Dylanjunk Posted September 3, 2012 ID:593220 Share Posted September 3, 2012 well my brother was downloading some stuff and when i got on i discovered he had gotten a virus. i know one is the whitesmoke toolbar and search... there is another that when ever i end internet explorer in the task manager it makes the desktop icons disappear. also the JAVA is wanting to update but no longer from java but a different company i cant remember the name of. so please help!dds.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1Run by Jack_xmas at 15:21:43 on 2012-09-03Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1643.488 [GMT -5:00].AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exeC:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exeC:\Windows\Explorer.EXEC:\Windows\system32\Dwm.exeC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files (x86)\Java\jre7\bin\javaw.exeC:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exeC:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exeC:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://search.babylon.com/?affID=113959&tt=201208_mnt_n_3412_4&babsrc=HP_ss&mntrId=4afc20730000000000009439e52cdd9buURLSearchHooks: H - No FilemWinlogon: Userinit=userinit.exeBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dllBHO: {625F420E-A4A9-4B40-BC23-716C1C43893A} - No FileBHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLLBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - C:\Users\Jack_xmas\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRunOnce: [Playbryte Data Uninstall] cmd /C rd /Q /S "C:\Users\Jack_xmas\AppData\LocalLow\Playbryte"mRunOnce: [Playbryte Progam Files Data Uninstall] cmd /C rd /Q /S "C:\Program Files (x86)\Playbryte"StartupFolder: C:\Users\Jack_xmas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RuneScapeQuickLoader.jarmPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{7495D5AB-F08A-4DD7-B8B0-86E1FB9CDB14} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{DE1064D6-CCFE-41A2-9BD6-730336B0D3B7} : DhcpNameServer = 192.168.2.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dllBHO-X64: Norton Identity Protection - No FileBHO-X64: {625F420E-A4A9-4B40-BC23-716C1C43893A} - No FileBHO-X64: BHO_PROJECT - No FileBHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLLBHO-X64: Norton Vulnerability Protection - No FileBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO-X64: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Jack_xmas\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dllBHO-X64: DefaultTabBHO - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllTB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dllTB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exemRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRunOnce-x64: [Playbryte Data Uninstall] cmd /C rd /Q /S "C:\Users\Jack_xmas\AppData\LocalLow\Playbryte"mRunOnce-x64: [Playbryte Progam Files Data Uninstall] cmd /C rd /Q /S "C:\Program Files (x86)\Playbryte"IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys [2011-9-1 1143416]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSviA64.sys [2011-9-1 488056]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-1 98208]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-6-16 103992]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-1 1817088]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-30 138760]R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-15 136176]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-2 250568]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-15 136176]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-09-02 20:53:40 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{22931EF8-406C-45BC-8ED1-2690EDECF24F}\mpengine.dll2012-09-02 20:38:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-09-02 20:38:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-09-02 20:19:00 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-08-27 01:26:17 -------- d-----w- C:\Program Files (x86)\Playbryte2012-08-27 01:25:26 -------- d-----w- C:\Program Files (x86)\Bucksbee Loyalty Plugin - 1008152012-08-27 01:24:40 -------- d-----w- C:\ProgramData\Tarma Installer2012-08-27 01:23:57 -------- d-----w- C:\Users\Jack_xmas\AppData\Local\CRE2012-08-27 01:22:02 -------- d-----w- C:\Users\Jack_xmas\AppData\Local\CrashDumps2012-08-27 01:16:35 -------- d-----w- C:\extensions2012-08-27 01:16:07 -------- d-----w- C:\Program Files (x86)\OApps2012-08-27 01:15:22 -------- d-----w- C:\Users\Jack_xmas\AppData\Roaming\Babylon2012-08-27 01:15:22 -------- d-----w- C:\ProgramData\Babylon.==================== Find3M ====================.2012-09-02 20:19:00 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-07-06 03:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2012-07-06 03:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll.============= FINISH: 15:23:04.85 ===============attach.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 11/25/2011 4:15:16 PMSystem Uptime: 9/2/2012 10:01:07 PM (17 hours ago).Motherboard: Hewlett-Packard | | 3577Processor: AMD C-50 Processor | Socket FT1 | 800/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 214 GiB total, 179.378 GiB free.D: is FIXED (NTFS) - 15 GiB total, 1.624 GiB free.E: is FIXED (FAT32) - 4 GiB total, 1.084 GiB free.F: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP3: 11/30/2011 6:16:17 PM - Installed Light-O-Rama.RP4: 12/11/2011 10:43:55 AM - Scheduled CheckpointRP5: 12/19/2011 12:00:03 AM - Scheduled CheckpointRP6: 12/27/2011 - Scheduled CheckpointRP7: 7/14/2012 10:34:14 PM - Installed Java 7 Update 5RP8: 7/14/2012 10:35:36 PM - Installed JavaFX 2.1.1RP9: 7/14/2012 11:26:37 PM - Windows UpdateRP10: 7/14/2012 11:43:57 PM - Windows UpdateRP11: 7/15/2012 3:00:11 AM - Windows UpdateRP12: 7/15/2012 2:05:34 PM - Windows UpdateRP13: 7/16/2012 8:10:04 AM - Windows UpdateRP14: 8/26/2012 8:22:39 PM - Windows UpdateRP15: 9/2/2012 3:22:56 PM - Windows UpdateRP16: 9/3/2012 9:51:00 AM - Removed BabylonObjectInstallerRP17: 9/3/2012 9:55:45 AM - Removed BabylonObjectInstallerRP18: 9/3/2012 9:56:35 AM - Removed BabylonObjectInstallerRP19: 9/3/2012 10:02:13 AM - Removed BabylonObjectInstaller.