Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser re-directs ad nauseum

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser re-directs ad nauseum

Unread postby overdrive148 » April 8th, 2011, 9:19 pm

I bet you guys get a lot of people posting the same kind of problem repeatedly, so I'll try to help as much as I can to get this out of your way so you can help other people with more serious issues. I've been getting re-directs from google, etc recently to monstermarketplace and the like, and would like to stop it. I did a little digging recently and downloaded HijackThis and got the log to post when I did ask for assistance to possibly skip a step or two. I'm running through a full MalwareBytes scan as well as a SpyBot Search & Destroy scan. The last time I ran the two of these in conjunction, the problem persisted. So, without further adieu, the log from HijackThis.

---
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:16:39 PM, on 4/8/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://www.minecraft.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10558 bytes


Again, any help would be much appreciated. I'm not exactly fluent with viruses but I am capable of following directions :P


//edit

Also, I've been on my Yahoo mail a few times and gotten messages from people I haven't talked to in months... years even. They said that they did an IQ test. Something smelled funny, so I did research before clicking anything and found that it was a scam that tried to tack on $20 a month to people's phone bills. I thought it had been a hack on an account of the person, but the next day another "friend" of mine said the exact same text that I saw the previous day. I think it be on my computer instead of via hacked accounts. I reinstalled Yahoo messenger and changed my password as I had read on multiple forums, but no dice. If you guys would help fix this I'd be doubly appreciative. Thanks in advance.
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm
Advertisement
Register to Remove

Re: Browser re-directs ad nauseum

Unread postby Elrond » April 9th, 2011, 3:42 pm

Hello... Welcome to the forum.
My name is Elrond, and I'll be helping you with any malware problems.
As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.
The logs I request need to be properly researched and a complete fix for many malware problems can take some time and be spread over a number of posts, so please be patient and try to see it through to the end.
Before we start: Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start.


Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. DO NOT run any other fix or removal tools unless instructed to do so!
  3. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched and can make the cleanup more dificult..
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"
    REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.

  • Please note that you should have Administrator rights to perform the fixes. (XP accounts are Administrator by default)
    Also note that multiple identity PC's (family PC's) present a different problem; please tell me if your PC has more than one individual's setting, but continue with the fix.Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
  • Please Note:
    In Vista and Windows 7 you hopefully are not running as administrator and therefore will need to get into Administrator Mode by... Right clicking the program file & selecting: Run as Administrator.
    Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
    When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.


Please note that I will be off line for about 26 hours (sundown Friday until nightfall Saturday my local time) every week.


End of preliminaries. What follows is related to analyzing what is on your computer and cleaning it up.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Please read this viewtopic.php?f=11&t=47959 (especially the second post but you need to read the whole topic) and then post a DDS log and we will take it from there.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Browser re-directs ad nauseum

