Phil Collins Posted October 1, 2012 Share Posted October 1, 2012 Good afternoon, I believe my system may be compromised and I cannot figure out how to undo this. below are my logs from DDS Please let me know what else I should provide : DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by phil at 19:05:58 on 2012-10-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.4641 [GMT -4:00] . AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files\Windows Home Server\esClient.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\FingerPrint\FingerPrintService.exe C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\OEM\USBDECTION\USBS3S4Detection.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AirPrint\airprint.exe C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\splwow64.exe C:\Program Files\Windows Home Server\WHSConnector.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Users\phil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files\Windows Home Server\WHSTrayApp.exe C:\Users\phil\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\FingerPrint\FingerPrint.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\phil\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Windows\system32\DllHost.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\taskeng.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [Google Update] "C:\Users\phil\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler uRun: [spotify Web Helper] "C:\Users\phil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun: [Conime] %windir%\system32\conime.exe mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" StartupFolder: C:\Users\phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\phil\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPROG~1.LNK - C:\Program Files (x86)\FingerPrint\FingerPrint.exe StartupFolder: C:\Users\phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UVREAL~1.LNK - C:\Program Files (x86)\UV Realtime\UVRTAutostart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll Trusted Zone: $talisma_url$ Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{0ACC7907-B634-4F26-B2BC-1EC4C5BC96A5} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8EF916CF-C649-4EC3-8A53-706A022EE6C6} : DhcpNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO-X64: LastPass Browser Helper Object - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun-x64: [Conime] %windir%\system32\conime.exe mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\g5dfm5sk.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\phil\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\phil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\phil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\phil\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AirPrint;AirPrint;C:\Program Files (x86)\AirPrint\airprint.exe -s --> C:\Program Files (x86)\AirPrint\airprint.exe -s [?] R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280] R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944] R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936] R2 FingerPrint;FingerPrint Service;C:\Program Files (x86)\FingerPrint\FingerPrintService.exe -start --> C:\Program Files (x86)\FingerPrint\FingerPrintService.exe -start [?] R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-24 8704] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712] R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 676936] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-8-29 517632] R2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2011-8-29 315392] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-31 2348352] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-4-22 474168] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-18 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-14 243232] R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320] R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?] R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-31 135664] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250288] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-31 135664] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 114144] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?] S3 SndTAudio;SndTAudio;C:\Windows\system32\drivers\SndTAudio.sys --> C:\Windows\system32\drivers\SndTAudio.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416] . =============== Created Last 30 ================ . 2012-09-30 06:02:21 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76D721C7-DCEA-4B80-9C3D-065B9415592F}\offreg.dll 2012-09-28 09:22:48 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76D721C7-DCEA-4B80-9C3D-065B9415592F}\mpengine.dll 2012-09-26 08:04:58 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-23 00:53:42 -------- d-----w- C:\Users\phil\AppData\Roaming\Malwarebytes 2012-09-23 00:53:34 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-23 00:53:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-23 00:53:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-23 00:48:15 125952 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\CBF9.tmp.dat 2012-09-22 07:01:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-09-22 07:01:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-09-22 07:01:00 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-09-22 07:01:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll 2012-09-22 07:01:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll 2012-09-22 07:01:00 174216 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2012-09-22 07:01:00 140936 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2012-09-21 01:02:17 9573296 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-09-20 23:07:42 -------- d-----w- C:\Users\phil\Tracing 2012-09-18 10:29:32 -------- d-----w- C:\Program Files\Enigma Software Group 2012-09-18 10:28:16 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP 2012-09-18 04:19:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-09-18 04:19:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-09-18 04:16:49 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-09-18 04:14:41 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-18 04:14:41 -------- d-----w- C:\Program Files\iTunes 2012-09-18 04:14:41 -------- d-----w- C:\Program Files\iPod 2012-09-14 22:19:22 -------- d-----w- C:\Program Files (x86)\GOG.com 2012-09-12 08:40:37 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 08:40:36 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 08:40:36 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 08:40:35 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 08:40:30 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 08:40:30 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-12 08:40:30 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-09 22:42:22 -------- d-----w- C:\Users\phil\AppData\Roaming\Galaxy on Fire 2 Full HD 2012-09-04 22:23:17 -------- d-----w- C:\.dcsample_pictures 2012-09-04 22:20:49 -------- d-----w- C:\Users\phil\AppData\Roaming\gcstar 2012-09-04 22:20:01 -------- d-----w- C:\Program Files (x86)\GCstar 2012-09-04 21:57:55 -------- d-----w- C:\Users\phil\AppData\Local\Collectorz.com 2012-09-04 21:57:50 -------- d-----w- C:\Program Files (x86)\Collectorz.com 2012-09-03 23:06:51 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll . ==================== Find3M ==================== . 2012-09-21 01:02:47 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 01:02:47 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-09 17:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-07-09 17:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2011-08-16 02:52:12 13571624 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe . ============= FINISH: 19:07:19.26 =============== Link to comment Share on other sites More sharing options...
Conspire Posted October 5, 2012 Share Posted October 5, 2012 **In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. Hello there, Phil Collins I'm Conspire, I'll be glad to help you with your computer problems. Please observe these rules while we work: Read the entire procedure It is important to perform ALL actions in sequence. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with me till you're given the all clear. Remember, absence of symptoms does not mean the infection is all gone. Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on. --------------------------------------------------------------------------------------------------- Sorry for the delayed response. Do you still need help with this? If yes, kindly describe the problems and symptoms that you may have experienced in detail. Thanks --------------------------------------------------------------------------------------------------- Link to comment Share on other sites More sharing options...
Phil Collins Posted October 5, 2012 Author Share Posted October 5, 2012 Yes I still need assistance. If I search Google. about 3 in 10 search results send me someplace other than the result. Link to comment Share on other sites More sharing options...
Conspire Posted October 6, 2012 Share Posted October 6, 2012 Very important, does this occur to only Firefox or across all the web browsers you have? Any other symptoms that you are experiencing apart from redirect? i.e. warning pop-ups, etc. Please download aswMBR.exe and save it to your desktop. Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator) Allow it to update where necessary Click Scan Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet. You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well. =================================================== Download TDSSKiller.exe and save it to your desktop Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log. Once complete, a log will be produced at the root drive which is typically C: ,for example, C:TDSSKiller.<version_date_time>log.txt =================================================== On your next reply please post : aswMBR log MBR.dat (attachment) TDSS Killer log Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have. Good Day! Link to comment Share on other sites More sharing options...
Phil Collins Posted October 6, 2012 Author Share Posted October 6, 2012 Thanks again for your assistance. The issue only appears to happen in firefox. When I click a link in google, I get redirected to something other than what I selected. Chrome does not do this. I do not use IE TDSSKiller.2.8.10.0_06.10.2012_09.45.43_log.txt MBR.zip aswMBR.txt Link to comment Share on other sites More sharing options...
Conspire Posted October 6, 2012 Share Posted October 6, 2012 Thanks. That helps a lot. Now I know where we should be heading. Please read through these instructions to familiarize yourself with what to expect when this tool runs Refer to the ComboFix User's Guide Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT- Save ComboFix.exe to your Desktop ==================================================== Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs ==================================================== Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply for further review. Link to comment Share on other sites More sharing options...
Phil Collins Posted October 7, 2012 Author Share Posted October 7, 2012 Took a while but here we are... ComboFix.txt Link to comment Share on other sites More sharing options...
Conspire Posted October 8, 2012 Share Posted October 8, 2012 Very good! Download OTL to your Desktop Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Click on Minimal Output at the top Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save" Double click inside the Custom Scan box at the bottom A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel" Click the OK button and navigate to the file scan.txt which we just saved to your desktop Select scan.txt and click Open. Writing will now appear under the Custom Scan box Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic Link to comment Share on other sites More sharing options...
Phil Collins Posted October 8, 2012 Author Share Posted October 8, 2012 OTL logfile created on: 10/8/2012 12:53:41 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersphilDesktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 3.89 Gb Available Physical Memory | 48.63% Memory free 15.98 Gb Paging File | 10.99 Gb Available in Paging File | 68.74% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 918.72 Gb Total Space | 169.02 Gb Free Space | 18.40% Space Free | Partition Type: NTFS Drive D: | 902.25 Gb Total Space | 161.60 Gb Free Space | 17.91% Space Free | Partition Type: NTFS Drive H: | 1397.26 Gb Total Space | 687.95 Gb Free Space | 49.24% Space Free | Partition Type: NTFS Drive W: | 7.46 Gb Total Space | 6.98 Gb Free Space | 93.55% Space Free | Partition Type: FAT32 Computer Name: MOOCOW | User Name: phil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:UsersphilDesktopOTL.exe (OldTimer Tools) PRC - C:Program Files (x86)Common FilesSteamSteamService.exe (Valve Corporation) PRC - C:UsersphilAppDataLocalGoogleGoogle Talk Plugingoogletalkplugin.exe (Google) PRC - C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_4_402_278.exe (Adobe Systems, Inc.) PRC - C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation) PRC - C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe (Apple Inc.) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)CarboniteCarbonite BackupCarboniteUI.exe (Carbonite, Inc.) PRC - C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe (Apple Inc.) PRC - C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) PRC - C:Program Files (x86)SteamSteam.exe (Valve Corporation) PRC - C:Program Files (x86)FingerPrintFingerPrintService.exe (Collobos Software) PRC - C:Program Files (x86)PlexPlex Media ServerPlexDlnaServer.exe (Plex, Inc.) PRC - C:Program Files (x86)PlexPlex Media ServerPlexScriptHost.exe () PRC - C:Program Files (x86)PlexPlex Media ServerPlex Media Server.exe (Plex, Inc.) PRC - C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe (Eastman Kodak Company) PRC - C:Program Files (x86)KodakAiOCenterHelper.exe (Eastman Kodak Company) PRC - C:Program Files (x86)KodakAiOCenterAiOHomeCenter.exe (Eastman Kodak Company) PRC - C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe (Eastman Kodak Company) PRC - C:WindowsSysWOW64PnkBstrB.exe () PRC - C:WindowsSysWOW64PnkBstrA.exe () PRC - C:UsersphilAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.) PRC - C:UsersphilAppDataRoamingSpotifyDataSpotifyWebHelper.exe () PRC - C:Program Files (x86)SonyPlayMemories HomePMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe (Sony Corporation) PRC - C:Program Files (x86)AuslogicsAuslogics BoostSpeedBoostSpeed.exe (Auslogics) PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation) PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe (ESET) PRC - C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe () PRC - C:ProgramDataFLEXnetConnect11ISUSPM.exe (Acresso Corporation) PRC - C:Program Files (x86)Common FilesNuancedgnsvc.exe (Nuance Communications, Inc.) PRC - C:Program Files (x86)AudibleBinAudibleDownloadHelper.exe (Audible, Inc.) PRC - C:Program Files (x86)AirPrintairprint.exe (Apple Inc.) PRC - C:Program Files (x86)Common FilesMotiveMcciServiceHost.exe (Alcatel-Lucent) PRC - C:Program Files (x86)eFax Messenger 4.4J2GTray.exe (j2 Global Communications, Inc.) PRC - C:Program Files (x86)eFax Messenger 4.4J2GPBook.exe (j2 Global Communications, Inc.) PRC - C:Program Files (x86)eFax Messenger 4.4J2GDllCmd.exe (j2 Global Communications, Inc.) PRC - C:Program Files (x86)eFax Messenger 4.4J2GPlus.exe (j2 Global Communications, Inc.) PRC - C:Program FilesGatewayGateway UpdaterUpdaterService.exe (Acer Group) PRC - C:OEMUSBDECTIONUSBS3S4Detection.exe () PRC - C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe () PRC - C:Program Files (x86)Common FilesLogiShrdLQCVFXCOCIManager.exe () PRC - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe (Intel Corporation) PRC - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe (Intel Corporation) PRC - C:Program Files (x86)Common FilesLogiShrdLVMVFMLVPrS64H.exe (Logitech Inc.) PRC - C:Program Files (x86)GatewayRegistrationGregHSRW.exe (Acer Incorporated) PRC - C:Program Files (x86)Gateway Photo FrameButtonMonitor.exe (IOI) PRC - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:Program Files (x86)Steambinlibcef.dll () MOD - C:Program Files (x86)Steambinchromehtml.dll () MOD - C:Program Files (x86)Steambinavutil-51.dll () MOD - C:Program Files (x86)Steambinavformat-53.dll () MOD - C:Program Files (x86)Steambinavcodec-53.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79ppgooglenaclpluginchrome.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79PepperFlashpepflashplayer.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79pdf.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79libglesv2.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79libegl.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79avutil-51.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79avformat-54.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79avcodec-54.dll () MOD - C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_278.dll () MOD - C:Program Files (x86)Mozilla Firefoxmozjs.dll () MOD - C:Program Files (x86)PlexPlex Media ServerExtsOpenSSLSSL.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerExtssimplejson_speedups.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerExtsOpenSSLcrypto.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerExtsOpenSSLrand.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerExtslxmlobjectify.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerExtslxmletree.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_ssl.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_socket.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_multiprocessing.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_hashlib.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_ctypes.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLsunicodedata.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLspyexpat.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLsselect.pyd () MOD - C:Program Files (x86)PlexPlex Media Serverzlib1.dll () MOD - C:Program Files (x86)PlexPlex Media ServerWebKit.dll () MOD - C:Program Files (x86)PlexPlex Media Servertag.dll () MOD - C:Program Files (x86)PlexPlex Media Serversqlite3.dll () MOD - C:Program Files (x86)PlexPlex Media Serversoci_core-vc80-3_0.dll () MOD - C:Program Files (x86)PlexPlex Media Serversoci_sqlite3-vc80-3_0.dll () MOD - C:Program Files (x86)PlexPlex Media Serverlibxslt.dll () MOD - C:Program Files (x86)PlexPlex Media Serverlibxml2.dll () MOD - C:Program Files (x86)PlexPlex Media Serverlibexslt.dll () MOD - C:Program Files (x86)PlexPlex Media ServerJavascriptCore.dll () MOD - C:Program Files (x86)PlexPlex Media ServerCFLite.dll () MOD - C:Program Files (x86)PlexPlex Media Servercairo.dll () MOD - C:Program Files (x86)PlexPlex Media Serveravutil-50.dll () MOD - C:Program Files (x86)PlexPlex Media Serveravformat-52.dll () MOD - C:Program Files (x86)PlexPlex Media Serveravcodec-52.dll () MOD - C:Program Files (x86)PlexPlex Media ServerPlexScriptHost.exe () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Tray93975812864c17fc41ee7cd4d92c2aa1Inkjet.Tray.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Google.GData.Client909cbb3cddffd9f3c12080fc4f3f84f4Google.GData.Client.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Picasadcc301b44b97c0624a3683d211694feeInkjet.Picasa.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.PhotoBucket4d8b098d3ff9ed95545ecb942e823ac6Inkjet.PhotoBucket.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Flickrc518e7e720452a9f44b5634ce3b24367Inkjet.Flickr.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Facebook104f56e6aaac350ef60332acac26c912Inkjet.Facebook.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Editing8abfeaa6522fd0f5b947a52846c7e166Inkjet.Editing.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Destination4089c98567e600cde51beb871b943019Inkjet.Destination.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Browseb4d99aa57b5f0f120f76c2a489fce11fInkjet.Browse.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32EastmanKodakCompany#af5fe45e9295216b7d5bf03226e34c48EastmanKodakCompany.EasyShare.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.EasyShareff483461097fd3d966b92feab6528d1cInkjet.EasyShare.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.IO1be959412a7ea2e9ea10c18b8f721d98Inkjet.IO.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Helperfc6e1a2c4a6d06fcd4852d9d4ba3cab6Helper.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32HRIntp.Interop48eefe51e1b954aa106c9a6822c2e34fHRIntp.Interop.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Tools87fcc341251251730f4b32d5847a1a8bInkjet.Tools.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Scan997932eb7ac4e619cbed251eae0e5c13Inkjet.Scan.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32AiOHomeCenter823eb78d1b44dd675b55652d9cf0951dAiOHomeCenter.ni.exe () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Scanningd294d39e60545d16d3cee90a65b066c5Inkjet.Scanning.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Automation4a939fe61e0b13d1f8d4d252f68abda0Inkjet.Automation.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Windowscb53ab1b9ad1b63d4f888af63932ade6Inkjet.Windows.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Printing1206f877b17b28c643b3cc57353c83fbInkjet.Printing.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.DeviceSettin#132f0d3bdd8a0c5aaa116a7c2a3fa7f3Inkjet.DeviceSettings.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32ShellLibcc6d956d81e21886f5308aaadfed28f7ShellLib.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Utilitiesada4223c4f1033bbde3de717551416f5Inkjet.Utilities.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Localization05c5e140000f0db1a540c4fcde234e4eInkjet.Localization.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Diagnostics656570e73bb248bdcbc918987c7e8624Inkjet.Diagnostics.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Interop.WIA1e93b1ebc6132e4a7e18fee3aabf551aInterop.WIA.