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Reader X MUIAdobe Shockwave Player 11.5Agatha Christie - Peril at End HouseAMD VISION Engine Control CenterBabylonObjectInstallerBejeweled 3Bing BarBlackhawk Striker 2Blasterball 3BlioBounce SymphonyCake ManiaCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization AllCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishChronicles of AlbianChuzzle DeluxeCompaq Setup ManagerCradle of Rome 2CyberLink YouCamD3DX10ESU for Microsoft Windows 7 SP1Evernote v. 4.2.3Farm FrenzyFATEGoogle ChromeGoogle Update HelperGovernor of Poker 2 Premium EditionHewlett-Packard ACLM.NET v1.1.1.0HP Customer Experience EnhancementsHP DocumentationHP GamesHP MovieStoreHP On Screen DisplayHP Power ManagerHP Quick LaunchHP QuickWebHP SetupHP Software FrameworkHP Support AssistantJava Auto UpdaterJava 7 Update 5JavaFX 2.1.1Jewel Quest: The Sleepless Star - Collector's EditionJunk Mail filter updateLight-O-RamaMah Jong MedleyMesh RuntimeMicrosoft Office 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft WSE 3.0 RuntimeMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Mystery of Mortlake MansionNamco All-Stars: PAC-MANNorton Internet SecurityPenguins!Plants vs. Zombies - Game of the YearPlayReady PC Runtime x86Poker Superstars IIIPolar BowlerPolar GolferRalink RT5390 802.11b/g/n WiFi AdapterRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek PCIE Card ReaderRecovery ManagerRoxioNow PlayerSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Slingo SupremeUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update Installer for WildTangent Games AppVacation Quest - The Hawaiian IslandsVirtual Villagers 5 - New BelieversWildTangent Games App (HP Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesZuma Deluxe.==== Event Viewer Messages From Past Week ========.9/2/2012 10:02:17 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted September 4, 2012 ID:593393 Share Posted September 4, 2012 Hello Dylanjunk and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Step 1Please download AdwCleaner from here and save it on your Desktop. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Step 2Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 3Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply In your next reply, post the following log files:AdwCleaner logMalwarebytes' Anti-Malware logaswMBR loga new fresh DDS log Link to post Share on other sites More sharing options...
Dylanjunk Posted September 4, 2012 Author ID:593591 Share Posted September 4, 2012 .DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1Run by Jack_xmas at 18:35:21 on 2012-09-04Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1643.600 [GMT -5:00].AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exeC:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Java\jre7\bin\javaw.exeC:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exeC:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exeC:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://search.babylon.com/?affID=113959&tt=201208_mnt_n_3412_4&babsrc=HP_ss&mntrId=4afc20730000000000009439e52cdd9buURLSearchHooks: H - No FilemWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dllBHO: {625F420E-A4A9-4B40-BC23-716C1C43893A} - No FileBHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLLBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - C:\Users\Jack_xmas\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllTB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\Jack_xmas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RuneScapeQuickLoader.jarmPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{7495D5AB-F08A-4DD7-B8B0-86E1FB9CDB14} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{DE1064D6-CCFE-41A2-9BD6-730336B0D3B7} : DhcpNameServer = 192.168.2.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dllBHO-X64: Norton Identity Protection - No FileBHO-X64: {625F420E-A4A9-4B40-BC23-716C1C43893A} - No FileBHO-X64: BHO_PROJECT - No FileBHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLLBHO-X64: Norton Vulnerability Protection - No FileBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO-X64: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Jack_xmas\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dllBHO-X64: DefaultTabBHO - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllTB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dllTB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exemRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys [2011-9-1 1143416]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSviA64.sys [2011-9-1 488056]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-1 98208]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-6-16 103992]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-1 1817088]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-30 138760]R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-15 136176]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-2 250568]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-15 136176]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-09-04 21:19:38 -------- d-----w- C:\Users\Jack_xmas\AppData\Roaming\Malwarebytes2012-09-04 21:19:16 -------- d-----w- C:\ProgramData\Malwarebytes2012-09-04 21:19:14 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-09-04 21:19:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-09-04 21:18:04 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C36DE50-A683-44F7-86DF-AF37E2482651}\mpengine.dll2012-09-02 20:38:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-09-02 20:38:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-09-02 20:19:00 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-08-27 01:25:26 -------- d-----w- C:\Program Files (x86)\Bucksbee Loyalty Plugin - 1008152012-08-27 01:24:40 -------- d-----w- C:\ProgramData\Tarma Installer2012-08-27 01:23:57 -------- d-----w- C:\Users\Jack_xmas\AppData\Local\CRE2012-08-27 01:22:02 -------- d-----w- C:\Users\Jack_xmas\AppData\Local\CrashDumps2012-08-27 01:16:35 -------- d-----w- C:\extensions2012-08-27 01:16:07 -------- d-----w- C:\Program Files (x86)\OApps2012-08-27 01:15:22 -------- d-----w- C:\Users\Jack_xmas\AppData\Roaming\Babylon2012-08-27 01:15:22 -------- d-----w- C:\ProgramData\Babylon.==================== Find3M ====================.2012-09-02 20:19:00 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-07-06 03:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2012-07-06 03:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe.============= FINISH: 18:37:16.32 ===============Malwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.09.04.10Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Jack_xmas :: JACK_XMAS-HP [administrator]9/4/2012 4:21:12 PMmbam-log-2012-09-04 (16-21-12).txtScan type: Full scan (C:\|D:\|E:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 297055Time elapsed: 47 minute(s), 21 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 1HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2C:\Users\Jack_xmas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMU0WYGX\slender_setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.C:\Users\Jack_xmas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V4S2W31H\vfd-adk[1] (Rootkit.Agent) -> Quarantined and deleted successfully.(end)aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-09-04 17:11:15-----------------------------17:11:15.090 OS Version: Windows x64 6.1.7601 Service Pack 117:11:15.091 Number of processors: 2 586 0x10017:11:15.094 ComputerName: JACK_XMAS-HP UserName: Jack_xmas17:11:18.129 Initialize success17:11:26.208 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a17:11:26.224 Disk 0 Vendor: Hitachi_ ESBO Size: 238475MB BusType: 1117:11:26.255 Disk 0 MBR read successfully17:11:26.271 Disk 0 MBR scan17:11:26.271 Disk 0 Windows 7 default MBR code17:11:26.286 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 204817:11:26.318 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 219245 MB offset 40960017:11:26.349 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14966 MB offset 44942336017:11:26.380 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4063 MB offset 48007372817:11:26.411 Disk 0 scanning C:\Windows\system32\drivers17:11:34.738 Service scanning17:12:00.572 Modules scanning17:12:00.588 Disk 0 trace - called modules:17:12:00.666 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys 17:12:01.110 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002507060]17:12:01.130 3 CLASSPNP.SYS[fffff88001bb243f] -> nt!IofCallDriver -> [0xfffffa80023f28c0]17:12:01.151 5 amd_xata.sys[fffff88001067a1d] -> nt!IofCallDriver -> [0xfffffa8001419c20]17:12:01.166 7 ACPI.sys[fffff88000f8e7a1] -> nt!IofCallDriver -> \Device\0000006a[0xfffffa80023ed060]17:12:01.183 Scan finished successfully17:12:12.323 Disk 0 MBR has been saved successfully to "C:\Users\Jack_xmas\Desktop\MBR.dat"17:12:12.341 The log file has been saved successfully to "C:\Users\Jack_xmas\Desktop\aswMBR.txt"# AdwCleaner v2.000 - Logfile created 09/04/2012 at 16:16:16# Updated 30/08/2012 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Jack_xmas - JACK_XMAS-HP# Boot Mode : Normal# Running from : C:\Users\Jack_xmas\Downloads\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****File Found : C:\user.jsFolder Found : C:\ProgramData\BabylonFolder Found : C:\ProgramData\Tarma InstallerFolder Found : C:\Users\Jack_xmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejifFolder Found : C:\Users\Jack_xmas\AppData\LocalLow\BabylonToolbarFolder Found : C:\Users\Jack_xmas\AppData\LocalLow\ConduitFolder Found : C:\Users\Jack_xmas\AppData\Roaming\BabylonFolder Found : C:\Users\Jack_xmas\Documents\ShopToWin***** [Registry] *****Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\FreecauseKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Default TabKey Found : HKCU\Software\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejifKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45ea-9B2F-F3E9F02692BD}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Found : HKLM\Software\BabylonKey Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Found : HKLM\Software\Default TabKey Found : HKLM\Software\DefaultTabKey Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcbKey Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejifKey Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedlKey Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Found : HKLM\SOFTWARE\Tarma InstallerKey Found : HKU\S-1-5-21-112536004-2524165583-180252259-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Found : HKU\S-1-5-21-112536004-2524165583-180252259-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16421[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=113959&tt=201208_mnt_n_3412_4&babsrc=HP_ss&mntrId=4afc20730000000000009439e52cdd9b-\\ Google Chrome v [unable to get version]File : C:\Users\Jack_xmas\AppData\Local\Google\Chrome\User Data\Default\PreferencesFound [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48",Found [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ]Found [l.39] : icon_url = "hxxp://search.conduit.com/fav.ico",Found [l.42] : keyword = "search.conduit.com",Found [l.45] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149",Found [l.46] : suggest_url = "hxxp://search.conduit.com/"Found [l.1332] : homepage = "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48",Found [l.1489] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ]*************************AdwCleaner[R1].txt - [3910 octets] - [04/09/2012 16:16:16]########## EOF - C:\AdwCleaner[R1].txt - [3970 octets] ##########the java virus and the whitesmoke are still there. the java virus is from the company oracle america.. if that helps at all. Link to post Share on other sites More sharing options...
Maniac Posted September 5, 2012 ID:593718 Share Posted September 5, 2012 the java virus is from the company oracle america.. if that helps at all. Yes, it helped to establish that this is the original Java software (from Oracle), but is old version so I will take care for it.Step 1Please re-run AdwCleanerClick on Delete button.Confirm each time with OK.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Step 2 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.Upgrading Java :Please download JavaRa to your desktop and unzip it to its own folderRun JavaRa.exe, then click Remove JRE.Run the built-in uninstallers for all copies of java listedClick the Next buttonClick the Next button againClick the Java Manual Download linkA browser window will open with the Java download pageClick the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your system's version)Run the installerClose JavaRaStep 3Download TFC to your desktopOpen the file and close any other windows.It will close all programs itself when run, make sure to let it run uninterrupted.Click the Start button to begin the process. The program should not take long to finish its jobOnce its finished it should reboot your machine, if not, do this yourself to ensure a complete cleanIn your next reply, post the following log files:AdwCleaner logJavaRa loga new fresh DDS log Link to post Share on other sites More sharing options...
Dylanjunk Posted September 7, 2012 Author ID:594278 Share Posted September 7, 2012 the javara log wont save or open. even when i tell it to make a new file it still wont. white smoke is gone now and it is running much smoother the TFC cleared 681 MB which surprises me.# AdwCleaner v2.000 - Logfile created 09/06/2012 at 19:36:32# Updated 30/08/2012 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Jack_xmas - JACK_XMAS-HP# Boot Mode : Normal# Running from : C:\Users\Jack_xmas\Downloads\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****File Deleted : C:\user.jsFolder Deleted : C:\ProgramData\BabylonFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\Users\Jack_xmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejifFolder Deleted : C:\Users\Jack_xmas\AppData\LocalLow\BabylonToolbarFolder Deleted : C:\Users\Jack_xmas\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Jack_xmas\AppData\Roaming\BabylonFolder Deleted : C:\Users\Jack_xmas\Documents\ShopToWin***** [Registry] *****Key Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\FreecauseKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Default TabKey Deleted : HKCU\Software\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejifKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45ea-9B2F-F3E9F02692BD}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLM\Software\BabylonKey Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}Key Deleted : HKLM\Software\Default TabKey Deleted : HKLM\Software\DefaultTabKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcbKey Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejifKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLM\SOFTWARE\Tarma Installer***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16421Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=113959&tt=201208_mnt_n_3412_4&babsrc=HP_ss&mntrId=4afc20730000000000009439e52cdd9b --> hxxp://www.google.com-\\ Google Chrome v [unable to get version]File : C:\Users\Jack_xmas\AppData\Local\Google\Chrome\User Data\Default\PreferencesDeleted [l.11] : homepage = "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48",Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ]Deleted [l.39] : icon_url = "hxxp://search.conduit.com/fav.ico",Deleted [l.42] : keyword = "search.conduit.com",Deleted [l.45] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149",Deleted [l.46] : suggest_url = "hxxp://search.conduit.com/"Deleted [l.1332] : homepage = "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48",Deleted [l.1489] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ]*************************AdwCleaner[R1].txt - [4031 octets] - [04/09/2012 16:16:16]AdwCleaner[s1].txt - [4138 octets] - [06/09/2012 19:36:32]########## EOF - C:\AdwCleaner[s1].txt - [4198 octets] ##########.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Jack_xmas at 20:27:58 on 2012-09-06Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1643.741 [GMT -5:00].AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files\Realtek\Audio\HDA\AERTSr64.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exeC:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exeC:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exeC:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\msiexec.exeC:\Windows\System32\svchost.exe -k swprvC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.comuURLSearchHooks: H - No FilemWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dllBHO: {625F420E-A4A9-4B40-BC23-716C1C43893A} - No FileBHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLLBHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - C:\Users\Jack_xmas\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeStartupFolder: C:\Users\Jack_xmas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RuneScapeQuickLoader.jarmPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{7495D5AB-F08A-4DD7-B8B0-86E1FB9CDB14} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{DE1064D6-CCFE-41A2-9BD6-730336B0D3B7} : DhcpNameServer = 192.168.2.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dllBHO-X64: Norton Identity Protection - No FileBHO-X64: {625F420E-A4A9-4B40-BC23-716C1C43893A} - No FileBHO-X64: BHO_PROJECT - No FileBHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLLBHO-X64: Norton Vulnerability Protection - No FileBHO-X64: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Jack_xmas\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dllBHO-X64: DefaultTabBHO - No FileBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dllTB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeIE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [?]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [?]R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys [2011-9-1 1143416]R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [?]R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSviA64.sys [2011-9-1 488056]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [?]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-1 98208]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-6-16 103992]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-1 1817088]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe [2011-11-30 138760]R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-15 136176]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-2 250568]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-15 136176]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-09-07 01:23:54 916456 ----a-w- C:\Windows\System32\deployJava1.dll2012-09-07 01:23:54 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll2012-09-07 01:23:35 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2012-09-07 00:42:54 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94DAA34A-0730-43EF-AEC7-4E6678898292}\mpengine.dll2012-09-04 21:19:38 -------- d-----w- C:\Users\Jack_xmas\AppData\Roaming\Malwarebytes2012-09-04 21:19:16 -------- d-----w- C:\ProgramData\Malwarebytes2012-09-04 21:19:14 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-09-04 21:19:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-09-02 20:38:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-09-02 20:38:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-09-02 20:19:00 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-08-27 01:25:26 -------- d-----w- C:\Program Files (x86)\Bucksbee Loyalty Plugin - 1008152012-08-27 01:23:57 -------- d-----w- C:\Users\Jack_xmas\AppData\Local\CRE2012-08-27 01:22:02 -------- d-----w- C:\Users\Jack_xmas\AppData\Local\CrashDumps2012-08-27 01:16:35 -------- d-----w- C:\extensions2012-08-27 01:16:07 -------- d-----w- C:\Program Files (x86)\OApps.==================== Find3M ====================.2012-09-07 00:54:19 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2012-09-07 00:54:19 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-09-02 20:19:00 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe.============= FINISH: 20:29:29.74 =============== Link to post Share on other sites More sharing options...
Maniac Posted September 7, 2012 ID:594545 Share Posted September 7, 2012 Good to know that, but still there are some unwanted toolbars.Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic. Link to post Share on other sites More sharing options...
Dylanjunk Posted September 7, 2012 Author ID:594565 Share Posted September 7, 2012 OTL logfile created on: 9/7/2012 4:25:32 PM - Run 1OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Jack_xmas\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1.60 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 47.48% Memory free3.21 Gb Paging File | 1.99 Gb Available in Paging File | 62.11% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 214.11 Gb Total Space | 179.23 Gb Free Space | 83.71% Space Free | Partition Type: NTFSDrive D: | 14.62 Gb Total Space | 1.62 Gb Free Space | 11.11% Space Free | Partition Type: NTFSDrive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.38% Space Free | Partition Type: FAT32Computer Name: JACK_XMAS-HP | User Name: Jack_xmas | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/09/07 16:24:38 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Jack_xmas\Downloads\OTL.exePRC - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exePRC - [2011/06/28 04:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exePRC - [2011/06/16 19:03:42 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exePRC - [2011/06/15 19:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exePRC - [2011/06/14 16:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exePRC - [2011/06/14 16:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exePRC - [2011/06/13 18:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exePRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEPRC - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exePRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe========== Modules (No Company Name) ==========MOD - [2012/07/16 11:55:07 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dllMOD - [2012/07/16 11:48:44 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dllMOD - [2012/07/16 11:48:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dllMOD - [2011/08/08 23:45:11 | 000,877,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll========== Services (SafeList) ==========SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)SRV:64bit: - [2011/07/06 02:08:26 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2011/07/05 13:27:04 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/11/17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2012/09/02 15:19:01 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)SRV - [2011/06/21 17:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)SRV - [2011/06/16 19:03:42 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)SRV - [2011/06/14 16:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)SRV - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/09/26 19:38:11 | 001,084,024 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symefa64.sys -- (SymEFA)DRV:64bit: - [2011/09/01 21:35:58 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)DRV:64bit: - [2011/08/08 23:00:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/08/08 23:00:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/08/08 18:38:05 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ccsetx64.sys -- (ccSet_NIS)DRV:64bit: - [2011/08/02 21:22:10 | 000,729,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtsp64.sys -- (SRTSP)DRV:64bit: - [2011/08/02 21:22:10 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\srtspx64.sys -- (SRTSPX)DRV:64bit: - [2011/07/25 21:18:39 | 000,401,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symnets.sys -- (SymNetS)DRV:64bit: - [2011/07/25 21:15:52 | 000,189,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\ironx64.sys -- (SymIRON)DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)DRV:64bit: - [2011/07/06 02:50:28 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2011/07/06 01:32:20 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2011/06/09 21:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2011/05/16 15:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1302000.00A\symds64.sys -- (SymDS)DRV:64bit: - [2011/04/19 13:32:50 | 001,488,448 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)DRV:64bit: - [2011/04/16 05:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)DRV:64bit: - [2011/04/16 05:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)DRV:64bit: - [2011/03/18 14:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)DRV:64bit: - [2011/03/18 14:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)DRV:64bit: - [2011/03/05 02:16:00 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2011/02/15 13:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)DRV:64bit: - [2010/11/29 19:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2011/05/18 20:00:00 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110519.002\EX64.SYS -- (NAVEX15)DRV - [2011/05/18 20:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20110519.002\ENG64.SYS -- (NAVENG)DRV - [2011/05/13 11:51:58 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSviA64.sys -- (IDSVia64)DRV - [2011/05/13 11:50:48 | 001,143,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys -- (BHDrvx64)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{3B16AFAC-00F8-41B3-99CA-AFD91DF9A317}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDFIE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{3B16AFAC-00F8-41B3-99CA-AFD91DF9A317}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDFIE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1IE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\..\URLSearchHook: - No CLSID value foundIE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBoxIE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\..\SearchScopes\{36F20B29-151A-438B-84B5-9A88BFFC7133}: "URL" = http://www.mysearchresults.com/search?&c=4200&t=11&q={searchTerms}IE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\..\SearchScopes\{3B16AFAC-00F8-41B3-99CA-AFD91DF9A317}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}IE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDFIE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}IE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}IE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2011/12/12 10:14:07 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2012/09/06 20:06:09 | 000,000,000 | ---D | M][2012/08/26 20:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions========== Chrome ==========CHR - default_search_provider: Conduit (Enabled)CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149'>http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149CHR - default_search_provider: suggest_url = http://search.conduit.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dllCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dllCHR - plugin: Norton Confidential (Enabled) = C:\Users\Jack_xmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\npcoplgn.