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{8836BBD7-7DE9-48C7-BADB-A23AA9A7B46A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{887658F0-0611-4753-BC97-AEE963CBAF08}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{8AED2685-80C7-408E-BBE0-8F463C5C2C18}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |"{8B652BDC-576B-428C-A094-5E852B8029D8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |"{8FCE2E65-5174-4A7C-B8DC-24927521E37A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |"{92F76087-8670-4188-BC17-C447A2B1CC99}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{934B0EB7-04E1-4491-BD16-BD4AEEDF9CA7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{94451723-B264-4B7B-B2AB-C49FA67BC3D4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |"{956885B7-70E5-4AE2-8E6D-2604064EB9F3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{9C43F73C-2A1F-4CD6-AAF3-D76042B098AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{A688E47F-3D55-49B3-992A-ED6CFFE711C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{A70A2A3A-D567-4EEF-AB40-ADB81EC6AF28}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{B7DEB100-E51D-4464-B4C8-0AF9AD0D9067}" = protocol=6 | dir=out | app=system |"{C78CC532-C6B7-4949-94CE-D656C9F8B959}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{CEE71F45-2A5A-4036-A4E3-92C6EAF642F6}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |"{E92027FF-07EB-452B-B3D9-3D68171B4C5D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |"{EB4865FB-0FEA-4A91-8DCB-DFF5FB52F05C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{EBC20EEB-4645-4346-AC77-9C2B5670D752}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{EC58650C-A739-4A8F-ABDF-BFAB175092A3}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |"{F3F9B099-D993-4943-9EC5-2556AD5B7151}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{F59D7009-5581-421A-BD6D-BD23DA52329F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |"{F6AABAC0-CB07-462B-B675-9D129D309818}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"TCP Query User{0C02403E-C60A-4680-8773-65F57F742904}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |"TCP Query User{1E17EEA2-8624-468B-BB77-73EF0E289658}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |"TCP Query User{9865E0B6-23E7-4FBA-9EFA-42D87F94D7DD}C:\users\ange_t\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ange_t\appdata\roaming\spotify\spotify.exe |"TCP Query User{DF2C2165-BF0D-49EB-B3D6-605FA3860E0E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |"UDP Query User{69345036-A8A7-4D6F-BCB9-6EEDBE3E1115}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |"UDP Query User{7A990DB5-D38B-4F08-AC23-BB9BE7DFAF55}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |"UDP Query User{7B7E97EF-345C-4C40-A74A-B530C9B04E7E}C:\users\ange_t\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ange_t\appdata\roaming\spotify\spotify.exe |"UDP Query User{BD7AC362-8A3C-4714-BA0A-B044ED70A1B9}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit"CCleaner" = CCleaner"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"WinRAR archiver" = WinRAR 4.01 (64-bit)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD"{B6264E4A-3233-46BB-A0D3-B2968AEF11F2}" = HP Wireless Deluxe Desktop Combo"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX"Adobe AIR" = Adobe AIR"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus"BFGC" = Big Fish Games: Game Manager"BFG-Dark Parables - The Exiled Prince" = Dark Parables: The Exiled Prince"BFG-Fairway" = Fairway™"BFG-Fairway Solitaire" = Fairway Solitaire"BFG-Haunted Legends - The Bronze Horseman" = Haunted Legends: The Bronze Horseman"BFG-Hidden Mysteries - Civil War" = Hidden Mysteries ®: Civil War"BFG-Maestro - Music of Death Collector's Edition" = Maestro: Music of Death Collector's Edition"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity ™"BFG-Midnight Mysteries - Devil on the Mississippi Collector's Edition" = Midnight Mysteries: Devil on the Mississippi Collector's Edition"BFG-Midnight Mysteries - Salem Witch Trials" = Midnight Mysteries: Salem Witch Trials"BFG-Midnight Mysteries - The Edgar Allan Poe Conspiracy" = Midnight Mysteries: The Edgar Allan Poe Conspiracy"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville ™"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ®"BFG-PuppetShow - Lost Town Collector's Edition" = PuppetShow: Lost Town Collector's Edition"BFG-PuppetShow - Mystery of Joyville" = PuppetShow: Mystery of Joyville ™"BFG-Redrum" = Redrum ™"BFG-Shades of Death - Royal Blood" = Shades of Death: Royal Blood"BFG-Shadow Wolf Mysteries - Curse of the Full Moon" = Shadow Wolf Mysteries: Curse of the Full Moon"BFG-The Fool" = The Fool"BFG-Timeless - The Forgotten Town" = Timeless: The Forgotten Town"CameraUserGuide-PSSD1400IS_IXUS130" = Canon PowerShot SD1400 IS_IXUS 130 Camera User Guide"CameraWindowDC8" = Canon Utilities CameraWindow DC 8"CameraWindowLauncher" = Canon Utilities CameraWindow"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX"Canon MOV Decoder" = Canon MOV Decoder"Canon MOV Encoder" = Canon MOV Encoder"Canon MP530 User Registration" = Canon MP530 User Registration"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint"HMIP50_is1" = Hide My IP 5.3"HP Remote Solution" = HP Remote Solution"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video"Kobo" = Kobo"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)"MP Navigator 2.2" = Canon MP Navigator 2.2"MyCamera" = Canon Utilities MyCamera"Office14.SingleImage" = Microsoft Office Home and Student 2010"PDF Complete" = PDF Complete Special Edition"Personal Printing Guide" = Canon Personal Printing Guide"PhotoStitch" = Canon Utilities PhotoStitch"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide"Spotify" = Spotify"VLC media player" = VLC media player 1.1.11"WildTangent hp Master Uninstall" = HP Games"WildTangent wildgames Master Uninstall" = WildTangent Games"WinLiveSuite" = Windows Live Essentials"WT087328" = Blackhawk Striker 2"WT087330" = Bounce Symphony"WT087335" = Build-a-lot 2"WT087343" = Dora's World Adventure"WT087360" = Escape Rosecliff Island"WT087361" = FATE"WT087362" = Final Drive Nitro"WT087372" = Heroes of Hellas 2 - Olympia"WT087379" = Jewel Quest Solitaire 2"WT087394" = Penguins!"WT087395" = Poker Superstars III"WT087396" = Polar Bowler"WT087397" = Polar Golfer"WT087414" = Virtual Families"WT087415" = Wheel of Fortune 2"WT087428" = Bejeweled 2 Deluxe"WT087453" = Chuzzle Deluxe"WT087501" = Plants vs. Zombies"WT087533" = Zuma Deluxe"WT087536" = Diner Dash 2 Restaurant Rescue"WT089307" = Virtual Villagers 4 - The Tree of Life"WT089308" = Blasterball 3"WT089328" = Farm Frenzy"WT089359" = Cake Mania"WT089362" = Agatha Christie - Peril at End House"Yahoo! Software Update" = Yahoo! Software Update"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-2514862649-4236670434-3941293867-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Google Chrome" = Google Chrome"HuluDesktop" = Hulu Desktop"Spotify" = Spotify========== Last 10 Event Log Errors ==========Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!< End of report > Link to post Share on other sites More sharing options...