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Hardwaref165ea00266bc4a83a533c23686ef715Inkjet.Hardware.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Statistics6e986bb8ce5b666873743d97f9708648Inkjet.Statistics.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Interop.EKAiO2SDKLib240d5e0943c8db375164cda9ed934009Interop.EKAiO2SDKLib.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Configurationfea5b8b89a5c4d9130274f59527cfdd1Inkjet.Configuration.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32InkjetCore29e6e616fcb2dd7e933a6c5f0a1e15bfInkjetCore.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32CommonControlsb60b4a7c44a003da13d794e7c06764a9CommonControls.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.ServiceProce#69ca4a43ba14b66689715ad62aed70e6System.ServiceProcess.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Runtime.Remo#03dee80574f4ec770b6f77ca030ded6cSystem.Runtime.Remoting.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Weba501b7960f6c6e2e39162b83f3303aaaSystem.Web.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms7b7fbe651c6e72f12099a298654c9594System.Windows.Forms.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawing6bb439b3f87736d3248ae27d43e2c0d6System.Drawing.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmlba3d70b651454c7d49b407b93663bfedSystem.Xml.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Configurationcfa9c506bfb9254c89dace7b83bc9f9dSystem.Configuration.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Systemce9ff6baf9053ed2ed673d948179195cSystem.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32mscorlibacfc1391e45fedd2a359778ea57d914cmscorlib.ni.dll () MOD - C:Program Files (x86)KodakAiOCenterInkjet.PrintProject.dll () MOD - C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionssupport@lastpass.complatformWINNT_x86-msvccomponentslpxpcom.dll () MOD - C:Program Files (x86)KodakAiOCenterEastmanKodakCompany.EasyShare.dll () MOD - C:UsersphilAppDataRoamingSpotifyDataSpotifyWebHelper.exe () MOD - C:Program Files (x86)NVIDIA Corporation3D VisionNv3DVStreaming.dll () MOD - C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll () MOD - C:Program Files (x86)Common Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF () MOD - C:Program Files (x86)Microsoft OfficeOffice141033GrooveIntlResource.dll () MOD - C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe () MOD - C:Program Files (x86)Common FilesLogiShrdLQCVFXCOCIManager.exe () MOD - C:Program Files (x86)Gateway Photo FrameIOIUSBLib.dll () MOD - C:Program Files (x86)Gateway Photo FrameIOIHIDLib.dll () ========== Services (SafeList) ========== SRV:64bit: - (CarboniteService) -- C:Program FilesCarboniteCarbonite BackupCarboniteService.exe (Carbonite, Inc. (www.carbonite.com)) SRV:64bit: - (ekrn) -- C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe (ESET) SRV:64bit: - (arXfrSvc) -- C:Program FilesWindows Home ServerMicrosoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation) SRV:64bit: - (esClient) -- C:Program FilesWindows Home ServeresClient.exe (Microsoft Corporation) SRV:64bit: - (WHSConnector) -- C:Program FilesWindows Home ServerWHSConnector.exe (Microsoft Corporation) SRV:64bit: - (ZuneWlanCfgSvc) -- C:Program FilesZuneZuneWlanCfgSvc.exe (Microsoft Corporation) SRV:64bit: - (WMZuneComm) -- C:Program FilesZuneWMZuneComm.exe (Microsoft Corporation) SRV:64bit: - (ZuneNetworkSvc) -- C:Program FilesZuneZuneNss.exe (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:Program FilesGatewayGateway UpdaterUpdaterService.exe (Acer Group) SRV:64bit: - (LVPrcS64) -- C:Program FilesCommon FileslogishrdLVMVFMLVPrcSrv.exe (Logitech Inc.) SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:Program Files (x86)Common FilesSteamSteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation) SRV - (FingerPrint) -- C:Program Files (x86)FingerPrintFingerPrintService.exe (Collobos Software) SRV - (SkypeUpdate) -- C:Program Files (x86)SkypeUpdaterUpdater.exe (Skype Technologies) SRV - (Kodak AiO Status Monitor Service) -- C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe (Eastman Kodak Company) SRV - (Kodak AiO Network Discovery Service) -- C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe (Eastman Kodak Company) SRV - (PnkBstrB) -- C:WindowsSysWOW64PnkBstrB.exe () SRV - (PnkBstrA) -- C:WindowsSysWOW64PnkBstrA.exe () SRV - (PMBDeviceInfoProvider) -- C:Program Files (x86)SonyPlayMemories HomePMBDeviceInfoProvider.exe (Sony Corporation) SRV - (HiPatchService) -- C:Program Files (x86)Hi-Rez StudiosHiPatchService.exe (Hi-Rez Studios) SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) SRV - (DragonSvc) -- C:Program Files (x86)Common FilesNuancedgnsvc.exe (Nuance Communications, Inc.) SRV - (AirPrint) -- C:Program Files (x86)AirPrintairprint.exe (Apple Inc.) SRV - (McciServiceHost) -- C:Program Files (x86)Common FilesMotiveMcciServiceHost.exe (Alcatel-Lucent) SRV - (rpcapd) -- C:Program Files (x86)WinPcaprpcapd.exe (CACE Technologies, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:Program Files (x86)Common FilesNeroNero BackItUp 4NBService.exe (Nero AG) SRV - (USBS3S4Detection) -- C:OEMUSBDECTIONUSBS3S4Detection.exe () SRV - (IAANTMON) -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe (Intel Corporation) SRV - (Greg_Service) -- C:Program Files (x86)GatewayRegistrationGregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:Program FilesEnigma Software GroupSpyHunteresgiguard.sys File not found DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation) DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:WindowsSysNativedriversnvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (eamonm) -- C:WindowsSysNativedriverseamonm.sys (ESET) DRV:64bit: - (ehdrv) -- C:WindowsSysNativedriversehdrv.sys (ESET) DRV:64bit: - (epfwwfpr) -- C:WindowsSysNativedriversepfwwfpr.sys (ESET) DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ivusb) -- C:WindowsSysNativedriversivusb.sys (Initio Corporation) DRV:64bit: - (MRESP50a64) -- C:Program FilesCommon FilesMotiveMRESP50a64.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV:64bit: - (MREMP50a64) -- C:Program FilesCommon FilesMotiveMREMP50a64.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV:64bit: - (RTL8192su) -- C:WindowsSysNativedriversRTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (NPF) -- C:WindowsSysNativedriversnpf.sys (CACE Technologies, Inc.) DRV:64bit: - (tbhsd) -- C:WindowsSysNativedriverstbhsd.sys (RapidSolution Software AG) DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:WindowsSysNativedriversiaStor.sys (Intel Corporation) DRV:64bit: - (LGVirHid) -- C:WindowsSysNativedriversLGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:WindowsSysNativedriversLGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:WindowsSysNativedriversLVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:WindowsSysNativedriversLVPr2M64.sys () DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (LVRS64) -- C:WindowsSysNativedriverslvrs64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) -- C:WindowsSysNativedriversLV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:WindowsSysNativedriverslv302a64.sys (Logitech Inc.) DRV:64bit: - (SndTAudio) -- C:WindowsSysNativedriversSndTAudio.sys (Windows ® Codename Longhorn DDK provider) DRV:64bit: - (xusb21) -- C:WindowsSysNativedriversxusb21.sys (Microsoft Corporation) DRV:64bit: - (LVUSBS64) -- C:WindowsSysNativedriversLVUSBS64.sys (Logitech Inc.) DRV:64bit: - (RimUsb) -- C:WindowsSysNativedriversRimUsb_AMD64.sys (Research In Motion Limited) DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 IE - HKLM..SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM..SearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 IE - HKCU..SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU..SearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS442US442 IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: denggb@balandro.net:1.6 FF - prefs.js..extensions.enabledAddons: exif_viewer@mozilla.doslash.org:2.00 FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0 FF - prefs.js..extensions.enabledAddons: vsgtbubccc@vsgtbubccc.org:1.0 FF - prefs.js..extensions.enabledAddons: {473f9a20-ce5a-11da-a94d-0800200c9a66}:0.7 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_278.dll () FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll () FF - HKLMSoftwareMozillaPlugins@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:PROGRAM FILES (X86)FOXIT SOFTWAREFOXIT READERpluginsnpFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLMSoftwareMozillaPlugins@garmin.com/GpsControl: C:Program Files (x86)Garmin GPS PluginnpGarmin.dll (GARMIN Corp.) FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.) FF - HKLMSoftwareMozillaPlugins@logitech.com/HarmonyRemote,version=1.0.0: C:Program Files (x86)LogitechHarmony Remote DriverNprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=14.0.8081.0709: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@nvidia.com/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation) FF - HKLMSoftwareMozillaPlugins@nvidia.com/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLMSoftwareMozillaPlugins@pandonetworks.com/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.2: C:Program Files (x86)VideoLANVLCnpvlc.dll (VideoLAN) FF - HKCUSoftwareMozillaPlugins@talk.google.com/GoogleTalkPlugin: C:UsersphilAppDataRoamingMozillapluginsnpgoogletalk.dll (Google) FF - HKCUSoftwareMozillaPlugins@talk.google.com/O3DPlugin: C:UsersphilAppDataRoamingMozillapluginsnpgtpo3dautoplugin.dll () FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:UsersphilAppDataLocalGoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:UsersphilAppDataLocalGoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPlugins@unity3d.com/UnityPlayer,version=1.0: C:UsersphilAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) FF - HKCUSoftwareMozillaPluginspandonetworks.com/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINEsoftwaremozillaThunderbirdExtensionseplgTb@eset.com: C:PROGRAM FILESESETESET NOD32 ANTIVIRUSMOZILLA THUNDERBIRD [2012/04/02 06:18:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 15.0.1extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/09/11 21:52:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 15.0.1extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/06/24 10:25:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaThunderbirdExtensionseplgTb@eset.com: C:Program FilesESETESET NOD32 AntivirusMozilla Thunderbird [2012/04/02 06:18:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 15.0.1extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/09/11 21:52:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 15.0.1extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/06/24 10:25:31 | 000,000,000 | ---D | M] [2012/05/11 20:50:38 | 000,000,000 | ---D | M] (No name found) -- C:UsersphilAppDataRoamingMozillaExtensions [2012/05/11 20:50:38 | 000,000,000 | ---D | M] (No name found) -- C:UsersphilAppDataRoamingMozillaExtensionsprism@developer.mozilla.org [2012/09/03 19:06:53 | 000,000,000 | ---D | M] (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensions [2012/06/21 19:00:08 | 000,000,000 | ---D | M] (LastPass) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionssupport@lastpass.com [2011/12/14 00:57:28 | 000,060,571 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsdenggb@balandro.net.xpi [2012/09/03 19:06:53 | 000,230,013 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsexif_viewer@mozilla.doslash.org.xpi [2012/04/27 17:18:09 | 000,272,844 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsjid1-F9UJ2thwoAm5gQ@jetpack.xpi [2012/05/26 23:31:27 | 000,401,328 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsjid1-xUfzOsOFlzSOXg@jetpack.xpi [2012/05/27 13:17:52 | 000,004,733 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsvsgtbubccc@vsgtbubccc.org.xpi [2011/09/01 09:38:54 | 000,026,347 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensions{473f9a20-ce5a-11da-a94d-0800200c9a66}.xpi [2012/01/10 19:29:15 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions [2012/09/11 21:52:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll [2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpwachk.dll [2012/09/03 19:06:50 | 000,002,465 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml [2012/09/03 19:06:50 | 000,002,253 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:UsersphilAppDataLocalGoogleChromeApplication16.0.912.63ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:UsersphilAppDataLocalGoogleChromeApplication16.0.912.63pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:UsersphilAppDataLocalGoogleChromeApplication16.0.912.63gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:WindowsSysWOW64MacromedFlashNPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:Program Files (x86)AdobeReader 9.0ReaderBrowsernppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:UsersphilAppDataRoamingMozillapluginsnpgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:UsersphilAppDataRoamingMozillapluginsnpgtpo3dautoplugin.