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dllCHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllCHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dllCHR - Extension: Norton Identity Protection = C:\Users\Jack_xmas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)O2 - BHO: (no name) - {625F420E-A4A9-4B40-BC23-716C1C43893A} - No CLSID value found.O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Jack_xmas\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not foundO2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)O3 - HKU\S-1-5-21-112536004-2524165583-180252259-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Jack_xmas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RuneScapeQuickLoader.jar ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7495D5AB-F08A-4DD7-B8B0-86E1FB9CDB14}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE1064D6-CCFE-41A2-9BD6-730336B0D3B7}: DhcpNameServer = 192.168.2.1O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2012/09/06 20:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Java[2012/09/06 19:57:03 | 000,000,000 | ---D | C] -- C:\Users\Jack_xmas\Desktop\New folder[2012/09/04 16:19:38 | 000,000,000 | ---D | C] -- C:\Users\Jack_xmas\AppData\Roaming\Malwarebytes[2012/09/04 16:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2012/09/04 16:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2012/09/04 16:19:14 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2012/09/04 16:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2012/09/02 15:18:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed[2012/08/26 20:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815[2012/08/26 20:23:57 | 000,000,000 | ---D | C] -- C:\Users\Jack_xmas\AppData\Local\CRE[2012/08/26 20:22:02 | 000,000,000 | ---D | C] -- C:\Users\Jack_xmas\AppData\Local\CrashDumps[2012/08/26 20:16:35 | 000,000,000 | ---D | C] -- C:\extensions[2012/08/26 20:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OApps[2012/08/26 20:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox========== Files - Modified Within 30 Days ==========[2012/09/07 16:30:18 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2012/09/07 16:24:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/09/07 16:24:21 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2012/09/07 16:24:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2012/09/06 20:11:34 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2012/09/06 20:11:34 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2012/09/06 20:09:32 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2012/09/06 20:09:32 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2012/09/06 20:09:32 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2012/09/06 20:03:42 | 1292,034,048 | -HS- | M] () -- C:\hiberfil.sys[2012/09/06 19:42:53 | 000,002,699 | ---- | M] () -- C:\Users\Jack_xmas\Desktop\Deutsch.lng[2012/09/04 17:12:12 | 000,000,512 | ---- | M] () -- C:\Users\Jack_xmas\Desktop\MBR.dat[2012/09/04 16:25:13 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2012/09/04 16:19:20 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/09/02 22:01:59 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2012/08/26 20:24:21 | 000,000,009 | ---- | M] () -- C:\END========== Files Created - No Company Name ==========[2012/09/04 17:12:12 | 000,000,512 | ---- | C] () -- C:\Users\Jack_xmas\Desktop\MBR.dat[2012/09/04 16:19:20 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2012/09/02 15:19:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2012/08/26 20:24:21 | 000,000,009 | ---- | C] () -- C:\END[2012/07/14 22:37:23 | 000,000,016 | ---- | C] () -- C:\Users\Jack_xmas\.critauthority.dat[2011/09/01 21:24:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[2011/09/01 21:13:59 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat[2011/07/05 13:47:06 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll[2011/06/09 21:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll[2011/05/13 09:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL[2011/03/18 04:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat========== LOP Check ==========[2012/09/06 19:35:13 | 000,000,000 | ---D | M] -- C:\Users\Jack_xmas\AppData\Roaming\godzHell[2011/11/25 17:22:13 | 000,000,000 | ---D | M] -- C:\Users\Jack_xmas\AppData\Roaming\Synaptics[2009/07/14 00:08:49 | 000,009,106 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==========< End of report >OTL Extras logfile created on: 9/7/2012 4:25:32 PM - Run 1OTL by OldTimer - Version 3.2.61.1 Folder = C:\Users\Jack_xmas\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1.60 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 47.48% Memory free3.21 Gb Paging File | 1.99 Gb Available in Paging File | 62.11% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 214.11 Gb Total Space | 179.23 Gb Free Space | 83.71% Space Free | Partition Type: NTFSDrive D: | 14.62 Gb Total Space | 1.62 Gb Free Space | 11.11% Space Free | Partition Type: NTFSDrive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.38% Space Free | Partition Type: FAT32Computer Name: JACK_XMAS-HP | User Name: Jack_xmas | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)[HKEY_USERS\S-1-5-21-112536004-2524165583-180252259-1001\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0========== Authorized Applications List ==================== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{06D64F51-1E72-4DB9-93ED-2BBE70544A51}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{07E20158-8A99-4C10-B38F-CF63728F0268}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0C24E3C0-42D3-4C3C-BA78-D5FB4C23F609}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{18962F61-0D64-4741-833E-4F804A86B1E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{24083101-D3D2-42B2-A301-9B59B51C003C}" = lport=445 | protocol=6 | dir=in | app=system | "{338D5DF8-2232-4822-AB55-FB6E7A0EF3B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4725F601-E5D5-4C33-AC50-5B6842D0F940}" = lport=139 | protocol=6 | dir=in | app=system | "{509E36C9-76A1-4430-BEDF-D1993E0207F3}" = rport=445 | protocol=6 | dir=out | app=system | "{530C7DAE-9936-4DDD-B314-3CCD2A1263F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{553D5853-CA7A-42D2-9E26-2278F9B9D0C2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5D54AD67-E337-4106-83B0-A1DAB330CCA8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{68FDDEB4-1637-427A-8BB4-479651278B5D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{79DF37DD-DE03-44C9-9A51-D8E9A5DBA39F}" = rport=10243 | protocol=6 | dir=out | app=system | "{8144E63D-2590-4219-ACDE-B3B1EE632949}" = lport=10243 | protocol=6 | dir=in | app=system | "{963BB8C5-A145-41EF-8DF7-2F81E4218623}" = lport=137 | protocol=17 | dir=in | app=system | "{99DA3130-4150-4162-BDF5-F1E6D4312906}" = rport=137 | protocol=17 | dir=out | app=system | "{9B2673A5-6EB6-4BBA-A7E1-A0C59F6ACC28}" = lport=2869 | protocol=6 | dir=in | app=system | "{B89EC462-A76B-4F14-8F67-0C4FC3286268}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F00998A0-1031-4CF5-A6F5-3D45BF6A94DD}" = lport=138 | protocol=17 | dir=in | app=system | "{F42E5080-37E7-4869-8897-8EE8F808E2B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F81275B2-146B-4271-9505-C46BCC6FA4B8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FBE4DBA4-2E8E-4F88-ACB5-0CD25F2D7EA7}" = rport=138 | protocol=17 | dir=out | app=system | "{FDC39D28-7BF2-4B87-B70B-83584EF60CCE}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0DDA6E98-E2A6-495E-9D6F-47AD924C9881}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{1254D2B8-E268-468A-90ED-FBCE987957CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1AF26E96-9383-498A-87F6-0FC95A5CBC2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2520B914-6504-47E7-A090-757E8740E293}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{2CB4F8B0-4185-4CE6-8F21-D9DDD2A898F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2E77F85C-BF7C-4CC2-A7DF-C46C3B00A85C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{30A5F8E5-D1F4-444E-A1EC-F7D92CC18720}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | "{4FA59D4B-D7C1-454D-87F7-C1A9A9D73C25}" = protocol=6 | dir=out | app=system | "{53D0F711-5858-49A4-A527-EC688C6F67EE}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | "{566D7CB2-7B2C-470F-A3E2-07DA5566529A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{59F57ADB-68F1-4A91-A88B-2FD1F0FDBEB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6AAE0F52-6F17-4D54-B111-B5A792AC9D52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7059C0E3-C716-4955-8741-4D339D51803D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | "{7889874D-907F-40BE-B6F7-4FDC0145F70D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{83FFD6EF-E09B-480A-8E5A-E8D8E208B6E6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{92589284-1F64-4BE9-BB82-449013434DF5}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | "{95DE6282-2009-4B34-9396-A1FC6B3A1DEA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AE4B14CC-6B06-4D58-A858-7668E6459E4D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B80CE463-9DDC-4F40-BFB2-674C3C1E6838}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CB060236-7E7A-42EE-A17E-BEC2625877AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{D2E25034-8BEE-44C8-A27A-C7A47A55A732}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{D8DF0B95-77D9-4824-8D19-353A4BC80CD3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DC68CD4C-0132-4276-BAAE-E5378C47A57E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F23EEA43-E5BC-4B1E-B6E2-1C0B04319080}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F32B18FC-778D-42A9-82D2-0C17C6272C6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F575D9C0-FAD0-4BEF-A182-DC038F5B05B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{20F5EF3B-4D44-45D7-94A4-778038017560}C:\program files (x86)\light-o-rama\lorsequenceeditor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\light-o-rama\lorsequenceeditor.exe | "TCP Query User{9DD448A8-915A-48F7-9CC7-35E5AF33872B}C:\program files (x86)\light-o-rama\lorsequenceeditor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\light-o-rama\lorsequenceeditor.exe | "TCP Query User{AF6183FD-8282-45D3-A13C-9DC424E4A528}C:\program files (x86)\light-o-rama\lormonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\light-o-rama\lormonitor.exe | "TCP Query User{E5AF55CD-80EE-4572-963E-FBFF921F9415}C:\program files (x86)\light-o-rama\lormonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\light-o-rama\lormonitor.exe | "UDP Query User{257B57D4-181D-45EF-B6A1-CC69D43BD8B6}C:\program files (x86)\light-o-rama\lorsequenceeditor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\light-o-rama\lorsequenceeditor.exe | "UDP Query User{3A82BE84-AAA3-48F2-8ED9-6996E3BE27F6}C:\program files (x86)\light-o-rama\lormonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\light-o-rama\lormonitor.exe | "UDP Query User{66DDDEC9-117C-4355-9C4C-4142A729915D}C:\program files (x86)\light-o-rama\lormonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\light-o-rama\lormonitor.exe | "UDP Query User{737923AC-4851-4EF3-B969-DF8A4D996F4C}C:\program files (x86)\light-o-rama\lorsequenceeditor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\light-o-rama\lorsequenceeditor.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services"{48C46F0E-7B86-AC31-ACFC-2B40F1C90ACE}" = ccc-utility64"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime"{6153098B-60DB-6A9F-EA0F-B006A96B57D5}" = ATI Catalyst Install Manager"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box"{AADE02D5-DCBF-04C3-CD05-ABA83D28BC4A}" = AMD Fuel"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319"{DBA2849B-6C95-9FD2-7ACC-BF456F1958AA}" = AMD Media Foundation Decoders"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"SynTPDeinstKey" = Synaptics TouchPad Driver[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore"{15412249-0AFA-D2A1-E7E2-E57AE1A96781}" = CCC Help Swedish"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{19EAB36E-A979-0870-F58F-6F4F34017D29}" = CCC Help Chinese Traditional"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{2070F457-B044-FCEE-B6DA-CB2C12CD76A5}" = CCC Help German"{224CA902-F494-FD2A-4211-771454ED464B}" = CCC Help English"{252FC4D1-4056-7237-6B19-4C66D0CF45A9}" = CCC Help Dutch"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3BE2E4AA-C164-FEB5-6C82-BBBC90C88915}" = CCC Help Hungarian"{44D822AA-DA6D-1915-4B64-60D06AE613CE}" = CCC Help Danish"{4A917E5E-2567-C01E-7F41-AF09DAE523A1}" = AMD VISION Engine Control Center"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup"{5377D0E6-0B77-5C94-A3F8-2A7C0E5791A1}" = CCC Help French"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5FE625A7-E8D6-2E41-4693-F6AC6310C467}" = CCC Help Polish"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation"{6F076041-F337-5F67-75E7-6C1324D43EC6}" = CCC Help Japanese"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{7FA82763-D04B-A656-159B-BD8847176377}" = CCC Help Russian"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{955CB8C1-F5F9-B649-FC65-FD65F9EC0459}" = CCC Help Korean"{97E33108-2206-087B-9399-29F5201AAC98}" = CCC Help Portuguese"{9B3CC933-5EF7-A868-7B74-1A227394566E}" = CCC Help Finnish"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A1ACD45F-0D8E-0566-0EC0-530CDCD7E8F4}" = Catalyst