Elise Posted May 7, 2012 ID:549476 Share Posted May 7, 2012 I see no malware here and the only line that could cause firefox to use Bing instead of Google is the following. Please test after running the following fix.OTL FIX------------We need to run an OTL FixPlease reopen on your desktop.Copy and Paste the following code into the textbox.:otlFF - prefs.js..browser.search.defaultenginename: "bing":commands[emptytemp]Push OTL may ask to reboot the machine. Please do so if asked.Click the OK button.A report will open. Copy and Paste that report in your next reply. Link to post Share on other sites More sharing options...
seychelles82 Posted May 7, 2012 Author ID:549497 Share Posted May 7, 2012 Good news, Bing no longer defaults. But I now can't search in the Firefox address bar, it'll take me to a website for whatever word I'm searching for. Is there anyway to fix that? Thanks again!New OTL log:All processes killed========== OTL ==========Prefs.js: "bing" removed from browser.search.defaultenginename========== COMMANDS ==========[EMPTYTEMP]User: All UsersUser: ange_t->Temp folder emptied: 1164 bytes->Temporary Internet Files folder emptied: 33170 bytes->FireFox cache emptied: 14719536 bytes->Google Chrome cache emptied: 16301066 bytes->Flash cache emptied: 775 bytesUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Guest->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Public->Temp folder emptied: 0 bytesUser: Ron->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->FireFox cache emptied: 0 bytes->Flash cache emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 0 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 30.00 mbOTL by OldTimer - Version 3.2.42.3 log created on 05072012_112953Files\Folders moved on Reboot...C:\Users\ange_t\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Elise Posted May 7, 2012 ID:549513 Share Posted May 7, 2012 Try to reset it in Firefox's options (make Google the default search engine).ESET ONLINE SCANNER----------------------------I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technology[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.[*]When the scan completes, click List Threats[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.[*]Click the Back button.[*]Click the Finish button. Link to post Share on other sites More sharing options...
seychelles82 Posted May 7, 2012 Author ID:549574 Share Posted May 7, 2012 Okay, I was able to reset my browser to Google, Again, thanks so much! Here is the ESET scan report:C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantinedC:\ProTech\$Recycle.Bin\S-1-5-21-163032249-342608523-1316385479-1000\$RW717FC.exe Win32/OpenCandy application deleted - quarantined Link to post Share on other sites More sharing options...
Elise Posted May 8, 2012 ID:549663 Share Posted May 8, 2012 Glad to hear that! ALL CLEAN--------------Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean Please do the following to remove the remaining programs from your PC:Delete the tools used during the disinfection:Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.Please read these advices, in order to prevent reinfecting your PC:Install and update the following programs regularly:an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.A comprehensive tutorial and a list of possible firewalls can be found here.an AntiVirus SoftwareIt is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.an Anti-Spyware programMalware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.SUPERAntiSpyware is another good scanner with high detection and removal rates.Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.Spyware BlasterA tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.[*]Keep Windows (and your other Microsoft software) up to date!I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!![*]Keep your other software up to date as wellSoftware does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.[*]Stay up to date!The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.Some more links you might find of interest:Miekies' prevention suggestionsSo How did I get infected?Microsoft - 'Security at home'Calendar of Updates: See which updates have been released.How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.osalt: Find (free) open source alternatives to known commercial software.Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards. Link to post Share on other sites More sharing options...
seychelles82 Posted May 8, 2012 Author ID:549727 Share Posted May 8, 2012 Thanks, and just one last question - I'm assuming the opencandy.exe was some type of malware?Thanks again! Link to post Share on other sites More sharing options...
Elise Posted May 8, 2012 ID:549735 Share Posted May 8, 2012 You are most welcome. Opencandy is an advertising component that comes with many freeware/shareware applications. Its pretty harmless but is detected usually by ESET.If you have no other questions I will request this topic to be closed. Link to post Share on other sites More sharing options...
Maurice Naggar Posted May 8, 2012 ID:549754 Share Posted May 8, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts