Jump to content

My Browser has been HiJacked I hope you can help


Recommended Posts

Good afternoon,

I believe my system may be compromised and I cannot figure out how to undo this. below are my logs from DDS Please let me know what else I should provide :

 

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by phil at 19:05:58 on 2012-10-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.4641 [GMT -4:00]

.

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Program Files\Windows Home Server\esClient.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\FingerPrint\FingerPrintService.exe

C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe

C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\OEM\USBDECTION\USBS3S4Detection.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AirPrint\airprint.exe

C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\splwow64.exe

C:\Program Files\Windows Home Server\WHSConnector.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Users\phil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files\Windows Home Server\WHSTrayApp.exe

C:\Users\phil\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\FingerPrint\FingerPrint.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe

C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe

C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\phil\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Windows\system32\DllHost.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskeng.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [Google Update] "C:\Users\phil\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

uRun: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler

uRun: [spotify Web Helper] "C:\Users\phil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A

mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun: [Conime] %windir%\system32\conime.exe

mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe

mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"

StartupFolder: C:\Users\phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\phil\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPROG~1.LNK - C:\Program Files (x86)\FingerPrint\FingerPrint.exe

StartupFolder: C:\Users\phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UVREAL~1.LNK - C:\Program Files (x86)\UV Realtime\UVRTAutostart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

Trusted Zone: $talisma_url$

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0ACC7907-B634-4F26-B2BC-1EC4C5BC96A5} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8EF916CF-C649-4EC3-8A53-706A022EE6C6} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll

BHO-X64: LastPass Browser Helper Object - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A

mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun-x64: [Conime] %windir%\system32\conime.exe

mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe

mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\g5dfm5sk.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\phil\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\phil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\phil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\phil\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AirPrint;AirPrint;C:\Program Files (x86)\AirPrint\airprint.exe -s --> C:\Program Files (x86)\AirPrint\airprint.exe -s [?]

R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]

R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]

R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]

R2 FingerPrint;FingerPrint Service;C:\Program Files (x86)\FingerPrint\FingerPrintService.exe -start --> C:\Program Files (x86)\FingerPrint\FingerPrintService.exe -start [?]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-24 8704]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712]

R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 676936]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-8-29 517632]

R2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2011-8-29 315392]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-31 2348352]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-4-22 474168]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-18 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-14 243232]

R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]

R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-31 135664]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250288]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-31 135664]

S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 114144]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]

S3 SndTAudio;SndTAudio;C:\Windows\system32\drivers\SndTAudio.sys --> C:\Windows\system32\drivers\SndTAudio.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]

.

=============== Created Last 30 ================

.

2012-09-30 06:02:21 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76D721C7-DCEA-4B80-9C3D-065B9415592F}\offreg.dll

2012-09-28 09:22:48 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76D721C7-DCEA-4B80-9C3D-065B9415592F}\mpengine.dll

2012-09-26 08:04:58 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-09-23 00:53:42 -------- d-----w- C:\Users\phil\AppData\Roaming\Malwarebytes

2012-09-23 00:53:34 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-23 00:53:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-23 00:53:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-23 00:48:15 125952 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\CBF9.tmp.dat

2012-09-22 07:01:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-09-22 07:01:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-09-22 07:01:00 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-09-22 07:01:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2012-09-22 07:01:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll

2012-09-22 07:01:00 174216 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2012-09-22 07:01:00 140936 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2012-09-21 01:02:17 9573296 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-09-20 23:07:42 -------- d-----w- C:\Users\phil\Tracing

2012-09-18 10:29:32 -------- d-----w- C:\Program Files\Enigma Software Group

2012-09-18 10:28:16 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP

2012-09-18 04:19:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-09-18 04:19:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-09-18 04:16:49 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-09-18 04:14:41 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-18 04:14:41 -------- d-----w- C:\Program Files\iTunes

2012-09-18 04:14:41 -------- d-----w- C:\Program Files\iPod

2012-09-14 22:19:22 -------- d-----w- C:\Program Files (x86)\GOG.com

2012-09-12 08:40:37 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-12 08:40:36 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-12 08:40:36 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-12 08:40:35 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-12 08:40:30 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-12 08:40:30 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-09-12 08:40:30 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-09 22:42:22 -------- d-----w- C:\Users\phil\AppData\Roaming\Galaxy on Fire 2 Full HD

2012-09-04 22:23:17 -------- d-----w- C:\.dcsample_pictures

2012-09-04 22:20:49 -------- d-----w- C:\Users\phil\AppData\Roaming\gcstar

2012-09-04 22:20:01 -------- d-----w- C:\Program Files (x86)\GCstar

2012-09-04 21:57:55 -------- d-----w- C:\Users\phil\AppData\Local\Collectorz.com

2012-09-04 21:57:50 -------- d-----w- C:\Program Files (x86)\Collectorz.com

2012-09-03 23:06:51 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

.

==================== Find3M ====================

.

2012-09-21 01:02:47 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-21 01:02:47 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-09 17:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-07-09 17:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2011-08-16 02:52:12 13571624 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

.

============= FINISH: 19:07:19.26 ===============

Link to post
Share on other sites

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)

Hello there, Phil Collins

 

:wp:

 

I'm Conspire, I'll be glad to help you with your computer problems.

 

Please observe these rules while we work:

  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

 

---------------------------------------------------------------------------------------------------

 

Sorry for the delayed response. Do you still need help with this? If yes, kindly describe the problems and symptoms that you may have experienced in detail.

 

Thanks

 

---------------------------------------------------------------------------------------------------

Link to post
Share on other sites

Very important, does this occur to only Firefox or across all the web browsers you have?

 

Any other symptoms that you are experiencing apart from redirect? i.e. warning pop-ups, etc.

 

Please download aswMBR.exe and save it to your desktop.

  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

     

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

 

Download TDSSKiller.exe and save it to your desktop

 

Execute TDSSKiller.exe by doubleclicking on it.

Press Start Scan

If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.

Once complete, a log will be produced at the root drive which is typically C: ,for example, C:TDSSKiller.<version_date_time>log.txt

 

===================================================

 

On your next reply please post :

aswMBR log

MBR.dat (attachment)

TDSS Killer log

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to post
Share on other sites

Thanks. That helps a lot. Now I know where we should be heading.

 

Please read through these instructions to familiarize yourself with what to expect when this tool runs

 

Refer to the ComboFix User's Guide

 

 

Download ComboFix from one of these locations:

Link 1

Link 2

 

 

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

 

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

 

 

====================================================

 

 

Double click on combofix.exe & follow the prompts.

 

 

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Very good!

 

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
Link to post
Share on other sites

OTL logfile created on: 10/8/2012 12:53:41 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersphilDesktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.99 Gb Total Physical Memory | 3.89 Gb Available Physical Memory | 48.63% Memory free

15.98 Gb Paging File | 10.99 Gb Available in Paging File | 68.74% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 918.72 Gb Total Space | 169.02 Gb Free Space | 18.40% Space Free | Partition Type: NTFS

Drive D: | 902.25 Gb Total Space | 161.60 Gb Free Space | 17.91% Space Free | Partition Type: NTFS

Drive H: | 1397.26 Gb Total Space | 687.95 Gb Free Space | 49.24% Space Free | Partition Type: NTFS

Drive W: | 7.46 Gb Total Space | 6.98 Gb Free Space | 93.55% Space Free | Partition Type: FAT32

 

Computer Name: MOOCOW | User Name: phil | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersphilDesktopOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)Common FilesSteamSteamService.exe (Valve Corporation)

PRC - C:UsersphilAppDataLocalGoogleGoogle Talk Plugingoogletalkplugin.exe (Google)

PRC - C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_4_402_278.exe (Adobe Systems, Inc.)

PRC - C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation)

PRC - C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe (Apple Inc.)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)CarboniteCarbonite BackupCarboniteUI.exe (Carbonite, Inc.)

PRC - C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe (Apple Inc.)

PRC - C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

PRC - C:Program Files (x86)SteamSteam.exe (Valve Corporation)

PRC - C:Program Files (x86)FingerPrintFingerPrintService.exe (Collobos Software)

PRC - C:Program Files (x86)PlexPlex Media ServerPlexDlnaServer.exe (Plex, Inc.)

PRC - C:Program Files (x86)PlexPlex Media ServerPlexScriptHost.exe ()

PRC - C:Program Files (x86)PlexPlex Media ServerPlex Media Server.exe (Plex, Inc.)

PRC - C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe (Eastman Kodak Company)

PRC - C:Program Files (x86)KodakAiOCenterHelper.exe (Eastman Kodak Company)

PRC - C:Program Files (x86)KodakAiOCenterAiOHomeCenter.exe (Eastman Kodak Company)

PRC - C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe (Eastman Kodak Company)

PRC - C:WindowsSysWOW64PnkBstrB.exe ()

PRC - C:WindowsSysWOW64PnkBstrA.exe ()

PRC - C:UsersphilAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.)

PRC - C:UsersphilAppDataRoamingSpotifyDataSpotifyWebHelper.exe ()

PRC - C:Program Files (x86)SonyPlayMemories HomePMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe (Sony Corporation)

PRC - C:Program Files (x86)AuslogicsAuslogics BoostSpeedBoostSpeed.exe (Auslogics)

PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe (ESET)

PRC - C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe ()

PRC - C:ProgramDataFLEXnetConnect11ISUSPM.exe (Acresso Corporation)

PRC - C:Program Files (x86)Common FilesNuancedgnsvc.exe (Nuance Communications, Inc.)

PRC - C:Program Files (x86)AudibleBinAudibleDownloadHelper.exe (Audible, Inc.)

PRC - C:Program Files (x86)AirPrintairprint.exe (Apple Inc.)

PRC - C:Program Files (x86)Common FilesMotiveMcciServiceHost.exe (Alcatel-Lucent)

PRC - C:Program Files (x86)eFax Messenger 4.4J2GTray.exe (j2 Global Communications, Inc.)

PRC - C:Program Files (x86)eFax Messenger 4.4J2GPBook.exe (j2 Global Communications, Inc.)

PRC - C:Program Files (x86)eFax Messenger 4.4J2GDllCmd.exe (j2 Global Communications, Inc.)

PRC - C:Program Files (x86)eFax Messenger 4.4J2GPlus.exe (j2 Global Communications, Inc.)

PRC - C:Program FilesGatewayGateway UpdaterUpdaterService.exe (Acer Group)

PRC - C:OEMUSBDECTIONUSBS3S4Detection.exe ()

PRC - C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe ()

PRC - C:Program Files (x86)Common FilesLogiShrdLQCVFXCOCIManager.exe ()

PRC - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe (Intel Corporation)

PRC - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe (Intel Corporation)

PRC - C:Program Files (x86)Common FilesLogiShrdLVMVFMLVPrS64H.exe (Logitech Inc.)

PRC - C:Program Files (x86)GatewayRegistrationGregHSRW.exe (Acer Incorporated)

PRC - C:Program Files (x86)Gateway Photo FrameButtonMonitor.exe (IOI)

PRC - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:Program Files (x86)Steambinlibcef.dll ()

MOD - C:Program Files (x86)Steambinchromehtml.dll ()

MOD - C:Program Files (x86)Steambinavutil-51.dll ()

MOD - C:Program Files (x86)Steambinavformat-53.dll ()

MOD - C:Program Files (x86)Steambinavcodec-53.dll ()

MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79ppgooglenaclpluginchrome.dll ()

MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79PepperFlashpepflashplayer.dll ()

MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79pdf.dll ()

MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79libglesv2.dll ()

MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79libegl.dll ()

MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79avutil-51.dll ()

MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79avformat-54.dll ()

MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79avcodec-54.dll ()

MOD - C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_278.dll ()

MOD - C:Program Files (x86)Mozilla Firefoxmozjs.dll ()

MOD - C:Program Files (x86)PlexPlex Media ServerExtsOpenSSLSSL.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerExtssimplejson_speedups.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerExtsOpenSSLcrypto.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerExtsOpenSSLrand.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerExtslxmlobjectify.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerExtslxmletree.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_ssl.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_socket.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_multiprocessing.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_hashlib.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_ctypes.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerDLLsunicodedata.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerDLLspyexpat.pyd ()

MOD - C:Program Files (x86)PlexPlex Media ServerDLLsselect.pyd ()

MOD - C:Program Files (x86)PlexPlex Media Serverzlib1.dll ()

MOD - C:Program Files (x86)PlexPlex Media ServerWebKit.dll ()

MOD - C:Program Files (x86)PlexPlex Media Servertag.dll ()

MOD - C:Program Files (x86)PlexPlex Media Serversqlite3.dll ()

MOD - C:Program Files (x86)PlexPlex Media Serversoci_core-vc80-3_0.dll ()

MOD - C:Program Files (x86)PlexPlex Media Serversoci_sqlite3-vc80-3_0.dll ()

MOD - C:Program Files (x86)PlexPlex Media Serverlibxslt.dll ()

MOD - C:Program Files (x86)PlexPlex Media Serverlibxml2.dll ()

MOD - C:Program Files (x86)PlexPlex Media Serverlibexslt.dll ()

MOD - C:Program Files (x86)PlexPlex Media ServerJavascriptCore.dll ()

MOD - C:Program Files (x86)PlexPlex Media ServerCFLite.dll ()

MOD - C:Program Files (x86)PlexPlex Media Servercairo.dll ()

MOD - C:Program Files (x86)PlexPlex Media Serveravutil-50.dll ()

MOD - C:Program Files (x86)PlexPlex Media Serveravformat-52.dll ()

MOD - C:Program Files (x86)PlexPlex Media Serveravcodec-52.dll ()

MOD - C:Program Files (x86)PlexPlex Media ServerPlexScriptHost.exe ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Tray93975812864c17fc41ee7cd4d92c2aa1Inkjet.Tray.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Google.GData.Client909cbb3cddffd9f3c12080fc4f3f84f4Google.GData.Client.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Picasadcc301b44b97c0624a3683d211694feeInkjet.Picasa.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.PhotoBucket4d8b098d3ff9ed95545ecb942e823ac6Inkjet.PhotoBucket.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Flickrc518e7e720452a9f44b5634ce3b24367Inkjet.Flickr.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Facebook104f56e6aaac350ef60332acac26c912Inkjet.Facebook.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Editing8abfeaa6522fd0f5b947a52846c7e166Inkjet.Editing.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Destination4089c98567e600cde51beb871b943019Inkjet.Destination.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Browseb4d99aa57b5f0f120f76c2a489fce11fInkjet.Browse.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32EastmanKodakCompany#af5fe45e9295216b7d5bf03226e34c48EastmanKodakCompany.EasyShare.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.EasyShareff483461097fd3d966b92feab6528d1cInkjet.EasyShare.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.IO1be959412a7ea2e9ea10c18b8f721d98Inkjet.IO.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Helperfc6e1a2c4a6d06fcd4852d9d4ba3cab6Helper.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32HRIntp.Interop48eefe51e1b954aa106c9a6822c2e34fHRIntp.Interop.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Tools87fcc341251251730f4b32d5847a1a8bInkjet.Tools.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Scan997932eb7ac4e619cbed251eae0e5c13Inkjet.Scan.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32AiOHomeCenter823eb78d1b44dd675b55652d9cf0951dAiOHomeCenter.ni.exe ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Scanningd294d39e60545d16d3cee90a65b066c5Inkjet.Scanning.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Automation4a939fe61e0b13d1f8d4d252f68abda0Inkjet.Automation.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Windowscb53ab1b9ad1b63d4f888af63932ade6Inkjet.Windows.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Printing1206f877b17b28c643b3cc57353c83fbInkjet.Printing.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.DeviceSettin#132f0d3bdd8a0c5aaa116a7c2a3fa7f3Inkjet.DeviceSettings.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32ShellLibcc6d956d81e21886f5308aaadfed28f7ShellLib.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Utilitiesada4223c4f1033bbde3de717551416f5Inkjet.Utilities.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Localization05c5e140000f0db1a540c4fcde234e4eInkjet.Localization.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Diagnostics656570e73bb248bdcbc918987c7e8624Inkjet.Diagnostics.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Interop.WIA1e93b1ebc6132e4a7e18fee3aabf551aInterop.WIA.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Hardwaref165ea00266bc4a83a533c23686ef715Inkjet.Hardware.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Statistics6e986bb8ce5b666873743d97f9708648Inkjet.Statistics.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Interop.EKAiO2SDKLib240d5e0943c8db375164cda9ed934009Interop.EKAiO2SDKLib.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Configurationfea5b8b89a5c4d9130274f59527cfdd1Inkjet.Configuration.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32InkjetCore29e6e616fcb2dd7e933a6c5f0a1e15bfInkjetCore.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32CommonControlsb60b4a7c44a003da13d794e7c06764a9CommonControls.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.ServiceProce#69ca4a43ba14b66689715ad62aed70e6System.ServiceProcess.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Runtime.Remo#03dee80574f4ec770b6f77ca030ded6cSystem.Runtime.Remoting.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Weba501b7960f6c6e2e39162b83f3303aaaSystem.Web.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms7b7fbe651c6e72f12099a298654c9594System.Windows.Forms.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawing6bb439b3f87736d3248ae27d43e2c0d6System.Drawing.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmlba3d70b651454c7d49b407b93663bfedSystem.Xml.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Configurationcfa9c506bfb9254c89dace7b83bc9f9dSystem.Configuration.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Systemce9ff6baf9053ed2ed673d948179195cSystem.ni.dll ()

MOD - C:WindowsassemblyNativeImages_v2.0.50727_32mscorlibacfc1391e45fedd2a359778ea57d914cmscorlib.ni.dll ()

MOD - C:Program Files (x86)KodakAiOCenterInkjet.PrintProject.dll ()

MOD - C:UsersphilAppDat[email protected]lastpass.complatformWINNT_x86-msvccomponentslpxpcom.dll ()

MOD - C:Program Files (x86)KodakAiOCenterEastmanKodakCompany.EasyShare.dll ()

MOD - C:UsersphilAppDataRoamingSpotifyDataSpotifyWebHelper.exe ()

MOD - C:Program Files (x86)NVIDIA Corporation3D VisionNv3DVStreaming.dll ()

MOD - C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll ()

MOD - C:Program Files (x86)Common Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF ()

MOD - C:Program Files (x86)Microsoft OfficeOffice141033GrooveIntlResource.dll ()

MOD - C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe ()

MOD - C:Program Files (x86)Common FilesLogiShrdLQCVFXCOCIManager.exe ()

MOD - C:Program Files (x86)Gateway Photo FrameIOIUSBLib.dll ()

MOD - C:Program Files (x86)Gateway Photo FrameIOIHIDLib.dll ()

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (CarboniteService) -- C:Program FilesCarboniteCarbonite BackupCarboniteService.exe (Carbonite, Inc. (www.carbonite.com))

SRV:64bit: - (ekrn) -- C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe (ESET)

SRV:64bit: - (arXfrSvc) -- C:Program FilesWindows Home ServerMicrosoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)

SRV:64bit: - (esClient) -- C:Program FilesWindows Home ServeresClient.exe (Microsoft Corporation)

SRV:64bit: - (WHSConnector) -- C:Program FilesWindows Home ServerWHSConnector.exe (Microsoft Corporation)

SRV:64bit: - (ZuneWlanCfgSvc) -- C:Program FilesZuneZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV:64bit: - (WMZuneComm) -- C:Program FilesZuneWMZuneComm.exe (Microsoft Corporation)

SRV:64bit: - (ZuneNetworkSvc) -- C:Program FilesZuneZuneNss.exe (Microsoft Corporation)

SRV:64bit: - (Updater Service) -- C:Program FilesGatewayGateway UpdaterUpdaterService.exe (Acer Group)

SRV:64bit: - (LVPrcS64) -- C:Program FilesCommon FileslogishrdLVMVFMLVPrcSrv.exe (Logitech Inc.)

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV - (Steam Client Service) -- C:Program Files (x86)Common FilesSteamSteamService.exe (Valve Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation)

SRV - (FingerPrint) -- C:Program Files (x86)FingerPrintFingerPrintService.exe (Collobos Software)

SRV - (SkypeUpdate) -- C:Program Files (x86)SkypeUpdaterUpdater.exe (Skype Technologies)

SRV - (Kodak AiO Status Monitor Service) -- C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe (Eastman Kodak Company)

SRV - (Kodak AiO Network Discovery Service) -- C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe (Eastman Kodak Company)

SRV - (PnkBstrB) -- C:WindowsSysWOW64PnkBstrB.exe ()

SRV - (PnkBstrA) -- C:WindowsSysWOW64PnkBstrA.exe ()

SRV - (PMBDeviceInfoProvider) -- C:Program Files (x86)SonyPlayMemories HomePMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (HiPatchService) -- C:Program Files (x86)Hi-Rez StudiosHiPatchService.exe (Hi-Rez Studios)

SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (DragonSvc) -- C:Program Files (x86)Common FilesNuancedgnsvc.exe (Nuance Communications, Inc.)

SRV - (AirPrint) -- C:Program Files (x86)AirPrintairprint.exe (Apple Inc.)

SRV - (McciServiceHost) -- C:Program Files (x86)Common FilesMotiveMcciServiceHost.exe (Alcatel-Lucent)

SRV - (rpcapd) -- C:Program Files (x86)WinPcaprpcapd.exe (CACE Technologies, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (Nero BackItUp Scheduler 4.0) -- C:Program Files (x86)Common FilesNeroNero BackItUp 4NBService.exe (Nero AG)

SRV - (USBS3S4Detection) -- C:OEMUSBDECTIONUSBS3S4Detection.exe ()

SRV - (IAANTMON) -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe (Intel Corporation)

SRV - (Greg_Service) -- C:Program Files (x86)GatewayRegistrationGregHSRW.exe (Acer Incorporated)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (esgiguard) -- C:Program FilesEnigma Software GroupSpyHunteresgiguard.sys File not found

DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation)

DRV:64bit: - (NVHDA) -- C:WindowsSysNativedriversnvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (eamonm) -- C:WindowsSysNativedriverseamonm.sys (ESET)

DRV:64bit: - (ehdrv) -- C:WindowsSysNativedriversehdrv.sys (ESET)

DRV:64bit: - (epfwwfpr) -- C:WindowsSysNativedriversepfwwfpr.sys (ESET)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (ivusb) -- C:WindowsSysNativedriversivusb.sys (Initio Corporation)

DRV:64bit: - (MRESP50a64) -- C:Program FilesCommon FilesMotiveMRESP50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV:64bit: - (MREMP50a64) -- C:Program FilesCommon FilesMotiveMREMP50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV:64bit: - (RTL8192su) -- C:WindowsSysNativedriversRTL8192su.sys (Realtek Semiconductor Corporation )

DRV:64bit: - (NPF) -- C:WindowsSysNativedriversnpf.sys (CACE Technologies, Inc.)

DRV:64bit: - (tbhsd) -- C:WindowsSysNativedriverstbhsd.sys (RapidSolution Software AG)

DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek )

DRV:64bit: - (iaStor) -- C:WindowsSysNativedriversiaStor.sys (Intel Corporation)

DRV:64bit: - (LGVirHid) -- C:WindowsSysNativedriversLGVirHid.sys (Logitech Inc.)

DRV:64bit: - (LGBusEnum) -- C:WindowsSysNativedriversLGBusEnum.sys (Logitech Inc.)

DRV:64bit: - (LVPr2Mon) -- C:WindowsSysNativedriversLVPr2M64.sys ()

DRV:64bit: - (LVPr2M64) -- C:WindowsSysNativedriversLVPr2M64.sys ()

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (LVRS64) -- C:WindowsSysNativedriverslvrs64.sys (Logitech Inc.)

DRV:64bit: - (PID_PEPI) -- C:WindowsSysNativedriversLV302V64.SYS (Logitech Inc.)

DRV:64bit: - (lvpepf64) -- C:WindowsSysNativedriverslv302a64.sys (Logitech Inc.)

DRV:64bit: - (SndTAudio) -- C:WindowsSysNativedriversSndTAudio.sys (Windows ® Codename Longhorn DDK provider)

DRV:64bit: - (xusb21) -- C:WindowsSysNativedriversxusb21.sys (Microsoft Corporation)

DRV:64bit: - (LVUSBS64) -- C:WindowsSysNativedriversLVUSBS64.sys (Logitech Inc.)

DRV:64bit: - (RimUsb) -- C:WindowsSysNativedriversRimUsb_AMD64.sys (Research In Motion Limited)

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556

IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556

IE - HKLM..SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM..SearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556

IE - HKCU..SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU..SearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS442US442

IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: [email protected]:1.6

FF - prefs.js..extensions.enabledAddons: [email protected]:2.00

FF - prefs.js..extensions.enabledAddons: [email protected]:2.0.0

FF - prefs.js..extensions.enabledAddons: [email protected]:1.0

FF - prefs.js..extensions.enabledAddons: {473f9a20-ce5a-11da-a94d-0800200c9a66}:0.7

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - [email protected]/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_4_402_278.dll File not found

FF:64bit: - [email protected]/GENUINE: disabled File not found

FF:64bit: - [email protected]/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF:64bit: - [email protected]/OfficeAuthz,version=14.0: C:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)

FF - [email protected]/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_278.dll ()

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]/Foxit Reader Plugin,version=1.0,application/pdf: C:PROGRAM FILES (X86)FOXIT SOFTWAREFOXIT READERpluginsnpFoxitReaderPlugin.dll (Foxit Corporation)

FF - [email protected]/GpsControl: C:Program Files (x86)Garmin GPS PluginnpGarmin.dll (GARMIN Corp.)

FF - [email protected]/JavaPlugin: C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF - [email protected]/HarmonyRemote,version=1.0.0: C:Program Files (x86)LogitechHarmony Remote DriverNprtHarmonyPlugin.dll (Logitech Inc.)

FF - [email protected]/GENUINE: disabled File not found

FF - [email protected]/NpCtrl,version=1.0: C:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - [email protected]/OfficeAuthz,version=14.0: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL (Microsoft Corporation)

FF - [email protected]/SharePoint,version=14.0: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL (Microsoft Corporation)

FF - [email protected]/WLPG,version=14.0.8081.0709: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation)

FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation)

FF - [email protected]/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)

FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/vlc,version=2.0.2: C:Program Files (x86)VideoLANVLCnpvlc.dll (VideoLAN)

FF - [email protected]/GoogleTalkPlugin: C:UsersphilAppDataRoamingMozillapluginsnpgoogletalk.dll (Google)

FF - [email protected]/O3DPlugin: C:UsersphilAppDataRoamingMozillapluginsnpgtpo3dautoplugin.dll ()

FF - [email protected]/Google Update;version=3: C:UsersphilAppDataLocalGoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/Google Update;version=9: C:UsersphilAppDataLocalGoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/UnityPlayer,version=1.0: C:UsersphilAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)

FF - HKCUSoftwareMozillaPluginspandonetworks.com/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)

 

64bit-FF - [email protected]t.com: C:PROGRAM FILESESETESET NOD32 ANTIVIRUSMOZILLA THUNDERBIRD [2012/04/02 06:18:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 15.0.1extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/09/11 21:52:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 15.0.1extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/06/24 10:25:31 | 000,000,000 | ---D | M]

FF - [email protected]t.com: C:Program FilesESETESET NOD32 AntivirusMozilla Thunderbird [2012/04/02 06:18:34 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 15.0.1extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/09/11 21:52:14 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 15.0.1extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/06/24 10:25:31 | 000,000,000 | ---D | M]

 

[2012/05/11 20:50:38 | 000,000,000 | ---D | M] (No name found) -- C:UsersphilAppDataRoamingMozillaExtensions

[2012/05/11 20:50:38 | 000,000,000 | ---D | M] (No name found) -- C:[email protected]org

[2012/09/03 19:06:53 | 000,000,000 | ---D | M] (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensions

[2012/06/21 19:00:08 | 000,000,000 | ---D | M] (LastPass) -- C:UsersphilAppDat[email protected]lastpass.com

[2011/12/14 00:57:28 | 000,060,571 | ---- | M] () (No name found) -- C:UsersphilAppDa[email protected]balandro.net.xpi

[2012/09/03 19:06:53 | 000,230,013 | ---- | M] () (No name found) -- C:UsersphilAppDataRoa[email protected]mozilla.doslash.org.xpi

[2012/04/27 17:18:09 | 000,272,844 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozi[email protected]jetpack.xpi

[2012/05/26 23:31:27 | 000,401,328 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozi[email protected]jetpack.xpi

[2012/05/27 13:17:52 | 000,004,733 | ---- | M] () (No name found) -- C:UsersphilAppDataRo[email protected]vsgtbubccc.org.xpi

[2011/09/01 09:38:54 | 000,026,347 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensions{473f9a20-ce5a-11da-a94d-0800200c9a66}.xpi

[2012/01/10 19:29:15 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2012/09/11 21:52:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll

[2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpwachk.dll

[2012/09/03 19:06:50 | 000,002,465 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml

[2012/09/03 19:06:50 | 000,002,253 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:UsersphilAppDataLocalGoogleChromeApplication16.0.912.63ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:UsersphilAppDataLocalGoogleChromeApplication16.0.912.63pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:UsersphilAppDataLocalGoogleChromeApplication16.0.912.63gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:WindowsSysWOW64MacromedFlashNPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:Program Files (x86)AdobeReader 9.0ReaderBrowsernppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:UsersphilAppDataRoamingMozillapluginsnpgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:UsersphilAppDataRoamingMozillapluginsnpgtpo3dautoplugin.dll

CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:PROGRAM FILES (X86)FOXIT SOFTWAREFOXIT READERpluginsnpFoxitReaderPlugin.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll

CHR - plugin: Windows Liveu00AE Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll

CHR - plugin: Unity Player (Enabled) = C:UsersphilAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.2_0

CHR - Extension: YouTube = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0

CHR - Extension: Google Search = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.14_1

CHR - Extension: Google Search = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

CHR - Extension: Gmail = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia6.1.4_0

CHR - Extension: Gmail = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

 

O1 HOSTS File: ([2012/10/07 13:17:44 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:Program Files (x86)LastPassLPBar64.dll (LastPass)

O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:Program FilesWindows Home ServerWHSDeskBands.dll (Microsoft Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:Program Files (x86)LastPassLPBar.dll (LastPass)

O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM..Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:Program Files (x86)LastPassLPBar64.dll (LastPass)

O3:64bit: - HKLM..Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:Program FilesWindows Home ServerWHSDeskBands.dll (Microsoft Corporation)

O3 - HKLM..Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:Program Files (x86)LastPassLPBar.dll (LastPass)

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..Run: [egui] C:Program FilesESETESET NOD32 Antivirusegui.exe (ESET)

O4:64bit: - HKLM..Run: [EKIJ5000StatusMonitor] C:WindowsSysNativespooldriversx643EKIJ5000MUI.exe (Eastman Kodak Company)

O4:64bit: - HKLM..Run: [iAAnotif] C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..Run: [Launch LCore] C:Program FilesLogitech Gaming SoftwareLCore.exe (Logitech Inc.)

O4:64bit: - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..Run: [Zune Launcher] C:Program FilesZuneZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [Carbonite Backup] C:Program Files (x86)CarboniteCarbonite BackupCarboniteUI.exe (Carbonite, Inc.)

O4 - HKLM..Run: [Conime] %windir%system32conime.exe File not found

O4 - HKLM..Run: [DNS7reminder] C:Program Files (x86)NuanceNaturallySpeaking11EregEreg.exe (Nuance Communications, Inc.)

O4 - HKLM..Run: [EKIJ5000StatusMonitor] C:Windowssystem32spoolDRIVERSx643EKIJ5000MUI.exe File not found

O4 - HKLM..Run: [Gateway Photo Frame] C:Program Files (x86)Gateway Photo FrameButtonMonitor.exe (IOI)

O4 - HKLM..Run: [LogitechQuickCamRibbon] C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe ()

O4 - HKLM..Run: [PMBVolumeWatcher] C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe (Sony Corporation)

O4 - HKCU..Run: [ApplePhotoStreams] C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe (Apple Inc.)

O4 - HKCU..Run: [eFax 4.4] C:Program Files (x86)eFax Messenger 4.4J2GDllCmd.exe (j2 Global Communications, Inc.)

O4 - HKCU..Run: [iCloudServices] C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe (Apple Inc.)

O4 - HKCU..Run: [iSUSPM] C:ProgramDataFLEXnetConnect11ISUSPM.exe (Acresso Corporation)

O4 - HKCU..Run: [Pando Media Booster] C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe ()

O4 - HKCU..Run: [Plex Media Server] C:Program Files (x86)PlexPlex Media ServerPlex Media Server.exe (Plex, Inc.)

O4 - HKCU..Run: [spotify Web Helper] C:UsersphilAppDataRoamingSpotifyDataSpotifyWebHelper.exe ()

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..Run: [steam] C:Program Files (x86)Steamsteam.exe (Valve Corporation)

O4 - Startup: C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDropbox.lnk = C:UsersphilAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.)

O4 - Startup: C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupeFax 4.4.lnk = C:Program Files (x86)eFax Messenger 4.4J2GTray.exe (j2 Global Communications, Inc.)

O4 - Startup: C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMy Program.lnk = C:Program Files (x86)FingerPrintFingerPrint.exe (Collobos Software)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O8:64bit: - Extra context menu item: LastPass - file://C:Program Files (x86)LastPasscontext.html?cmd=lastpass File not found

O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:Program Files (x86)LastPasscontext.html?cmd=fillforms File not found

O8 - Extra context menu item: LastPass - file://C:Program Files (x86)LastPasscontext.html?cmd=lastpass File not found

O8 - Extra context menu item: LastPass Fill Forms - file://C:Program Files (x86)LastPasscontext.html?cmd=fillforms File not found

O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:Program Files (x86)LastPassLPBar64.dll (LastPass)

O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:Program Files (x86)LastPassLPBar.dll (LastPass)

O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:Program Files (x86)LastPassLPBar.dll (LastPass)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000007 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU..Trusted Domains: $talisma_url$ ([]https in Trusted sites)

O15 - HKCU..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU..Trusted Domains: localhost ([]* in Local intranet)

O15 - HKCU..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{0ACC7907-B634-4F26-B2BC-1EC4C5BC96A5}: DhcpNameServer = 192.168.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{8EF916CF-C649-4EC3-8A53-706A022EE6C6}: DhcpNameServer = 192.168.1.254

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlerms-help - No CLSID value found

O18:64bit: - ProtocolHandlerms-itss - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlerskype4com - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/10/08 00:52:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:UsersphilDesktopOTL.exe

[2012/10/07 13:17:51 | 000,000,000 | ---D | C] -- C:$RECYCLE.BIN

[2012/10/06 23:51:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe

[2012/10/06 23:51:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe

[2012/10/06 23:51:26 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe

[2012/10/06 23:48:33 | 004,762,471 | R--- | C] (Swearware) -- C:UsersphilDesktopComboFix.exe

[2012/10/06 23:48:02 | 000,000,000 | ---D | C] -- C:Qoobox

[2012/10/06 23:47:19 | 000,000,000 | ---D | C] -- C:Windowserdnt

[2012/10/06 09:38:04 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:UsersphilDesktoptdsskiller.exe

[2012/10/06 09:35:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:UsersphilDesktopaswMBR.exe

[2012/10/05 19:54:43 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingj2 Global

[2012/10/05 19:54:08 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingeFax Messenger

[2012/10/05 19:54:07 | 000,000,000 | ---D | C] -- C:ProgramDataeFax Messenger 4.4 Output

[2012/10/05 19:53:59 | 000,000,000 | ---D | C] -- C:UsersphilDocumentseFax Messenger 4.4

[2012/10/05 19:53:58 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramseFax Messenger 4.4

[2012/10/05 19:53:24 | 000,000,000 | ---D | C] -- C:Program Files (x86)eFax Messenger 4.4

[2012/10/04 19:57:33 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCarbonite

[2012/09/27 18:43:51 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiCloud

[2012/09/26 04:04:58 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeOxpsConverter.exe

[2012/09/22 20:53:42 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingMalwarebytes

[2012/09/22 20:53:35 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware

[2012/09/22 20:53:34 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes

[2012/09/22 20:53:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys

[2012/09/22 20:53:33 | 000,000,000 | ---D | C] -- C:Program Files (x86)Malwarebytes' Anti-Malware

[2012/09/22 03:01:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll

[2012/09/22 03:01:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll

[2012/09/22 03:01:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll

[2012/09/22 03:00:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll

[2012/09/22 03:00:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll

[2012/09/22 03:00:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieUnatt.exe

[2012/09/22 03:00:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieUnatt.exe

[2012/09/22 03:00:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll

[2012/09/22 03:00:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl

[2012/09/22 03:00:53 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll

[2012/09/22 03:00:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl

[2012/09/22 03:00:53 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll

[2012/09/22 03:00:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll

[2012/09/22 03:00:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevbscript.dll

[2012/09/22 03:00:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll

[2012/09/20 19:07:42 | 000,000,000 | ---D | C] -- C:UsersphilTracing

[2012/09/18 18:10:54 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuPrograms7-Zip

[2012/09/18 18:10:54 | 000,000,000 | ---D | C] -- C:Program Files7-Zip

[2012/09/18 06:29:32 | 000,000,000 | ---D | C] -- C:Program FilesEnigma Software Group

[2012/09/18 00:19:09 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy

[2012/09/18 00:19:04 | 000,000,000 | ---D | C] -- C:ProgramDataSpybot - Search & Destroy

[2012/09/18 00:19:04 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy

[2012/09/18 00:16:53 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes

[2012/09/18 00:16:49 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:WindowsSysNativedriversGEARAspiWDM.sys

[2012/09/18 00:14:41 | 000,000,000 | ---D | C] -- C:Program FilesiTunes

[2012/09/18 00:14:41 | 000,000,000 | ---D | C] -- C:Program FilesiPod

[2012/09/18 00:14:41 | 000,000,000 | ---D | C] -- C:ProgramData34BE82C4-E596-4e99-A191-52C6199EBF69

[2012/09/14 18:19:24 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsGOG.com

[2012/09/14 18:19:22 | 000,000,000 | ---D | C] -- C:Program Files (x86)GOG.com

[2012/09/12 04:40:36 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived3d10level9.dll

[2012/09/12 04:40:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversRNDISMP.sys

[2012/09/12 04:40:30 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversnetio.sys

[2012/09/12 04:40:30 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversFWPKCLNT.SYS

[2012/09/09 18:42:22 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingGalaxy on Fire 2 Full HD

[2011/08/15 22:52:11 | 013,571,624 | ---- | C] (LastPass) -- C:Program Files (x86)Common Fileslpuninstall.exe

[2 C:Windows*.tmp files -> C:Windows*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/10/08 01:02:00 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job

[2012/10/08 00:59:00 | 000,000,898 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job

[2012/10/08 00:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersphilDesktopOTL.exe

[2012/10/08 00:44:00 | 000,000,904 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-521803664-223263629-1628716014-1001UA.job

[2012/10/07 14:59:01 | 000,000,894 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job

[2012/10/07 14:35:04 | 000,000,359 | ---- | M] () -- C:UsersphilDesktopprofile.bin

[2012/10/07 13:17:44 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts

[2012/10/07 10:36:57 | 000,009,920 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/10/07 10:36:57 | 000,009,920 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/10/07 10:27:45 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/10/07 10:27:24 | 2140,491,775 | -HS- | M] () -- C:hiberfil.sys

[2012/10/07 06:44:00 | 000,000,852 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-521803664-223263629-1628716014-1001Core.job

[2012/10/06 23:46:28 | 004,762,471 | R--- | M] (Swearware) -- C:UsersphilDesktopComboFix.exe

[2012/10/06 09:54:35 | 000,000,497 | ---- | M] () -- C:UsersphilDesktopMBR.zip

[2012/10/06 09:45:37 | 000,000,512 | ---- | M] () -- C:UsersphilDesktopMBR.dat

[2012/10/06 09:37:26 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:UsersphilDesktoptdsskiller.exe

[2012/10/06 09:34:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:UsersphilDesktopaswMBR.exe

[2012/10/05 19:54:06 | 000,001,031 | ---- | M] () -- C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupeFax 4.4.lnk

[2012/10/05 19:54:06 | 000,001,002 | ---- | M] () -- C:UsersphilDesktopeFax Compose Fax 4.4.lnk

[2012/10/05 19:54:06 | 000,000,995 | ---- | M] () -- C:UsersphilDesktopeFax Messenger 4.4.lnk

[2012/10/04 19:57:33 | 000,002,139 | ---- | M] () -- C:UsersPublicDesktopCarbonite InfoCenter.lnk

[2012/10/02 18:54:01 | 000,001,007 | ---- | M] () -- C:UsersPublicDesktopHero Lab.lnk

[2012/10/01 06:27:37 | 000,000,854 | ---- | M] () -- C:Usersphil.recently-used.xbel

[2012/09/26 18:45:20 | 000,002,484 | ---- | M] () -- C:UsersphilDesktopGoogle Chrome.lnk

[2012/09/22 22:52:31 | 000,001,086 | ---- | M] () -- C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMy Program.lnk

[2012/09/22 20:53:35 | 000,001,116 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/09/20 21:02:47 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2012/09/20 21:02:47 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2012/09/18 17:53:15 | 000,793,184 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/09/18 17:53:15 | 000,660,296 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/09/18 17:53:15 | 000,121,224 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/09/18 00:19:09 | 000,001,289 | ---- | M] () -- C:UsersphilApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

[2012/09/18 00:19:09 | 000,001,265 | ---- | M] () -- C:UsersphilDesktopSpybot - Search & Destroy.lnk

[2012/09/18 00:16:53 | 000,001,790 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk

[2012/09/14 18:19:24 | 000,002,106 | ---- | M] () -- C:UsersPublicDesktopFaster Than Light.lnk

[2012/09/09 12:50:08 | 000,000,734 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120918-063047.backup

[2 C:Windows*.tmp files -> C:Windows*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/10/07 14:35:02 | 000,000,359 | ---- | C] () -- C:UsersphilDesktopprofile.bin

[2012/10/06 23:51:26 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe

[2012/10/06 23:51:26 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe

[2012/10/06 23:51:26 | 000,098,816 | ---- | C] () -- C:Windowssed

Link to post
Share on other sites

Hi there,

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :OTL
    [2011/12/14 00:57:28 | 000,060,571 | ---- | M] () (No name found) -- C:UsersphilAppDa[email protected]balandro.net.xpi
    [2012/09/03 19:06:53 | 000,230,013 | ---- | M] () (No name found) -- C:UsersphilAppDataRoa[email protected]mozilla.doslash.org.xpi
    [2012/04/27 17:18:09 | 000,272,844 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozi[email protected]jetpack.xpi
    [2012/05/26 23:31:27 | 000,401,328 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfile[email protected]
    [2012/05/27 13:17:52 | 000,004,733 | ---- | M] () (No name found) -- C:UsersphilAppDataRo[email protected]vsgtbubccc.org.xpi
    [2011/09/01 09:38:54 | 000,026,347 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensions{473f9a20-ce5a-11da-a94d-0800200c9a66}.xpi
    
    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.
===================================================

 

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:AdwCleaner[s1].txt as well.
===================================================

 

I need you to make a batch file.

 

Open a new Notepad session

 

  • Click the Start button, click Run
  • In the run box type notepad
  • Click OK
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
@Echo on
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

In the notepad

 

Click File, Save as..., and set the Save in to your Desktop

In the filename box, type (including quotation marks) as the filename: "flush.bat"

Click Save

 

 

You should now have a file on your desktop with an icon like this Posted Image

 

Double click on flush.bat & allow it to run. A small black screen may briefly flash on and off, that normal.

 

===================================================

 

On your next reply please post :

OTL fix log

Fresh OTL log

AdwCleaner log

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Link to post
Share on other sites

What you had was malicious toolbar installed that caused the redirect. It's been addressed now. :)

 

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall
Posted Image

 

===================================================

 

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
===================================================

 

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

 

--------------------------------------------------------------------------------------------------------------

 

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

 

 

Passwords

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.

 

 

SPYWARE PREVENTION

This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.

  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

  • Download Host.zip and Save it to your Desktop.
  • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
  • Follow the prompts and click 'Finish'.
  • This will open the newly created hosts folder on your Desktop.
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • Once updated you should see another prompt that the task was completed.
Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

 

Hopefully this should take care of your problems! Good luck.

 

Do you have any questions or problems to ask? Please do not hesitate to do so.

 

**Please respond this one more time to ensure it is resolved and close this topic.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...