Control Center Graphics Previews Common"{A3D1D38D-9C85-7BEB-5AC8-EC2D90E2882A}" = CCC Help Czech"{A440179F-D169-B9DA-B478-6CE97FDB3D4C}" = CCC Help Greek"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager"{B898ABBB-4723-84B5-04C4-32A15F9DBD48}" = CCC Help Chinese Standard"{B91459FD-63A9-71E3-68F1-82352B0892B3}" = Catalyst Control Center Localization All"{B976E52C-93A3-5CD1-FF67-658877850EDD}" = CCC Help Italian"{BB1C717E-376C-4AA1-8940-81BFC38D9778}" = HP Quick Launch"{BEDC570A-C947-D0C8-3014-A1EAA042779D}" = CCC Help Turkish"{BFD1ABD7-9417-41CB-B1F6-04BE4CB9820D}" = HP Software Framework"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader"{C2EE0EA6-826F-63EA-8751-E2F3714DBA40}" = CCC Help Thai"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D7670221-BF9B-4DFF-B26B-5BE55A87329F}" = HP On Screen Display"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime"{E5441D19-417C-8C34-3F31-CCBD563C946E}" = Catalyst Control Center InstallProxy"{E744BFEA-E027-441E-83A2-36202F661E31}" = Light-O-Rama"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1"{EA8CC2F2-BC30-141C-92B6-CC870B4B2977}" = CCC Help Spanish"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3"{F8FBF4C7-5ADA-66B1-6509-09E05C257963}" = CCC Help Norwegian"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Shockwave Player" = Adobe Shockwave Player 11.5"Google Chrome" = Google Chrome"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300"NIS" = Norton Internet Security"WildTangent hp Master Uninstall" = HP Games"WinLiveSuite" = Windows Live Essentials"WTA-01f56657-a518-46da-9f3a-13869c14972c" = Slingo Supreme"WTA-028cb45d-88b7-4a73-8972-bebd772e305d" = Governor of Poker 2 Premium Edition"WTA-15853f67-ff9a-43d4-82ba-1020d0af056d" = Zuma Deluxe"WTA-1bbf1ab4-860c-40d7-97a4-daffc14d1793" = Blackhawk Striker 2"WTA-2a780506-d4a6-4222-b135-b13fbe04a5af" = Vacation Quest - The Hawaiian Islands"WTA-2f1fea9a-1a16-4f47-9cf1-caafccca18f6" = Namco All-Stars: PAC-MAN"WTA-38df255c-c0d6-4d6e-a761-fd76bdb3c8eb" = Jewel Quest: The Sleepless Star - Collector's Edition"WTA-3ea4045b-7a72-42af-9e9c-86545de43de6" = Farm Frenzy"WTA-3f5344f6-9073-4d79-9f91-6249c52089f4" = Mah Jong Medley"WTA-3fbd1b6a-cb28-40a2-bcb3-083a95a731f0" = Plants vs. Zombies - Game of the Year"WTA-4233f013-469f-483b-a117-49e9327ddb66" = Blasterball 3"WTA-543c2727-a0b9-4621-9ec3-f9752f315510" = Poker Superstars III"WTA-56f0f831-0d10-43ac-adb6-8dc06426619d" = Bounce Symphony"WTA-7497ca49-a35f-41db-bb98-3591103c404e" = Chronicles of Albian"WTA-76cb86aa-d32e-465b-9201-60601d184921" = Polar Bowler"WTA-8367bcac-d225-41b5-8475-3f2573051da4" = Polar Golfer"WTA-8898f13a-b6de-4c19-84d4-d1bee1dceacf" = Mystery of Mortlake Mansion"WTA-8bfb1ab2-9994-44c9-a4e6-4fd5a92a5aff" = Penguins!"WTA-9fc0e47b-e236-4584-a199-b32a4a9a9fda" = Cradle of Rome 2"WTA-a307b701-1b38-4efe-b1ce-a986a50f5eb1" = Cake Mania"WTA-acded29b-e906-4839-8ece-fa7b19aaf0ab" = Virtual Villagers 5 - New Believers"WTA-ba152df7-7dc1-4e98-b67f-fc9888b85353" = FATE"WTA-cc128f2b-21e9-4403-9aa8-46b3e4ac752f" = Chuzzle Deluxe"WTA-e50c5ace-1225-4b32-a336-a5887a8876f9" = Agatha Christie - Peril at End House"WTA-f6fc44d2-2ce2-4682-a2cb-02954a585536" = Bejeweled 3========== Last 20 Event Log Errors ==========[ Hewlett-Packard Events ]Error - 8/26/2012 9:29:59 PM | Computer Name = Jack_xmas-HP | Source = HPSF.exe | ID = 4000Description = Error - 9/2/2012 4:55:14 PM | Computer Name = Jack_xmas-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.Detect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.Detect() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 1642 Ram Utilization: 70 TargetSite: Void Detect() [ System Events ]Error - 12/4/2011 7:06:33 PM | Computer Name = Jack_xmas-HP | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPClientSvc service.Error - 12/6/2011 11:24:20 PM | Computer Name = Jack_xmas-HP | Source = NetBT | ID = 4321Description = The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.10. The computer with the IP address 192.168.2.16 did not allow the name to be claimed by this computer.Error - 12/12/2011 11:11:27 AM | Computer Name = Jack_xmas-HP | Source = DCOM | ID = 10010Description = Error - 1/2/2012 3:23:05 PM | Computer Name = Jack_xmas-HP | Source = DCOM | ID = 10010Description = Error - 7/15/2012 4:19:00 AM | Computer Name = Jack_xmas-HP | Source = DCOM | ID = 10010Description = Error - 7/15/2012 4:27:06 AM | Computer Name = Jack_xmas-HP | Source = Service Control Manager | ID = 7023Description = The Windows Modules Installer service terminated with the following error: %%16405Error - 7/15/2012 3:05:26 PM | Computer Name = Jack_xmas-HP | Source = DCOM | ID = 10010Description = Error - 7/15/2012 7:28:27 PM | Computer Name = Jack_xmas-HP | Source = EventLog | ID = 6008Description = The previous system shutdown at 5:01:05 PM on ?7/?15/?2012 was unexpected.Error - 7/16/2012 12:41:04 PM | Computer Name = Jack_xmas-HP | Source = EventLog | ID = 6008Description = The previous system shutdown at 11:38:37 AM on ?7/?16/?2012 was unexpected.Error - 7/16/2012 12:41:27 PM | Computer Name = Jack_xmas-HP | Source = Service Control Manager | ID = 7023Description = The AMD FUEL Service service terminated with the following error: %%21< End of report >i also have that search.conduit which im sure you know Link to post Share on other sites More sharing options...
Maniac Posted September 7, 2012 ID:594570 Share Posted September 7, 2012 Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the following:OTLIE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\..\URLSearchHook: - No CLSID value foundIE - HKU\S-1-5-21-112536004-2524165583-180252259-1001\..\SearchScopes\{36F20B29-151A-438B-84B5-9A88BFFC7133}: "URL" = http://www.mysearchresults.com/search?&c=4200&t=11&q={searchTerms}CHR - default_search_provider: Conduit (Enabled)CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149CHR - default_search_provider: suggest_url = http://search.conduit.com/O2 - BHO: (no name) - {625F420E-A4A9-4B40-BC23-716C1C43893A} - No CLSID value found.O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Jack_xmas\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found[2012/08/26 20:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815[2012/08/26 20:23:57 | 000,000,000 | ---D | C] -- C:\Users\Jack_xmas\AppData\Local\CRE:filesC:\Users\Jack_xmas\AppData\Roaming\DefaultTabipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]Then click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is donePlease post the OTL fix log in your next reply. Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 16, 2012 ID:597864 Share Posted September 16, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts