Jump to content

click.livesearch hijack, only effecting Chrome and Firefox


Recommended Posts

I am having problem removing this click.livesearch malware, whatever you call it.

I tried several methods to remove this mentioned in various forums but to no avail.

When I google, it keeps redirecting me to other sites via click.livesearch.

This problem only effect me when I am using Google on Chrome and Firefox. I've tired on IE and there was not problem.

I did not get a chance to try on Bing or Yahoo, but judging from other posts, I would have similar problem.

Several time, I thought I had it fix, but only after a few more Google searches, the problem returns.

The attached are the latest logs of several software I've tried using.

DDS, Malwarebytes, RogueKiller, and TDSSkiller.

I know ComboFix might be a solution, but I've read several warnings about using it so I am putting that off until I can get some more experts opinion.

I run a 64bit Window 7 operating system with Norton Internet Security as my primary protection.

Thank you for reading and helping.

I awaits your rescue.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_29

Run by Gary at 22:30:49 on 2012-12-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2143 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\atieclxx.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Gary\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Users\Gary\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_287_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.msn.com

uDefault_Page_URL = hxxp://www.msn.com

mStart Page = hxxp://www.msn.com

mDefault_Page_URL = hxxp://www.msn.com

mWinlogon: Userinit = userinit.exe,

BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [AdobeBridge] <no file>

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{DF8D4ACB-1FC1-40D6-853F-E81F66806F1B} : DHCPNameServer = 192.168.2.1

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://www.msn.com

x64-mDefault_Page_URL = hxxp://www.msn.com

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

x64-SSODL: WebCheck - <orphaned>

Hosts: 0.0.0.0 localhost

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\mq4w4elc.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

FF - ExtSQL: 2012-12-01 01:01; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn

FF - ExtSQL: 2012-12-08 20:35; crossriderapp4493@crossrider.com; C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\mq4w4elc.default\extensions\crossriderapp4493@crossrider.com

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-27 55280]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2012-12-1 451192]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2012-12-1 1129120]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-11-30 1384608]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2012-12-1 167072]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121205.001\IDSviA64.sys [2012-12-6 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2012-12-1 190072]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys [2012-12-1 405624]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-5 235520]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-12-1 138272]

R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-5-3 5716848]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-4-14 46136]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-12-1 138912]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-4-14 1327520]

R3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-5-3 13312]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-6 1432400]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-29 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2012-12-09 02:53:36 208216 ----a-w- C:\Windows\System32\drivers\02956053.sys

2012-12-09 01:35:22 -------- d-----w- C:\Users\Gary\AppData\Local\Coupon Companion

2012-12-09 01:35:21 -------- d-----w- C:\Program Files (x86)\Coupon Companion

2012-12-09 01:27:12 -------- d-----w- C:\Users\Gary\AppData\Local\NPE

2012-12-08 04:06:06 -------- d-----w- C:\Windows\pss

2012-12-05 05:47:43 -------- d-----w- C:\TDSSKiller_Quarantine

2012-12-05 05:19:52 -------- d-----w- C:\Users\Gary\AppData\Roaming\Malwarebytes

2012-12-05 05:19:39 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-05 05:19:39 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-05 05:19:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-04 02:31:20 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\FB70.tmp

2012-12-04 02:31:20 7168 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\FB5F.tmp

2012-12-03 05:24:04 -------- d-----w- C:\Users\Gary\AppData\Local\SCE

2012-12-03 05:24:04 -------- d-----w- C:\Crash

2012-12-03 05:24:02 -------- d-----w- C:\Users\Gary\AppData\Local\Sony Online Entertainment

2012-12-01 05:58:44 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtsp64.sys

2012-12-01 05:58:44 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys

2012-12-01 05:58:44 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys

2012-12-01 05:58:44 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtspx64.sys

2012-12-01 05:58:44 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys

2012-12-01 05:58:44 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys

2012-12-01 05:58:44 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys

2012-12-01 05:58:41 -------- d-----w- C:\Windows\System32\drivers\NISx64\1309000.009

2012-12-01 05:55:42 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-12-01 05:55:42 -------- d-----w- C:\Program Files\Symantec

2012-12-01 05:55:42 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2012-12-01 05:54:07 -------- d-----w- C:\Windows\System32\drivers\NISx64

2012-12-01 05:53:57 -------- d-----w- C:\Program Files (x86)\Norton Internet Security

2012-11-16 01:53:10 -------- d-----w- C:\Users\Gary\AppData\Local\Google

2012-11-16 01:52:50 -------- d-----w- C:\Users\Gary\AppData\Local\Apps

2012-11-16 01:52:49 -------- d-----w- C:\Users\Gary\AppData\Local\Deployment

2012-11-14 20:32:28 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-14 20:32:27 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2012-11-14 20:32:27 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-11-14 20:32:27 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-11-14 20:06:24 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2012-11-14 20:06:24 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2012-11-14 20:06:22 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2012-11-14 20:06:22 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2012-11-14 20:06:20 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2012-11-14 20:06:19 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2012-11-14 20:06:19 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2012-11-13 02:15:19 -------- d-----w- C:\Program Files (x86)\Atari

2012-11-13 02:11:50 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-11-13 02:11:50 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-11-13 02:11:50 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-11-13 02:11:50 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-11-13 02:11:50 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-11-13 02:11:49 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-11-13 02:11:49 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-11-10 01:47:14 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-11-10 01:46:30 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-11-10 01:46:30 -------- d-----w- C:\Program Files\iTunes

2012-11-10 01:46:30 -------- d-----w- C:\Program Files\iPod

2012-11-10 01:46:30 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M ====================

.

2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-09 03:03:52 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 03:03:52 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

.

============= FINISH: 22:31:50.89 ===============

dds-attach.txt

mbam-log-2012-12-08 (23-00-42).txt

Rkill.txt

RKreport10_S_12082012_02d2304.txt

TDSSkiller-report-12-9-2012.txt

Edited by Maurice Naggar
Link to post
Share on other sites

Hello Pillarofautumn and welcome to MalwareBytes forums.

Please only follow my guidance; do NOT run any more tools on your own. Also, while I am helping you, do not make any additions or changes to your system without first checking with me.

Secondly, do NOT use the "attach" feature to put your logs. ALWAYS Copy and Paste the contents directly into main body of reply.

Use as many separate replies as needed, if log is too big split it.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

We Need to Run a Batch Script

  1. Press the Windows-key on keyboard.
  2. In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    del /f /q C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\mq4w4elc.default\extensions\crossriderapp4493@crossrider.com
    del /f /q "%~f0"


  4. Select File -> Save AS.
  5. Press the Desktop button on the left side of the save dialog.
  6. In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  7. Press 10-16-2011%204-36-39%20PM.png.
  8. Close Notepad.
  9. Right click 10-16-2011%204-34-34%20PM.png on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  10. Press Yes if prompted by User Account Control.