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:PROGRAM FILES (X86)FOXIT SOFTWAREFOXIT READERpluginsnpFoxitReaderPlugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll CHR - plugin: Windows Liveu00AE Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll CHR - plugin: Unity Player (Enabled) = C:UsersphilAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.2_0 CHR - Extension: YouTube = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0 CHR - Extension: Google Search = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.14_1 CHR - Extension: Google Search = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0 CHR - Extension: Gmail = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia6.1.4_0 CHR - Extension: Gmail = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0 O1 HOSTS File: ([2012/10/07 13:17:44 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:Program Files (x86)LastPassLPBar64.dll (LastPass) O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:Program FilesWindows Home ServerWHSDeskBands.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:Program Files (x86)LastPassLPBar.dll (LastPass) O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM..Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:Program Files (x86)LastPassLPBar64.dll (LastPass) O3:64bit: - HKLM..Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:Program FilesWindows Home ServerWHSDeskBands.dll (Microsoft Corporation) O3 - HKLM..Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:Program Files (x86)LastPassLPBar.dll (LastPass) O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..Run: [egui] C:Program FilesESETESET NOD32 Antivirusegui.exe (ESET) O4:64bit: - HKLM..Run: [EKIJ5000StatusMonitor] C:WindowsSysNativespooldriversx643EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..Run: [iAAnotif] C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..Run: [Launch LCore] C:Program FilesLogitech Gaming SoftwareLCore.exe (Logitech Inc.) O4:64bit: - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..Run: [Zune Launcher] C:Program FilesZuneZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) O4 - HKLM..Run: [Carbonite Backup] C:Program Files (x86)CarboniteCarbonite BackupCarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..Run: [Conime] %windir%system32conime.exe File not found O4 - HKLM..Run: [DNS7reminder] C:Program Files (x86)NuanceNaturallySpeaking11EregEreg.exe (Nuance Communications, Inc.) O4 - HKLM..Run: [EKIJ5000StatusMonitor] C:Windowssystem32spoolDRIVERSx643EKIJ5000MUI.exe File not found O4 - HKLM..Run: [Gateway Photo Frame] C:Program Files (x86)Gateway Photo FrameButtonMonitor.exe (IOI) O4 - HKLM..Run: [LogitechQuickCamRibbon] C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe () O4 - HKLM..Run: [PMBVolumeWatcher] C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe (Sony Corporation) O4 - HKCU..Run: [ApplePhotoStreams] C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..Run: [eFax 4.4] C:Program Files (x86)eFax Messenger 4.4J2GDllCmd.exe (j2 Global Communications, Inc.) O4 - HKCU..Run: [iCloudServices] C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe (Apple Inc.) O4 - HKCU..Run: [iSUSPM] C:ProgramDataFLEXnetConnect11ISUSPM.exe (Acresso Corporation) O4 - HKCU..Run: [Pando Media Booster] C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe () O4 - HKCU..Run: [Plex Media Server] C:Program Files (x86)PlexPlex Media ServerPlex Media Server.exe (Plex, Inc.) O4 - HKCU..Run: [spotify Web Helper] C:UsersphilAppDataRoamingSpotifyDataSpotifyWebHelper.exe () O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..Run: [steam] C:Program Files (x86)Steamsteam.exe (Valve Corporation) O4 - Startup: C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDropbox.lnk = C:UsersphilAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.) O4 - Startup: C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupeFax 4.4.lnk = C:Program Files (x86)eFax Messenger 4.4J2GTray.exe (j2 Global Communications, Inc.) O4 - Startup: C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMy Program.lnk = C:Program Files (x86)FingerPrintFingerPrint.exe (Collobos Software) O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O8:64bit: - Extra context menu item: LastPass - file://C:Program Files (x86)LastPasscontext.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:Program Files (x86)LastPasscontext.html?cmd=fillforms File not found O8 - Extra context menu item: LastPass - file://C:Program Files (x86)LastPasscontext.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:Program Files (x86)LastPasscontext.html?cmd=fillforms File not found O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:Program Files (x86)LastPassLPBar64.dll (LastPass) O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:Program Files (x86)LastPassLPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:Program Files (x86)LastPassLPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5Catalog_Entries000000000007 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU..Trusted Domains: $talisma_url$ ([]https in Trusted sites) O15 - HKCU..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU..Trusted Domains: localhost ([]* in Local intranet) O15 - HKCU..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{0ACC7907-B634-4F26-B2BC-1EC4C5BC96A5}: DhcpNameServer = 192.168.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{8EF916CF-C649-4EC3-8A53-706A022EE6C6}: DhcpNameServer = 192.168.1.254 O18:64bit: - ProtocolHandlerlivecall - No CLSID value found O18:64bit: - ProtocolHandlerms-help - No CLSID value found O18:64bit: - ProtocolHandlerms-itss - No CLSID value found O18:64bit: - ProtocolHandlermsnim - No CLSID value found O18:64bit: - ProtocolHandlerskype4com - No CLSID value found O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM..comfile [open] -- "%1" %* O35:64bit: - HKLM..exefile [open] -- "%1" %* O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystemsWindows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/10/08 00:52:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:UsersphilDesktopOTL.exe [2012/10/07 13:17:51 | 000,000,000 | ---D | C] -- C:$RECYCLE.BIN [2012/10/06 23:51:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe [2012/10/06 23:51:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe [2012/10/06 23:51:26 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe [2012/10/06 23:48:33 | 004,762,471 | R--- | C] (Swearware) -- C:UsersphilDesktopComboFix.exe [2012/10/06 23:48:02 | 000,000,000 | ---D | C] -- C:Qoobox [2012/10/06 23:47:19 | 000,000,000 | ---D | C] -- C:Windowserdnt [2012/10/06 09:38:04 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:UsersphilDesktoptdsskiller.exe [2012/10/06 09:35:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:UsersphilDesktopaswMBR.exe [2012/10/05 19:54:43 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingj2 Global [2012/10/05 19:54:08 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingeFax Messenger [2012/10/05 19:54:07 | 000,000,000 | ---D | C] -- C:ProgramDataeFax Messenger 4.4 Output [2012/10/05 19:53:59 | 000,000,000 | ---D | C] -- C:UsersphilDocumentseFax Messenger 4.4 [2012/10/05 19:53:58 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramseFax Messenger 4.4 [2012/10/05 19:53:24 | 000,000,000 | ---D | C] -- C:Program Files (x86)eFax Messenger 4.4 [2012/10/04 19:57:33 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCarbonite [2012/09/27 18:43:51 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiCloud [2012/09/26 04:04:58 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeOxpsConverter.exe [2012/09/22 20:53:42 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingMalwarebytes [2012/09/22 20:53:35 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware [2012/09/22 20:53:34 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes [2012/09/22 20:53:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys [2012/09/22 20:53:33 | 000,000,000 | ---D | C] -- C:Program Files (x86)Malwarebytes' Anti-Malware [2012/09/22 03:01:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll [2012/09/22 03:01:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll [2012/09/22 03:01:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll [2012/09/22 03:00:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll [2012/09/22 03:00:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll [2012/09/22 03:00:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieUnatt.exe [2012/09/22 03:00:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieUnatt.exe [2012/09/22 03:00:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll [2012/09/22 03:00:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl [2012/09/22 03:00:53 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll [2012/09/22 03:00:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl [2012/09/22 03:00:53 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll [2012/09/22 03:00:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll [2012/09/22 03:00:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevbscript.dll [2012/09/22 03:00:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll [2012/09/20 19:07:42 | 000,000,000 | ---D | C] -- C:UsersphilTracing [2012/09/18 18:10:54 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuPrograms7-Zip [2012/09/18 18:10:54 | 000,000,000 | ---D | C] -- C:Program Files7-Zip [2012/09/18 06:29:32 | 000,000,000 | ---D | C] -- C:Program FilesEnigma Software Group [2012/09/18 00:19:09 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy [2012/09/18 00:19:04 | 000,000,000 | ---D | C] -- C:ProgramDataSpybot - Search & Destroy [2012/09/18 00:19:04 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy [2012/09/18 00:16:53 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes [2012/09/18 00:16:49 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:WindowsSysNativedriversGEARAspiWDM.sys [2012/09/18 00:14:41 | 000,000,000 | ---D | C] -- C:Program FilesiTunes [2012/09/18 00:14:41 | 000,000,000 | ---D | C] -- C:Program FilesiPod [2012/09/18 00:14:41 | 000,000,000 | ---D | C] -- C:ProgramData34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/09/14 18:19:24 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsGOG.com [2012/09/14 18:19:22 | 000,000,000 | ---D | C] -- C:Program Files (x86)GOG.com [2012/09/12 04:40:36 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived3d10level9.dll [2012/09/12 04:40:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversRNDISMP.sys [2012/09/12 04:40:30 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversnetio.sys [2012/09/12 04:40:30 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversFWPKCLNT.SYS [2012/09/09 18:42:22 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingGalaxy on Fire 2 Full HD [2011/08/15 22:52:11 | 013,571,624 | ---- | C] (LastPass) -- C:Program Files (x86)Common Fileslpuninstall.exe [2 C:Windows*.tmp files -> C:Windows*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/08 01:02:00 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job [2012/10/08 00:59:00 | 000,000,898 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job [2012/10/08 00:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersphilDesktopOTL.exe [2012/10/08 00:44:00 | 000,000,904 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-521803664-223263629-1628716014-1001UA.job [2012/10/07 14:59:01 | 000,000,894 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job [2012/10/07 14:35:04 | 000,000,359 | ---- | M] () -- C:UsersphilDesktopprofile.bin [2012/10/07 13:17:44 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts [2012/10/07 10:36:57 | 000,009,920 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/07 10:36:57 | 000,009,920 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/07 10:27:45 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2012/10/07 10:27:24 | 2140,491,775 | -HS- | M] () -- C:hiberfil.sys [2012/10/07 06:44:00 | 000,000,852 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-521803664-223263629-1628716014-1001Core.job [2012/10/06 23:46:28 | 004,762,471 | R--- | M] (Swearware) -- C:UsersphilDesktopComboFix.exe [2012/10/06 09:54:35 | 000,000,497 | ---- | M] () -- C:UsersphilDesktopMBR.zip [2012/10/06 09:45:37 | 000,000,512 | ---- | M] () -- C:UsersphilDesktopMBR.dat [2012/10/06 09:37:26 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:UsersphilDesktoptdsskiller.exe [2012/10/06 09:34:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:UsersphilDesktopaswMBR.exe [2012/10/05 19:54:06 | 000,001,031 | ---- | M] () -- C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupeFax 4.4.lnk [2012/10/05 19:54:06 | 000,001,002 | ---- | M] () -- C:UsersphilDesktopeFax Compose Fax 4.4.lnk [2012/10/05 19:54:06 | 000,000,995 | ---- | M] () -- C:UsersphilDesktopeFax Messenger 4.4.lnk [2012/10/04 19:57:33 | 000,002,139 | ---- | M] () -- C:UsersPublicDesktopCarbonite InfoCenter.lnk [2012/10/02 18:54:01 | 000,001,007 | ---- | M] () -- C:UsersPublicDesktopHero Lab.lnk [2012/10/01 06:27:37 | 000,000,854 | ---- | M] () -- C:Usersphil.recently-used.xbel [2012/09/26 18:45:20 | 000,002,484 | ---- | M] () -- C:UsersphilDesktopGoogle Chrome.lnk [2012/09/22 22:52:31 | 000,001,086 | ---- | M] () -- C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMy Program.lnk [2012/09/22 20:53:35 | 000,001,116 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/09/20 21:02:47 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2012/09/20 21:02:47 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl [2012/09/18 17:53:15 | 000,793,184 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI [2012/09/18 17:53:15 | 000,660,296 | ---- | M] () -- C:WindowsSysNativeperfh009.dat [2012/09/18 17:53:15 | 000,121,224 | ---- | M] () -- C:WindowsSysNativeperfc009.dat [2012/09/18 00:19:09 | 000,001,289 | ---- | M] () -- C:UsersphilApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/09/18 00:19:09 | 000,001,265 | ---- | M] () -- C:UsersphilDesktopSpybot - Search & Destroy.lnk [2012/09/18 00:16:53 | 000,001,790 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk [2012/09/14 18:19:24 | 000,002,106 | ---- | M] () -- C:UsersPublicDesktopFaster Than Light.lnk [2012/09/09 12:50:08 | 000,000,734 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120918-063047.backup [2 C:Windows*.tmp files -> C:Windows*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/07 14:35:02 | 000,000,359 | ---- | C] () -- C:UsersphilDesktopprofile.bin [2012/10/06 23:51:26 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe [2012/10/06 23:51:26 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe [2012/10/06 23:51:26 | 000,098,816 | ---- | C] () -- C:Windowssed Link to comment Share on other sites More sharing options...
Conspire Posted October 9, 2012 Share Posted October 9, 2012 Hi there, Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL :OTL [2011/12/14 00:57:28 | 000,060,571 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsdenggb@balandro.net.xpi [2012/09/03 19:06:53 | 000,230,013 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsexif_viewer@mozilla.doslash.org.xpi [2012/04/27 17:18:09 | 000,272,844 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsjid1-F9UJ2thwoAm5gQ@jetpack.xpi [2012/05/26 23:31:27 | 000,401,328 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsjid1-xUfzOsOFlzSOXg@jetpack.xpi [2012/05/27 13:17:52 | 000,004,733 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsvsgtbubccc@vsgtbubccc.org.xpi [2011/09/01 09:38:54 | 000,026,347 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensions{473f9a20-ce5a-11da-a94d-0800200c9a66}.xpi :Commands [EMPTYTEMP] [RESETHOSTS] [CREATERESTOREPOINT] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script. =================================================== -AdwCleaner- Please download AdwCleaner by Xplode onto your desktop. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click on Delete. Confirm each time with Ok. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile with your next answer. You can find the logfile at C:AdwCleaner[s1].txt as well. =================================================== I need you to make a batch file. Open a new Notepad session Click the Start button, click Run In the run box type notepad Click OK In the notepad, Click "Format" and be certain that Word Wrap is not checked. Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE @Echo on ipconfig /release ipconfig /renew ipconfig /flushdns netsh winsock reset all netsh int ip reset all shutdown -r -t 1 del %0 In the notepad Click File, Save as..., and set the Save in to your Desktop In the filename box, type (including quotation marks) as the filename: "flush.bat" Click Save You should now have a file on your desktop with an icon like this Double click on flush.bat & allow it to run. A small black screen may briefly flash on and off, that normal. =================================================== On your next reply please post : OTL fix log Fresh OTL log AdwCleaner log Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have. Good Day! Link to comment Share on other sites More sharing options...
Phil Collins Posted October 11, 2012 Author Share Posted October 11, 2012 Sorry for the delay OTL.Txt fix otl.txt AdwCleanerS1.txt Link to comment Share on other sites More sharing options...
Conspire Posted October 12, 2012 Share Posted October 12, 2012 No worries. How is it running so far? Link to comment Share on other sites More sharing options...
Phil Collins Posted October 12, 2012 Author Share Posted October 12, 2012 Smooth as glass. Can you tell me what you saw? Link to comment Share on other sites More sharing options...
Conspire Posted October 12, 2012 Share Posted October 12, 2012 What you had was malicious toolbar installed that caused the redirect. It's been addressed now. Follow these steps to uninstall Combofix Click START then RUN Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there. Combofix /Uninstall =================================================== Clean up with OTL: Double-click OTL.exe to start the program. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CLEANUP button Say Yes to the prompt and then allow the program to reboot your computer. =================================================== Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred. -------------------------------------------------------------------------------------------------------------- MICROSOFT UPDATES It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. Passwords It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe. SPYWARE PREVENTION This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles: How Did I Get Infected In The First Place? by TonyKlein How to Prevent Malware by miekiemoes PC Safety and Security--What Do I Need? To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites: Green to go Yellow for caution Red to stop WOT has an add-on available for both Firefox and IE. SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here Download Host.zip and Save it to your Desktop. Right-click hosts.zip and select 'Extract all files' or 'Extract files...'. Follow the prompts and click 'Finish'. This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. Once updated you should see another prompt that the task was completed. Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically. Hopefully this should take care of your problems! Good luck. Do you have any questions or problems to ask? Please do not hesitate to do so. **Please respond this one more time to ensure it is resolved and close this topic. Link to comment Share on other sites More sharing options...
.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
Recommended Posts