Step 4

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Here they are

The contents of OTL.txt

OTL logfile created on: 12/11/2012 4:20:51 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gary\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.14% Memory free

8.00 Gb Paging File | 6.46 Gb Available in Paging File | 80.79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 506.46 Gb Free Space | 54.38% Space Free | Partition Type: NTFS

Drive E: | 7.40 Gb Total Space | 4.97 Gb Free Space | 67.13% Space Free | Partition Type: FAT32

Computer Name: ZETA-GAMEPC-M3 | User Name: Gary | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/11 16:08:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe

PRC - [2012/08/10 17:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Gary\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe

PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2009/06/02 16:05:37 | 000,356,352 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/10/06 13:21:47 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2011/12/05 22:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2011/12/05 22:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/11/15 10:08:10 | 005,716,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV:64bit: - [2009/08/10 15:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

SRV:64bit: - [2009/08/10 15:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/12/05 01:09:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/05 00:29:30 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/10/08 22:03:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)

SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/01 00:55:42 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS)

DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)

DRV:64bit: - [2012/04/17 21:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS)

DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/05 22:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/12/05 21:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/10/17 12:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)

DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/11 00:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)

DRV:64bit: - [2010/11/11 00:11:50 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)

DRV:64bit: - [2010/11/11 00:11:50 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2010/11/02 15:07:54 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2010/10/25 09:59:32 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2010/10/25 09:59:28 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2010/05/15 06:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2010/03/04 05:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012/12/08 21:09:32 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121208.007\ex64.sys -- (NAVEX15)

DRV - [2012/12/08 21:09:32 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121208.007\eng64.sys -- (NAVENG)

DRV - [2012/12/01 19:20:42 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/12/01 14:23:46 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/11/30 16:26:08 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121205.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/11/30 00:48:34 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/10/12 18:27:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/12/04 23:34:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/12/11 16:09:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 01:09:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/27 15:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Extensions

[2012/12/08 20:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\997i16yx.default-1354845891733\extensions

[2012/12/08 20:35:22 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\997i16yx.default-1354845891733\extensions\crossriderapp4493@crossrider.com

[2012/12/08 20:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\997i16yx.default-1354845891733\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode

[2012/12/08 22:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\mq4w4elc.default\extensions

[2012/11/22 12:15:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\mq4w4elc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/12/11 16:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\mq4w4elc.default\extensions\crossriderapp4493@crossrider.com

[2012/12/08 22:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\mq4w4elc.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode

[1633/02/03 05:09:14 | 000,004,839 | ---- | M] () (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\mq4w4elc.default\extensions\uuzlsscacl@uuzlsscacl.org.xpi

[2012/10/26 17:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/12/04 21:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions

[2012/12/04 21:58:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2012/12/05 01:09:03 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/08/30 14:55:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/19 15:21:36 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Google Drive = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Norton Identity Protection = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\

CHR - Extension: Coupon Companion = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\crossrider

CHR - Extension: Coupon Companion = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\

CHR - Extension: Gmail = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/10/12 22:10:55 | 000,002,002 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 0.0.0.0 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O2 - BHO: (Coupon Companion) - {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll (215 Apps)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Gary\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF8D4ACB-1FC1-40D6-853F-E81F66806F1B}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/10/06 13:04:54 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{10e8580f-2765-11e1-8417-f46d04980676}\Shell - "" = AutoRun

O33 - MountPoints2\{10e8580f-2765-11e1-8417-f46d04980676}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{5adf07b1-e7bb-11e1-85b9-f46d04980676}\Shell - "" = AutoRun

O33 - MountPoints2\{5adf07b1-e7bb-11e1-85b9-f46d04980676}\Shell\AutoRun\command - "" = E:\TLBootstrap_WPP.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/11 16:20:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe

[2012/12/11 16:13:52 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Registry back ups

[2012/12/11 16:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/12/11 16:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/12/08 23:11:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Misc

[2012/12/08 21:53:36 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\02956053.sys

[2012/12/08 20:35:44 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\RK_Quarantine

[2012/12/08 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Coupon Companion

[2012/12/08 20:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Companion

[2012/12/08 20:27:12 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\NPE

[2012/12/07 23:06:06 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/12/07 22:38:00 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\rkill

[2012/12/06 21:04:56 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Old Firefox Data

[2012/12/05 00:47:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/12/05 00:19:52 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Malwarebytes

[2012/12/05 00:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/12/05 00:19:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/12/05 00:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/12/05 00:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/12/04 21:22:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/12/03 22:08:13 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Skyrim possible mods

[2012/12/03 00:24:04 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\SCE

[2012/12/03 00:24:04 | 000,000,000 | ---D | C] -- C:\Crash

[2012/12/03 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Sony Online Entertainment

[2012/12/02 19:04:17 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Lego

[2012/12/02 18:43:54 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\Anne Hathaway

[2012/12/01 00:58:44 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys

[2012/12/01 00:58:44 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys

[2012/12/01 00:58:44 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys

[2012/12/01 00:58:44 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys

[2012/12/01 00:58:44 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys

[2012/12/01 00:58:44 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys

[2012/12/01 00:58:44 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys

[2012/12/01 00:58:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1309000.009

[2012/12/01 00:55:42 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/12/01 00:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2012/12/01 00:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2012/12/01 00:54:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64

[2012/12/01 00:53:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2012/12/01 00:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security

[2012/11/15 20:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/11/15 20:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/11/15 20:53:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Google

[2012/11/15 20:52:50 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Apps

[2012/11/15 20:52:49 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Deployment

[2012/11/14 15:32:27 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys

[2012/11/14 15:32:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll

[2012/11/14 15:08:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/11/14 15:08:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/11/14 15:08:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/11/14 15:08:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/11/14 15:08:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/11/14 15:08:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/11/14 15:08:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/11/14 15:08:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/11/14 15:08:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/11/14 15:08:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/11/14 15:08:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/11/14 15:08:27 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/11/14 15:08:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/11/14 15:08:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/11/14 15:08:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/11/14 15:06:22 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll

[2012/11/14 15:06:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll

[2012/11/14 15:06:19 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll

[2012/11/14 15:06:19 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe

[2012/11/14 14:12:51 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll

[2012/11/14 14:12:51 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll

[2012/11/14 14:12:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll

[2012/11/14 14:12:47 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll

[2012/11/14 14:12:47 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll

[2012/11/14 14:12:47 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll

[2012/11/14 14:12:46 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll

[2012/11/14 14:12:46 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll

[2012/11/14 14:12:46 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll

[2012/11/14 14:12:28 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll

[2012/11/14 14:12:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll

[2012/11/12 21:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari

[2012/11/12 21:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/11 16:16:06 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/12/11 16:16:06 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/12/11 16:13:11 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/12/11 16:13:11 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/12/11 16:13:11 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/12/11 16:08:56 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/11 16:08:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/12/11 16:08:42 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys

[2012/12/11 16:08:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe

[2012/12/09 00:03:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/12/08 23:58:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/08 21:53:36 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\02956053.sys

[2012/12/08 20:35:26 | 000,753,152 | ---- | M] () -- C:\Users\Gary\Desktop\RogueKiller.exe

[2012/12/05 21:24:06 | 000,000,132 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2012/12/05 00:19:41 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/01 01:01:38 | 000,002,492 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/12/01 01:01:17 | 001,554,879 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB

[2012/12/01 00:58:54 | 000,013,946 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121114.016

[2012/12/01 00:55:42 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2012/12/01 00:55:42 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/12/01 00:55:42 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/11/14 19:24:34 | 004,831,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/11/12 21:22:04 | 000,002,169 | ---- | M] () -- C:\Users\Public\Desktop\Act of War - Direct Action.lnk

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/08 20:52:57 | 000,753,152 | ---- | C] () -- C:\Users\Gary\Desktop\RogueKiller.exe

[2012/12/05 00:19:41 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/12/01 01:01:05 | 001,554,879 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB

[2012/12/01 00:59:38 | 000,013,946 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\VT20121114.016

[2012/12/01 00:58:44 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.cat

[2012/12/01 00:58:44 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnet64.cat

[2012/12/01 00:58:44 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\iron.cat

[2012/12/01 00:58:44 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.cat

[2012/12/01 00:58:44 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.cat

[2012/12/01 00:58:44 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa.inf

[2012/12/01 00:58:44 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds.inf

[2012/12/01 00:58:44 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnet.inf

[2012/12/01 00:58:44 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.inf

[2012/12/01 00:58:44 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.inf

[2012/12/01 00:58:44 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.inf

[2012/12/01 00:58:44 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\iron.inf

[2012/12/01 00:58:41 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.cat

[2012/12/01 00:58:41 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.cat

[2012/12/01 00:58:41 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\isolate.ini

[2012/12/01 00:55:42 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2012/12/01 00:55:42 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2012/12/01 00:55:36 | 000,002,492 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk

[2012/11/15 20:53:20 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/15 20:53:19 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/14 15:32:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/11/14 15:06:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/11/12 21:22:04 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\Act of War - Direct Action.lnk

[2012/11/01 21:47:37 | 000,001,531 | ---- | C] () -- C:\Users\Gary\.recently-used.xbel

[2012/10/11 10:33:41 | 000,097,653 | ---- | C] () -- C:\ProgramData\hybfuvczporcqso

[2012/09/15 19:13:34 | 000,001,456 | ---- | C] () -- C:\Users\Gary\AppData\Local\Adobe Save for Web 12.0 Prefs

[2012/01/17 14:00:35 | 000,003,584 | ---- | C] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/18 17:31:28 | 000,000,144 | ---- | C] () -- C:\Windows\Sierra.ini

[2011/12/12 21:54:31 | 000,000,132 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

[2011/11/09 21:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2011/11/09 21:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/08/17 16:59:02 | 000,001,940 | ---- | C] () -- C:\Users\Gary\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/04/14 11:29:01 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2011/04/14 11:26:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/04/14 11:06:36 | 000,031,180 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2011/04/14 11:06:06 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011/04/14 11:05:57 | 000,023,465 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/28 18:34:23 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\.minecraft

[2012/10/09 09:18:48 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Autodesk

[2012/08/11 17:05:51 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Bizarre Creations

[2011/10/16 15:30:27 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/12/18 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\FaceGen

[2012/11/01 21:47:37 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\gtk-2.0

[2011/10/17 06:21:32 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\PACE Anti-Piracy

[2012/04/09 16:15:09 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Processing

[2011/10/16 12:34:50 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2011/08/21 15:27:20 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Stardock

[2011/08/20 15:15:46 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Tific

[2012/09/14 15:55:46 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\uTorrent

[2011/11/30 19:06:35 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\wargaming.net

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 968 bytes -> C:\Users\Gary\AppData\Local\EOG4Z7iY9BcH:dQvqtVHtA1syJFPsthEF

< End of report >

Link to post
Share on other sites

The contents of Extras.txt

OTL Extras logfile created on: 12/11/2012 4:20:51 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gary\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 66.14% Memory free

8.00 Gb Paging File | 6.46 Gb Available in Paging File | 80.79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 506.46 Gb Free Space | 54.38% Space Free | Partition Type: NTFS

Drive E: | 7.40 Gb Total Space | 4.97 Gb Free Space | 67.13% Space Free | Partition Type: FAT32

Computer Name: ZETA-GAMEPC-M3 | User Name: Gary | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01A3DA61-5764-424F-9617-034AB2317D7B}" = lport=137 | protocol=17 | dir=in | app=system |

"{078CE80D-C9E7-4238-B210-98FDEC776AA3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1DA826F6-A82B-49DD-994F-D68C4DC5F23E}" = lport=445 | protocol=6 | dir=in | app=system |

"{20DE8F9D-BC0B-4686-BA44-237C1A6C57DD}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

"{210606FC-D9D8-430D-B7E2-46419119D727}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{275E690B-C6E4-484A-9EAB-114FB405F5FC}" = lport=138 | protocol=17 | dir=in | app=system |

"{3BD2BA74-AA1B-4516-8C3D-8C2154D28F7F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4EFEC4B1-2175-43CF-A467-6D6C4D630D01}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5565D101-55E8-40D1-8F41-E2C1AEAAC5E4}" = lport=10243 | protocol=6 | dir=in | app=system |

"{60A4C403-B3B6-4459-BFCE-32D694B7BCC6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{641B7A3A-52A6-4CA7-BB62-7158CAB3546E}" = rport=138 | protocol=17 | dir=out | app=system |

"{665CF4EA-4C7E-40C0-8050-068E52E94E4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{77C8424D-A1F1-4C79-B18E-9B82E31458D8}" = rport=137 | protocol=17 | dir=out | app=system |

"{96EC93D2-01AB-4C74-8165-D0A71FFBE936}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A1B881CA-115D-4A86-AC05-0FC5B60BC4C4}" = lport=139 | protocol=6 | dir=in | app=system |

"{A8B014D5-617D-418E-A679-8D9920580DDA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{C01F4D88-FD43-4BA9-B562-A5F5CFB3A329}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C82D830F-6889-483E-9BB8-57F2C59F17AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D37D9516-925B-46B8-9F3F-42D5099DC1B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D7B1846C-88A0-4041-A589-0E5045B8D4B4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DDFA87A9-7EC9-486E-92B5-E554D27841E5}" = rport=445 | protocol=6 | dir=out | app=system |

"{E37D42C5-834A-4D62-89AC-123F9199D7EB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{E96E0CB0-AAB2-438A-9682-A1D7DD27B043}" = rport=10243 | protocol=6 | dir=out | app=system |

"{F6BFE728-CB3E-4E4E-8252-877259561A00}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04370971-72F6-42B2-86EE-3E6CF899131C}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\james bond 007™ - blood stone\bond.exe |

"{04B07B0A-CDD2-4C87-AEEE-BEEA34FB1B2B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{05715DBC-8D3B-4ADC-B8FC-23FF98456BC3}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{0F90851C-20BB-4945-A7A5-8670FE450F67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe |

"{152A9BD0-E0AA-47FB-850A-9789341F0E1E}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |

"{169DE914-0BBB-4032-8830-52E6FE8FB58A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{17CB68DD-0D10-4C3C-8B98-A2700887CC61}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{1B24EC7A-831E-4F41-8CE6-52A133708CB9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |

"{1E0ED492-71CF-4F53-B5B7-92AA0015C64D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{2337251A-77B0-4AAC-836D-DF61668521BC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |

"{2494FFF6-26C4-4F55-8062-33D14F594F9C}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |

"{25E52950-681E-4672-B23A-C93BA6800971}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{2662A894-B586-40DB-A9C4-B0FBB84C4A3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{2911784A-6197-46F7-B130-9603FA9B2233}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |

"{2A2393D5-9070-4937-9DC3-57CF51C4845F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\bin\sdklauncher.exe |

"{2A73F9C4-21CA-4A73-A239-64F6B0E9403C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{2B3B2197-7DE7-4686-BB0F-247D5B1D9060}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{300D9799-03CB-489B-926F-60314ED04774}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{30705E7D-6160-46E1-B690-B233A13ADB37}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe |

"{30B25F47-EA30-4BC6-81F1-5CEAF32D749A}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |

"{3495826C-8458-47C9-93F0-8FEAF50CB680}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{358AFB1E-5AF8-4B3C-A467-390B0016DA65}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |

"{380189D3-C7BB-4C9C-AAC9-8DE7FA01525C}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |

"{3C6BC38F-2F62-47AA-AE7E-38DFC74B4EAF}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\sins of a solar empire\sins of a solar empire.exe |

"{3F5A042F-8199-4F6D-82F9-AC527D5CB0E7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{3F60ED66-0D70-45B8-BE27-26F7246B0C49}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{40869E6B-2319-49F7-9F74-1B18E2647C71}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{412B6FAE-F67B-4C7B-9FF2-639557648D15}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{4C77EB8C-9CD8-4187-BC30-CB3010C4C99C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx.exe |

"{4F4E7B5D-C9DE-49BB-A69A-EE0FC3917A04}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{4F72D917-C647-41FE-971A-70DEB12E4B9D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |

"{4F7C9C79-86FC-4505-B81B-3AA623FEEDAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4FEB1C20-1562-4C68-96E8-3301A0D9E340}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{582BEFF2-AB8B-4A34-9F47-D0B0CFA6D7CA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{58C4A53B-79CE-4C4E-8C6B-4A0CA8D8377B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |

"{59C6A53B-66D1-4BCD-893D-E594D547B0BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |

"{5A10E81E-C2B4-4168-BED2-78F167A22BF7}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

"{5E90BFFE-2631-4DEE-AA0B-80CD83BF5101}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |

"{5F337248-EF4B-48EC-BEA1-884DC6ACD83E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |

"{63E567D4-FC6F-475E-ADA2-CFD829961C17}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |

"{64188FC3-6E26-4968-9944-D31AB713D18A}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |

"{6447EA29-9E28-48F2-BBB7-8ACA3247D4A4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |

"{6ABC90CB-B818-4928-9281-89030FA7D2D8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{702D8959-1637-4658-91D4-F73E7C44B0A4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{767BA73E-271E-4D4A-A45B-5F0D2AA8FEDD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7940CA5B-F074-4B2E-98B3-A89FC3D0B1FE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |

"{7A0C068A-E6FB-46D4-846C-39AB2B9D4428}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |

"{806F3C11-6F75-447F-9EA4-9859453637B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

"{820FA65A-8CB8-486A-B173-4799829045B4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{86BC4AF7-D03A-4521-A240-227EF0A906F4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{8A7D45DE-345D-44BC-BDDD-1E7FCB9860DA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |

"{8B0EB5E8-8D0B-4F8D-A33A-983CC62C21AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{8DFCF164-492F-4CCF-9BDD-2247BC970826}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{8ED10E70-A1C0-4C94-A1DA-30FFFBF19210}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{8F6E01B2-6307-464A-9892-2C860F57D637}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{9254635D-1D4D-44B5-837A-9480A963FB66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{93F2D675-5F31-4A99-9CAF-BF425FA3B649}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |

"{9468387F-C745-438F-84CD-86B86FA2B14D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |

"{973584F2-9C53-4004-A709-4A3429F88368}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |

"{99947340-4BC9-4379-A817-D12AD006B630}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe |

"{9EADA36A-E0C3-4787-A8DD-80D149CF75B0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe |

"{A1B58734-5220-41EF-BAFC-4FF0A1DBB923}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{A22981BB-223E-4D81-9E04-8A7AEAC8FD5C}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |

"{A49CDA92-B515-4A50-BD4B-E3CD04819210}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{AA16BF1D-EE61-4533-A6A8-858F24B7D6D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B0B8C476-F02D-425A-9C73-21DEEC25855D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\noric_omist\garrysmod\hl2.exe |

"{B37D2872-1134-4B56-BA3C-3B5A5084C912}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |

"{B4E2E35D-ABFF-4D90-81F3-52BAE5F5CC1A}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

"{B7CCE3F7-79EF-4099-AE02-C4A102D2FEB9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{B89D0E59-C524-466A-AC18-DACF42AA7E8F}" = protocol=6 | dir=out | app=system |

"{BB9DECD8-F1B2-4A37-A872-A0A488673BE0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"{BC7BC810-84BC-4D48-9990-F02472BA410B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\noric_omist\garrysmod\hl2.exe |

"{C05197A5-1C89-4BF9-812F-20F3A6F89AEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{C385D6A8-E748-4797-90D7-484F5848985B}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |

"{C5485D84-B2DA-423B-AD35-C72666D4BFC8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{C75AF1D6-A6E9-40EC-A4A7-F2328BC087EB}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's h.a.w.x\hawx_dx10.exe |

"{CB8EB378-BF0F-443F-81EA-AEC19A760045}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{D2054453-767D-4504-9F24-9DBAB359424D}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{D36C76C0-686C-45F1-9D52-D4FD93B00258}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |

"{D377A580-47B4-43E9-A897-0FEAFF160B4E}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |

"{D3DE5539-8F56-436C-A012-9FFCD5E56BF8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead island\deadislandgame.exe |

"{D987E01C-8B6C-4F88-AED9-0727B2A72573}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |

"{DB409C55-9F87-40AD-9F89-0E66BBE92147}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{DD8911D2-1E18-4866-A39D-17D4BD690D99}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |

"{DE135EBE-759E-4EE0-93ED-EC9845C00B93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E2AB4CA9-CF52-4157-983C-ADB2B75F50A6}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\james bond 007™ - blood stone\bond.exe |

"{E3580B71-FB35-4D26-937F-EE6D0ACCEDB6}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |

"{EC23FC37-B8F4-4EB9-A96D-EB4DC1928DBA}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |

"{ECDF2A53-CB26-4C5A-8B14-862956CD5657}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |

"{EDB95E01-4B08-4A18-99C7-41A8BE259B06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F2402516-8C76-4013-81EE-A16C66983D05}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F5423735-9516-4359-82A1-1974EEBB54B0}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |

"{F62E960F-4A05-47A0-A8FA-22C2804E9B36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |

"{F69EA83F-B7FC-4DBF-AC72-250D5053E926}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |

"{FBC25C39-D4C8-47F1-A856-CBE9C053B42A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{1EC1F2F0-64CE-4854-9279-929C39371178}C:\users\gary\downloads\star trek downloader st.17.20111218a.12.exe" = protocol=6 | dir=in | app=c:\users\gary\downloads\star trek downloader st.17.20111218a.12.exe |

"TCP Query User{2A032125-858A-48A5-8618-957ED2B7E564}C:\program files\cryptic studios\star trek online\playtest\gameclient.exe" = protocol=6 | dir=in | app=c:\program files\cryptic studios\star trek online\playtest\gameclient.exe |

"TCP Query User{3D2D4E19-2BF1-4424-8A03-C0E940DFA38A}C:\users\gary\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\gary\appdata\local\akamai\netsession_win.exe |

"TCP Query User{565CCB25-692D-48F8-83B3-37213EB515C1}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |

"TCP Query User{899FA8C7-B8B9-460D-8DD0-82C2EDC4DFFA}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe |

"TCP Query User{8A0D10D6-88D6-43CA-B2EB-4ADB8E090671}C:\program files\autodesk\maya2013\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |

"TCP Query User{93A39A3E-013D-42AB-807F-F5BDC09A871F}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

"TCP Query User{97F8BAC2-5690-47D0-95A6-48A1CA5D942E}C:\program files (x86)\steam\steamapps\noric_omist\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\noric_omist\team fortress 2\hl2.exe |

"TCP Query User{BF361835-281E-475B-B1E4-514BED57A4E5}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |

"TCP Query User{C6456EE9-0107-4788-9DB9-C06DCB729C21}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

"TCP Query User{CC3520DC-D4AF-4B78-8ECB-78E6F9D8CCB8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |

"TCP Query User{D5106C28-F0E0-4F37-970E-D8DDAF1D790A}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |

"TCP Query User{D713215E-A90E-4DFB-A126-B7130491C0AE}C:\program files\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files\cryptic studios\star trek online\live\gameclient.exe |

"TCP Query User{EAFB613B-39BA-454A-894F-B054E058FA9E}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |

"UDP Query User{0D51A170-8DAF-4B28-8D46-5F933A221BD2}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |

"UDP Query User{10182CB3-F074-497B-A53F-D00F6ADFEBCD}C:\users\gary\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\gary\appdata\local\akamai\netsession_win.exe |

"UDP Query User{4279D293-2ADB-47EF-B1D3-5B350743F222}C:\users\gary\downloads\star trek downloader st.17.20111218a.12.exe" = protocol=17 | dir=in | app=c:\users\gary\downloads\star trek downloader st.17.20111218a.12.exe |

"UDP Query User{669A0097-8C2A-4DAF-980D-73995466D150}C:\program files\autodesk\maya2013\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files\autodesk\maya2013\bin\maya.exe |

"UDP Query User{67476D56-B5D7-4B44-8291-811CABD18DDD}C:\program files\cryptic studios\star trek online\playtest\gameclient.exe" = protocol=17 | dir=in | app=c:\program files\cryptic studios\star trek online\playtest\gameclient.exe |

"UDP Query User{9D797B5D-E15A-44E3-9F8A-CE1700BD3FAD}C:\program files (x86)\steam\steamapps\noric_omist\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\noric_omist\team fortress 2\hl2.exe |

"UDP Query User{A14A99BF-8D46-4432-9D59-6454F1800E6F}C:\program files\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files\cryptic studios\star trek online\live\gameclient.exe |

"UDP Query User{D5743680-6F5C-4615-9E5C-307B7ABB9E03}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |

"UDP Query User{DC9A613E-85A4-4C15-B8F8-7F41C0B6735F}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |

"UDP Query User{DF0DF6FB-D21F-4AF4-8D9C-753C88B77E1E}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |

"UDP Query User{E55ACCEA-3075-422A-9109-A9BF77BC20CE}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |

"UDP Query User{F5E92FC6-1274-4B61-BAE0-39A0D5ED40BF}C:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell conviction\src\system\uplaybrowser.exe |

"UDP Query User{F626D971-5151-4338-BFA5-BCA3FDEBFEF1}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |

"UDP Query User{F7898087-8BD5-439D-BCAA-FD98C0B1DF96}C:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18092\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java™ 6 Update 29 (64-bit)

"{2F808931-D235-4FC7-90CD-F8A890C97B2F}" = Composite 2013 64-bit

"{324297F8-2898-454B-9AC4-07050AEB35B3}" = Autodesk DirectConnect 2013 64-bit

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5B77A046-DAD6-4F19-A8B9-4E5B3EAD2C24}" = Autodesk MatchMover 2013 64-bit

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{ABE286AE-C65D-B7DE-C8D1-DF79584169B4}" = AMD Fuel

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FC7084CE-5090-4770-8B5B-CA3125526F0D}" = Autodesk Maya 2013 64-bit

"Autodesk DirectConnect 2013 64-bit" = Autodesk DirectConnect 2013 64-bit

"Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit" = Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit

"Autodesk Maya 2013 64-bit" = Autodesk Maya 2013 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Drivers" = NVIDIA Drivers

"Wacom Tablet Driver" = Wacom Tablet

"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian

"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English

"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.7

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29

"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection

"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish

"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2013.0.0

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum

"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV

"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction

"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X

"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German

"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Emperor: Rise of the Middle Kingdom 1.0.1.0

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian

"{86BDD105-114A-4B20-BF8B-E46C7159A641}" = FaceGen Modeller 3.5 Free

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007™ - Blood Stone

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{941F9BA8-06F6-42FD-AB91-CFB99B5E13BF}" = Fallout

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese

"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy

"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6

"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar

"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean

"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CCA78313-443C-4674-81B8-88919D137258}" = Autodesk Download Manager

"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11

"Coupon Companion" = Coupon Companion

"ERUNT_is1" = ERUNT 1.1j

"Fallout Tactics" = Fallout Tactics

"Fallout2" = Fallout2

"GamersFirst LIVE!" = GamersFirst LIVE!

"GamersFirst Sword 2" = Sword 2

"Google Chrome" = Google Chrome

"Impulse" = Impulse

"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III

"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"InstallShield_{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007™ - Blood Stone

"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NIS" = Norton Internet Security

"Sins of a Solar Empire" = Sins of a Solar Empire

"Star Trek Online" = Star Trek Online

"StarCraft II" = StarCraft II

"Steam App 105600" = Terraria

"Steam App 203810" = Dear Esther

"Steam App 20540" = Company of Heroes: Tales of Valor

"Steam App 218" = Source SDK Base 2007

"Steam App 218230" = PlanetSide 2

"Steam App 220" = Half-Life 2

"Steam App 28050" = Deus Ex: Human Revolution

"Steam App 320" = Half-Life 2: Deathmatch

"Steam App 340" = Half-Life 2: Lost Coast

"Steam App 380" = Half-Life 2: Episode One

"Steam App 400" = Portal

"Steam App 4000" = Garry's Mod

"Steam App 420" = Half-Life 2: Episode Two

"Steam App 440" = Team Fortress 2

"Steam App 4560" = Company of Heroes

"Steam App 500" = Left 4 Dead

"Steam App 520" = Team Fortress 2 Beta

"Steam App 550" = Left 4 Dead 2

"Steam App 620" = Portal 2

"Steam App 629" = Portal 2 Authoring Tools - Beta

"Steam App 91310" = Dead Island

"Steam App 9340" = Company of Heroes: Opposing Fronts

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.2

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/17/2012 6:25:56 PM | Computer Name = Zeta-GamePC-M3 | Source = WinMgmt | ID = 10

Description =

Error - 8/17/2012 11:57:29 PM | Computer Name = Zeta-GamePC-M3 | Source = WinMgmt | ID = 10

Description =

Error - 8/18/2012 11:59:01 AM | Computer Name = Zeta-GamePC-M3 | Source = WinMgmt | ID = 10

Description =

Error - 8/18/2012 5:45:53 PM | Computer Name = Zeta-GamePC-M3 | Source = WinMgmt | ID = 10

Description =

Error - 8/18/2012 11:51:30 PM | Computer Name = Zeta-GamePC-M3 | Source = WinMgmt | ID = 10

Description =

Error - 8/19/2012 11:17:05 AM | Computer Name = Zeta-GamePC-M3 | Source = WinMgmt | ID = 10

Description =

Error - 8/19/2012 10:17:37 PM | Computer Name = Zeta-GamePC-M3 | Source = WinMgmt | ID = 10

Description =

Error - 8/19/2012 11:36:15 PM | Computer Name = Zeta-GamePC-M3 | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 8/19/2012 11:36:59 PM | Computer Name = Zeta-GamePC-M3 | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 8/20/2012 6:17:18 PM | Computer Name = Zeta-GamePC-M3 | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 12/8/2012 9:37:40 PM | Computer Name = Zeta-GamePC-M3 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/8/2012 9:37:40 PM | Computer Name = Zeta-GamePC-M3 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/8/2012 9:42:40 PM | Computer Name = Zeta-GamePC-M3 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/8/2012 9:42:40 PM | Computer Name = Zeta-GamePC-M3 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/8/2012 9:42:40 PM | Computer Name = Zeta-GamePC-M3 | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 12/10/2012 11:14:57 AM | Computer Name = Zeta-GamePC-M3 | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/10/2012 11:14:58 AM | Computer Name = Zeta-GamePC-M3 | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/10/2012 11:14:58 AM | Computer Name = Zeta-GamePC-M3 | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/10/2012 11:14:59 AM | Computer Name = Zeta-GamePC-M3 | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/10/2012 11:14:59 AM | Computer Name = Zeta-GamePC-M3 | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

< End of report >

Lastly, the contents of checkup.txt

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java™ 6 Update 29

Java version out of Date!

Adobe Flash Player 11.4.402.287 Flash Player out of Date!

Adobe Reader 10.1.1 Adobe Reader out of Date!

Mozilla Firefox (17.0.1)

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 6%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Your logs showed some peer-to-peer filesharing apps: µTorrent I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwar...showtopic=97700

Uninstall µTorrent and any other 'torrent and Restart the system, AND confirm that for me.

Link to post
Share on other sites

'torrent apps leave ports open and that exposes your system to possible exploitation and re-infection while we try to clean what you have.

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 2

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Link to post
Share on other sites

AdwClearner

# AdwCleaner v2.100 - Logfile created 12/11/2012 at 23:10:03

# Updated 09/12/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Gary - ZETA-GAMEPC-M3

# Boot Mode : Normal

# Running from : C:\Users\Gary\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default [Profil par défaut]

File : C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\mq4w4elc.default\prefs.js

Found : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1355026501);

Found : user_pref("extensions.crossriderapp4493.4493.active", true);

Found : user_pref("extensions.crossriderapp4493.4493.addressbar", "");

Found : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");

Found : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&[...]

Found : user_pref("extensions.crossriderapp4493.4493.backgroundver", 7);

Found : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);

Found : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");

Found : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);

Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1355026501");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1355026501");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Sat Dec 08 2012 23:[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Sat Dec 15 2012 [...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1355026537");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1355026539589");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22116879%22");

Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1355026535245");

Found : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");

Found : user_pref("extensions.crossriderapp4493.4493.domain", "");

Found : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);

Found : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");

Found : user_pref("extensions.crossriderapp4493.4493.group", 0);

Found : user_pref("extensions.crossriderapp4493.4493.homepage", "");

Found : user_pref("extensions.crossriderapp4493.4493.iframe", false);

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "41");

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Sun Dec 09[...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");

Found : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]

Found : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");

Found : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");

Found : user_pref("extensions.crossriderapp4493.4493.newtab", "");

Found : user_pref("extensions.crossriderapp4493.4493.opensearch", "");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 3);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 7);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rul[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 4);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);

Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "17,14,16,47,1000015");

Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,100[...]

Found : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Found : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 17);

Found : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");

Found : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);

Found : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);

Found : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");

Found : user_pref("extensions.crossriderapp4493.4493.thankyou", "");

Found : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);

Found : user_pref("extensions.crossriderapp4493.4493.ver", 41);

Found : user_pref("extensions.crossriderapp4493.apps", "4493");

Found : user_pref("extensions.crossriderapp4493.bic", "13b7d886627003bf906677f8cce921b4");

Found : user_pref("extensions.crossriderapp4493.cid", 4493);

Found : user_pref("extensions.crossriderapp4493.firstrun", false);

Found : user_pref("extensions.crossriderapp4493.hadappinstalled", true);

Found : user_pref("extensions.crossriderapp4493.installationdate", 1355026501);

Found : user_pref("extensions.crossriderapp4493.lastcheck", 22583775);

Found : user_pref("extensions.crossriderapp4493.lastcheckitem", 22583776);

Found : user_pref("extensions.crossriderapp4493.modetype", "production");

Found : user_pref("extensions.crossriderapp4493.reportInstall", true);

Found : user_pref("extensions.enabledAddons", "%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12,%7B01A8CA0A[...]

Profile name : default-1354845891733

File : C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\997i16yx.default-1354845891733\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1652 octets] - [08/12/2012 21:34:22]

AdwCleaner[R2].txt - [1274 octets] - [08/12/2012 21:38:32]

AdwCleaner[R3].txt - [9896 octets] - [08/12/2012 21:52:26]

AdwCleaner[R4].txt - [12295 octets] - [08/12/2012 22:19:48]

AdwCleaner[R5].txt - [12356 octets] - [08/12/2012 23:03:27]

AdwCleaner[R6].txt - [12500 octets] - [08/12/2012 23:24:02]

AdwCleaner[R7].txt - [12307 octets] - [11/12/2012 23:10:03]

AdwCleaner[s1].txt - [1730 octets] - [08/12/2012 21:35:24]

AdwCleaner[s4].txt - [12649 octets] - [08/12/2012 23:04:59]

########## EOF - C:\AdwCleaner[R7].txt - [12489 octets] ##########

Link to post
Share on other sites

RKreport

RogueKiller V8.3.2 [Dec 7 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Gary [Admin rights]

Mode : Scan -- Date : 12/11/2012 23:12:26

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

0.0.0.0 localhost

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA SCSI Disk Device +++++

--- User ---

[MBR] d8e099d3b1c7a66817ff6f30cfe83760

[bSP] bebb89d2228f67450173a6fb2bd62f7a : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_12112012_02d2312.txt >>

RKreport[1]_S_12112012_02d2312.txt

Link to post
Share on other sites

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply. And tell me, How is the system now?
  • Re-enable your security software.

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.0.8 (12.12.2012:1)

OS: Windows 7 Home Premium x64

Ran by Gary on Wed 12/12/2012 at 12:13:41.83

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3420909713-3481277924-1338474714-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{11111111-1111-1111-1111-110011441193}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{11111111-1111-1111-1111-110011441193}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{21a51130-7285-49fe-b3f6-2385cc71cdea}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Gary\appdata\local\coupon companion"

Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion"

~~~ FireFox

Successfully deleted: [File] C:\Users\Gary\AppData\Roaming\mozilla\firefox\profiles\mq4w4elc.default\extensions\uuzlsscacl@uuzlsscacl.org.xpi [Tracur]

Successfully deleted: [Folder] C:\Users\Gary\AppData\Roaming\mozilla\firefox\profiles\mq4w4elc.default\extensions\crossriderapp4493@crossrider.com

Successfully deleted: [Folder] C:\Users\Gary\AppData\Roaming\mozilla\firefox\profiles\997i16yx.default-1354845891733\extensions\crossriderapp4493@crossrider.com

Successfully deleted the following from C:\Users\Gary\AppData\Roaming\mozilla\firefox\profiles\mq4w4elc.default\prefs.js

user_pref("extensions.crossrider.bic", "13b7d886627003bf906677f8cce921b4");

user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1355026501);

user_pref("extensions.crossriderapp4493.4493.active", true);

user_pref("extensions.crossriderapp4493.4493.addressbar", "");

user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");

user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit()

user_pref("extensions.crossriderapp4493.4493.backgroundver", 7);

user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);

user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");

user_pref("extensions.crossriderapp4493.4493.changeprevious", false);

user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1355026501");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1355026501");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Sat Dec 08 2012 23:20:36 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Sat Dec 15 2012 23:15:36 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22US%22");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1355026537");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1355026539589");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22116879%22");

user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1355026535245");

user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");

user_pref("extensions.crossriderapp4493.4493.domain", "");

user_pref("extensions.crossriderapp4493.4493.enablesearch", false);

user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");

user_pref("extensions.crossriderapp4493.4493.group", 0);

user_pref("extensions.crossriderapp4493.4493.homepage", "");

user_pref("extensions.crossriderapp4493.4493.iframe", false);

user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "41");

user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");

user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");

user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Sun Dec 09 2012 05:15:14 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");

user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");

user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");

user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:\"

user_pref("extensions.crossriderapp4493.4493.manifesturl", "");

user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");

user_pref("extensions.crossriderapp4493.4493.newtab", "");

user_pref("extensions.crossriderapp4493.4493.opensearch", "");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appA

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 3);

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw n

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 7);

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 4);

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelectio

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*9999999999999

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1);

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!=true)&&(typeof _firefoxVersion!==\"undefined\"&&_

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * http://jquery.com/\n *\

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.deb

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=funct

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com | jquery.org/license */\n(function(a,b){function cy(a){return f.isWindow(a)?

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(fu

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");

user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);

user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "17,14,16,47,1000015");

user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,1000014,28");

user_pref("extensions.crossriderapp4493.4493.pluginsurl", "http://app-static.crossrider.com/plugin/apps/4493/plugins/086/ff/plugins.json");

user_pref("extensions.crossriderapp4493.4493.pluginsversion", 17);

user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");

user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);

user_pref("extensions.crossriderapp4493.4493.setnewtab", false);

user_pref("extensions.crossriderapp4493.4493.settingsurl", "");

user_pref("extensions.crossriderapp4493.4493.thankyou", "");

user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);

user_pref("extensions.crossriderapp4493.4493.ver", 41);

user_pref("extensions.crossriderapp4493.apps", "4493");

user_pref("extensions.crossriderapp4493.bic", "13b7d886627003bf906677f8cce921b4");

user_pref("extensions.crossriderapp4493.cid", 4493);

user_pref("extensions.crossriderapp4493.firstrun", false);

user_pref("extensions.crossriderapp4493.hadappinstalled", true);

user_pref("extensions.crossriderapp4493.installationdate", 1355026501);

user_pref("extensions.crossriderapp4493.lastcheck", 22583775);

user_pref("extensions.crossriderapp4493.lastcheckitem", 22583776);

user_pref("extensions.crossriderapp4493.modetype", "production");

user_pref("extensions.crossriderapp4493.reportInstall", true);

~~~ Chrome

Dumping contents of C:\Users\Gary\appdata\local\Google\Chrome\User Data\Default\Default

C:\Users\Gary\appdata\local\Google\Chrome\User Data\Default\Default\aaggdcdbgfgcdbdfdbgbgegcdedgdfde

C:\Users\Gary\appdata\local\Google\Chrome\User Data\Default\Default\aaggdcdbgfgcdbdfdbgbgegcdedgdfde\background.js

C:\Users\Gary\appdata\local\Google\Chrome\User Data\Default\Default\aaggdcdbgfgcdbdfdbgbgegcdedgdfde\ContentScript.js

C:\Users\Gary\appdata\local\Google\Chrome\User Data\Default\Default\aaggdcdbgfgcdbdfdbgbgegcdedgdfde\manifest.json

Successfully deleted: [Folder] C:\Users\Gary\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

Successfully deleted: [Folder] C:\Users\Gary\appdata\local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pbkdpahkifcigckmhiafindmaflfifgm

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 12/12/2012 at 12:19:33.44

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

It looked to me that you had a Crossrider infection, which should mostly be gone now. But your system needs follow-up checks, AND updating of 3 utilities.

Please do the following at the next opportunity.

Step 1

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here
    and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u9-windows-i586.exe to install the newest version.
    ( jre-7u9-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Step 2

To de-install Flash Player

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for Google Chrome, or McAfee Security Scan Plus, or any other widget or toolbar or add-on!!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

Step 3

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Step 4

Temporarily disable your antivirus so that it does not interfere.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan. :excl:

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy and Paste the MBAM scan log.

Re-enable your antivirus.

Link to post
Share on other sites

<p> </p>

<div>RogueKiller V8.3.2 [Dec  7 2012] by Tigzy</div>

<div>mail : tigzyRK<at>gmail<dot>com</div>

<div>Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/</div>

<div>Website : http://tigzy.geekstogo.com/roguekiller.php</div>

<div>Blog : http://tigzyrk.blogspot.com/</div>

<div> </div>

<div>Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version</div>

<div>Started in : Normal mode</div>

<div>User : Gary [Admin rights]</div>

<div>Mode : Scan -- Date : 12/11/2012 23:12:26</div>

<div> </div>

<div>¤¤¤ Bad processes : 0 ¤¤¤</div>

<div> </div>

<div>¤¤¤ Registry Entries : 0 ¤¤¤</div>

<div> </div>

<div>¤¤¤ Particular Files / Folders: ¤¤¤</div>

<div> </div>

<div>¤¤¤ Driver : [NOT LOADED] ¤¤¤</div>

<div> </div>

<div>¤¤¤ HOSTS File: ¤¤¤</div>

<div>--> C:\Windows\system32\drivers\etc\hosts</div>

<div> </div>

<div>0.0.0.0       localhost </div>

<div>127.0.0.1 activate.adobe.com </div>

<div>127.0.0.1 practivate.adobe.com </div>

<div>127.0.0.1 ereg.adobe.com </div>

<div>127.0.0.1 activate.wip3.adobe.com </div>

<div>127.0.0.1 wip3.adobe.com </div>

<div>127.0.0.1 3dns-3.adobe.com </div>

<div>127.0.0.1 3dns-2.adobe.com </div>

<div>127.0.0.1 adobe-dns.adobe.com </div>

<div>127.0.0.1 adobe-dns-2.adobe.com </div>

<div>127.0.0.1 adobe-dns-3.adobe.com </div>

<div>127.0.0.1 ereg.wip3.adobe.com </div>

<div>127.0.0.1 activate-sea.adobe.com </div>

<div>127.0.0.1 wwis-dubc1-vip60.adobe.com </div>

<div>127.0.0.1 activate-sjc0.adobe.com </div>

<div> </div>

<div> </div>

<div>¤¤¤ MBR Check: ¤¤¤</div>

<div> </div>

<div>+++++ PhysicalDrive0: Hitachi HDS721010CLA SCSI Disk Device +++++</div>

<div>--- User ---</div>

<div>[MBR] d8e099d3b1c7a66817ff6f30cfe83760</div>

<div>[bSP] bebb89d2228f67450173a6fb2bd62f7a : Windows 7/8 MBR Code</div>

<div>Partition table:</div>

<div>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo</div>

<div>1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo</div>

<div>User = LL1 ... OK!</div>

<div>Error reading LL2 MBR!</div>

<div> </div>

<div>Finished : << RKreport[1]_S_12112012_02d2312.txt >></div>

<div>RKreport[1]_S_12112012_02d2312.txt</div>

<div> </div>

<div> </div>

<div> </div>

Link to post
Share on other sites

<p>Sorry, I posted a report I've already posted before. Here is the Malwarebyte report.</p>

<p> </p>

<p> </p>

<div>Malwarebytes Anti-Malware 1.65.1.1000</div>

<div>www.malwarebytes.org</div>

<div> </div>

<div>Database version: v2012.12.12.10</div>

<div> </div>

<div>Windows 7 Service Pack 1 x64 NTFS</div>

<div>Internet Explorer 9.0.8112.16421</div>

<div>Gary :: ZETA-GAMEPC-M3 [administrator]</div>

<div> </div>

<div>12/12/2012 1:44:29 PM</div>

<div>mbam-log-2012-12-12 (13-44-29).txt</div>

<div> </div>

<div>Scan type: Full scan (C:\|)</div>

<div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div>

<div>Scan options disabled: P2P</div>

<div>Objects scanned: 674532</div>

<div>Time elapsed: 1 hour(s), 37 minute(s), 1 second(s)</div>

<div> </div>

<div>Memory Processes Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Memory Modules Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Keys Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Values Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Registry Data Items Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Folders Detected: 0</div>

<div>(No malicious items detected)</div>

<div> </div>

<div>Files Detected: 2</div>

<div>C:\TDSSKiller_Quarantine\08.12.2012_22.31.30\tdlfs0000\tsk0002.dta (Trojan.Agent) -> Quarantined and deleted successfully.</div>

<div>C:\TDSSKiller_Quarantine\08.12.2012_22.31.30\tdlfs0001\tsk0002.dta (Trojan.Agent) -> Quarantined and deleted successfully.</div>

<div> </div>

<div>(end)</div>

<div> </div>

Link to post
Share on other sites

The format of those last reports is odd. Take some extra safety precautions when replying.

Press the More reply options button on the forum screen at bottom of the thread.

Then on next reply box, look at the upper far-left corner and look at the light-switch icon and if it is not in the "down" position .... then click on it 1 time so that it is down.

Then paste your log.

The last MBAM log result is good.

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log and tell me,

How is the system now ?

Link to post
Share on other sites

<p> </p>

<div>ESETSmartInstaller@High as CAB hook log:</div>

<div>OnlineScanner64.ocx - registred OK</div>

<div>OnlineScanner.ocx - registred OK</div>

<div># version=8</div>

<div># iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)</div>

<div># OnlineScanner.ocx=1.0.0.6844</div>

<div># api_version=3.0.2</div>

<div># EOSSerial=</div>

<div># end=finished</div>

<div># remove_checked=true</div>

<div># archives_checked=false</div>

<div># unwanted_checked=false</div>

<div># unsafe_checked=false</div>

<div># antistealth_checked=true</div>

<div># utc_time=2012-12-13 01:45:57</div>

<div># local_time=2012-12-12 08:45:57 (-0500, Eastern Standard Time)</div>

<div># country="United States"</div>

<div># lang=1033</div>

<div># osver=6.1.7601 NT Service Pack 1</div>

<div># compatibility_mode=3591 16777213 100 95 0 117869742 0 0</div>

<div># compatibility_mode=5893 16776574 100 94 50663135 106906607 0 0</div>

<div># scanned=484161</div>

<div># found=10</div>

<div># cleaned=10</div>

<div># scan_time=6237</div>

<div>C:\TDSSKiller_Quarantine\05.12.2012_00.51.00\mbr0000\tdlfs0000\tsk0000.dta<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>BD1D3BF759D78450B2F5ABD9F29B5EF91D684536<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\TDSSKiller_Quarantine\05.12.2012_00.51.00\mbr0000\tdlfs0000\tsk0001.dta<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win64/Olmarik.AM trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>4781EFFAD9D0938135EF5BA6626A8E482D3B0440<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\TDSSKiller_Quarantine\05.12.2012_00.51.00\mbr0000\tdlfs0000\tsk0003.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Olmarik.AN trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00725FA829B19880824C81D349D3FCF2A1AF8DE9<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\TDSSKiller_Quarantine\05.12.2012_00.51.00\mbr0000\tdlfs0000\tsk0007.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\TDSSKiller_Quarantine\05.12.2012_00.51.00\mbr0000\tdlfs0000\tsk0008.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Olmarik.AK trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>5F329A1069EB6A8151C2CA3E589DBF1B481B50A2<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\TDSSKiller_Quarantine\08.12.2012_22.31.30\tdlfs0001\tsk0000.dta<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>BD1D3BF759D78450B2F5ABD9F29B5EF91D684536<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\TDSSKiller_Quarantine\08.12.2012_22.31.30\tdlfs0001\tsk0001.dta<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win64/Olmarik.AM trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>4781EFFAD9D0938135EF5BA6626A8E482D3B0440<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\TDSSKiller_Quarantine\08.12.2012_22.31.30\tdlfs0001\tsk0003.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Olmarik.AN trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>00725FA829B19880824C81D349D3FCF2A1AF8DE9<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\TDSSKiller_Quarantine\08.12.2012_22.31.30\tdlfs0001\tsk0007.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div>C:\TDSSKiller_Quarantine\08.12.2012_22.31.30\tdlfs0001\tsk0008.dta<span class="Apple-tab-span" style="white-space:pre"> </span>Win64/Olmarik.AK trojan (cleaned by deleting - quarantined)<span class="Apple-tab-span" style="white-space:pre"> </span>5F329A1069EB6A8151C2CA3E589DBF1B481B50A2<span class="Apple-tab-span" style="white-space:pre"> </span>C</div>

<div> </div>

Link to post
Share on other sites

Sorry, about the weird formatting, I'm posting the log again.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-12-13 01:45:57

# local_time=2012-12-12 08:45:57 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=3591 16777213 100 95 0 117869742 0 0

# compatibility_mode=5893 16776574 100 94 50663135 106906607 0 0

# scanned=484161

# found=10

# cleaned=10

# scan_time=6237

C:\TDSSKiller_Quarantine\05.12.2012_00.51.00\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 C

C:\TDSSKiller_Quarantine\05.12.2012_00.51.00\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan (cleaned by deleting - quarantined) 4781EFFAD9D0938135EF5BA6626A8E482D3B0440 C

C:\TDSSKiller_Quarantine\05.12.2012_00.51.00\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan (cleaned by deleting - quarantined) 00725FA829B19880824C81D349D3FCF2A1AF8DE9 C

C:\TDSSKiller_Quarantine\05.12.2012_00.51.00\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1 C

C:\TDSSKiller_Quarantine\05.12.2012_00.51.00\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 5F329A1069EB6A8151C2CA3E589DBF1B481B50A2 C

C:\TDSSKiller_Quarantine\08.12.2012_22.31.30\tdlfs0001\tsk0000.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) BD1D3BF759D78450B2F5ABD9F29B5EF91D684536 C

C:\TDSSKiller_Quarantine\08.12.2012_22.31.30\tdlfs0001\tsk0001.dta a variant of Win64/Olmarik.AM trojan (cleaned by deleting - quarantined) 4781EFFAD9D0938135EF5BA6626A8E482D3B0440 C

C:\TDSSKiller_Quarantine\08.12.2012_22.31.30\tdlfs0001\tsk0003.dta Win64/Olmarik.AN trojan (cleaned by deleting - quarantined) 00725FA829B19880824C81D349D3FCF2A1AF8DE9 C

C:\TDSSKiller_Quarantine\08.12.2012_22.31.30\tdlfs0001\tsk0007.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1 C

C:\TDSSKiller_Quarantine\08.12.2012_22.31.30\tdlfs0001\tsk0008.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 5F329A1069EB6A8151C2CA3E589DBF1B481B50A2 C

Link to post
Share on other sites

I would urge you to insure that all your online passwords are changed and to take steps to protect yourself on possible identity theft --- since the system had a number of trojans.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

Here is some additional information:

Danger: Remote Access Trojans http://www.microsoft.com/technet/security/alerts/info/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/index.html

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

Adwcleaner.exe

JRT.exe

Roguekiller.exe

Securitycheck.exe

TDSSKILLER.exe

You may use Control Panel >> Programs and Features and uninstall ESET Online scan.

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.