Unread postby overdrive148 » April 9th, 2011, 6:38 pm

Understood. The logs from DDS are posted below.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Chris at 15:19:06.43 on Sat 04/09/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.3495 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Logitech Gaming Software\LCore.exe
C:\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDRSS.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDClock.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDCountdown.exe
C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDPop3.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
c:\program files (x86)\steam\steamapps\common\assassin's creed 2\AssassinsCreedIIGame.exe
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\data\4\osis\7\osi.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Steam\GameOverlayUI.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chris\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [BitTorrent DNA] "C:\Program Files (x86)\DNA\btdna.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: minecraft.net\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/ ... msorun.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
mRun-x64: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
mRun-x64: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\8p6iyrhu.default\
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\GarageGames\IAPlayer\Plugins\npiaplayer.0.4.2.0.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\8p6iyrhu.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\8p6iyrhu.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: InstantAction.com Game Launcher: iaplayer@instantaction.com - %profile%\extensions\iaplayer@instantaction.com
FF - Ext: XULRunner: {E4294DD8-ACD8-4C5D-986A-5968A1142E5A} - C:\Users\Chris\AppData\Local\{E4294DD8-ACD8-4C5D-986A-5968A1142E5A}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-12-25 120912]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-12-25 22096]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-12-25 63568]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-2-14 40384]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-3-28 2111368]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-7 2228008]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-7-14 1708800]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-2-14 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-2-14 40384]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2007-8-2 12672]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-5-18 702976]
S3 SaiH0255;SaiH0255;C:\Windows\System32\drivers\SaiH0255.sys [2008-2-15 178304]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2009-12-1 38992]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S3 WatAdminSvc;WatAdminSvc;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]
.
=============== Created Last 30 ================
.
2011-04-09 18:10:32 -------- d-----w- C:\Users\Chris\AppData\Local\Ubisoft Game Launcher
2011-04-09 18:07:19 -------- d-----w- C:\Users\Chris\AppData\Roaming\Ubisoft
2011-04-09 01:04:06 388096 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-09 01:04:06 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-04-01 00:11:33 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2011-03-22 20:11:50 -------- d-----w- C:\Users\Chris\AppData\Local\CrashRpt
2011-03-22 20:11:38 -------- d-----w- C:\Program Files (x86)\Livestream Procaster
2011-03-22 19:27:54 -------- d-----w- C:\PROGRA~3\SplitMediaLabs
2011-03-22 19:10:47 -------- d-----w- C:\Program Files (x86)\SplitMediaLabs
2011-03-21 19:27:10 -------- d-----w- C:\Program Files\Logitech Gaming Software
2011-03-15 01:58:38 44 ---h--w- C:\Program Files (x86)\694ca0f1.tmp
2011-03-15 01:58:37 -------- d-----w- C:\Program Files (x86)\PingPlotter Standard
2011-03-13 00:13:01 -------- d-----w- C:\Windows\pss
2011-03-10 23:10:48 -------- d-----w- C:\Users\Chris\AppData\Roaming\UnknownApplicationVendor
.
==================== Find3M ====================
.
2011-04-09 00:20:51 266400 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-04-09 00:20:51 266400 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-04-05 05:00:18 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-04-05 04:59:55 266400 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-03-09 23:11:23 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2011-02-26 01:19:32 41872 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2011-02-26 01:19:32 27536 ----a-w- C:\Windows\System32\xfcodec64.dll
2011-01-26 20:04:38 445440 ----a-w- C:\Users\Chris\AppData\Roaming\Ionic.Zip.dll
2011-01-26 20:04:38 20480 ----a-w- C:\Users\Chris\AppData\Roaming\MwllTorrent.dll
2011-01-26 20:04:38 1806336 ----a-w- C:\Users\Chris\AppData\Roaming\mwll_torrent.dll
2011-01-26 20:04:38 133632 ----a-w- C:\Users\Chris\AppData\Roaming\MWLL.AutoUpdater.exe
2011-01-26 20:04:38 101888 ----a-w- C:\Users\Chris\AppData\Roaming\Shd.dll
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
.
============= FINISH: 15:31:59.14 ===============


and

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2009 6:12:41 PM
System Uptime: 4/9/2011 9:31:57 AM (6 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLA
Processor: AMD Phenom(tm) 9850 Quad-Core Processor | CPU 1 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 427.516 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: 802.11n Wireless PCI Express Card LAN Adapter
Device ID: PCI\VEN_1814&DEV_0781&SUBSYS_760011AD&REV_00\4&12E7B979&0&00A0
Manufacturer: LITE-ON TECHNOLOGY CORPORATION
Name: 802.11n Wireless PCI Express Card LAN Adapter
PNP Device ID: PCI\VEN_1814&DEV_0781&SUBSYS_760011AD&REV_00\4&12E7B979&0&00A0
Service: netr28x
.
==== System Restore Points ===================
.
RP722: 4/8/2011 9:54:21 AM - Windows Update
RP723: 4/8/2011 6:03:20 PM - Installed HiJackThis
RP724: 4/8/2011 11:08:31 PM - Windows Update
RP725: 4/9/2011 11:04:31 AM - Installed DirectX
RP726: 4/9/2011 11:06:14 AM - Installed Ubisoft Game Launcher
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
AIO_CDB_Software
AIO_Scan
Altitude
Amazon Kindle For PC
Apple Application Support
Apple Software Update
ArmA 2 Uninstall
Assassin's Creed II
Audiosurf
avast! Free Antivirus
Battlefield 2: Deluxe Edition
Battlefield: Bad Company™ 2
BF2:Sandbox
BitTorrent
Braid
BufferChm
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner
Celestia 1.6.0
Copy
Counter-Strike: Source
CryEngine(R)2 Sandbox(TM)2
Crysis 2 Demo
Crysis Wars
Crysis(R)
Curse Client
Destinations
DeviceDiscovery
DNA
DocProc
DogFighter
Dropbox
Dual-Core Optimizer
Dungeons & Dragons Online - Eberron Unlimited™
EVEMon
EVGA Precision 1.9.5
Facebook Plug-In
FAM 1.0.0.0
Fax
Flotilla
Fraps (remove only)
Freelancer
Garry's Mod
GIMP 2.6.8
Google Chrome
GPBaseService2
Graph 4.3
Gratuitous Space Battles
Half-Life
Half-Life 2
Half-Life 2: Episode One
HiJackThis
Homeworld
Homeworld2
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IBM Lotus Forms Viewer 3.5
InstantAction.com Plug-Ins
Java Auto Updater
Java(TM) 6 Update 23
Joint Operations: Typhoon Rising
Left 4 Dead 2
Logitech Vid
LogMeIn Hamachi
Magicka
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Microsoft XNA Framework Redistributable 3.1
Mirror's Edge
Moonbase Alpha
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NavyFIELD NorthAmerica
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Office Animation Runtime
OpenOffice.org 3.1
PingPlotter Standard 3.30.4s
Plain Sight
PlanetSide: Aftershock
Portal
PowerISO
PunkBuster for Joint Operations
PunkBuster Services
QuickTime
Rainmeter
Realtek High Definition Audio Driver
Sandbox
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Sins of a Solar Empire Trinity
Skype Toolbars
Skype™ 5.0
SmartWebPrinting
SolutionCenter
SplitMediaLabs VH Screen Capture Driver (x86)
Spybot - Search & Destroy
StarCraft II
Status
Steam
Stellarium 0.10.6.1
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
TeamSpeak 2 RC2
TeamViewer 5
TeamViewer 6
Toolbox
TrackMania Nations Forever
TrayApp
Ubisoft Game Launcher
UnloadSupport
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb983486)
WeatherBug
WebReg
WinPcap 4.1.2
World of Tanks closed beta v.0.4.5
World of Warcraft
Xfire (remove only)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 9:51:33 AM, Error: Disk [11] - The driver detected a controller error on \...\DR5.
4/9/2011 9:36:03 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
4/9/2011 9:33:02 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
4/9/2011 9:33:02 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
4/9/2011 9:33:02 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
4/9/2011 3:05:33 PM, Error: Service Control Manager [7023] - The SPP Notification Service service terminated with the following error: Access is denied.
4/8/2011 9:55:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2289158).
4/8/2011 9:55:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Publisher 2007 (KB2284697).
4/8/2011 12:43:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2413381).
4/8/2011 12:42:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Word 2007 (KB2344993).
4/8/2011 12:41:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 (KB2412171).
4/8/2011 12:40:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Access 2007 (KB979440).
4/8/2011 12:39:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 System (KB2288931).
4/8/2011 12:38:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Outlook 2007 (KB2288953).
4/8/2011 11:11:45 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office 2007 System (KB2289158).
4/8/2011 11:10:49 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Publisher 2007 (KB2284697).
4/8/2011 11:09:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2508979).
4/8/2011 11:09:40 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Excel 2007 (KB2345035).
4/8/2011 11:09:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB2344875).
4/8/2011 11:09:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB2345043).
4/8/2011 11:09:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB2288621).
4/8/2011 11:09:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2413381).
4/8/2011 11:09:22 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Word 2007 (KB2344993).
4/8/2011 11:09:18 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Update for Microsoft Office Outlook 2007 (KB2412171).
4/8/2011 11:09:13 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Access 2007 (KB979440).
4/8/2011 11:09:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office 2007 System (KB2288931).
4/8/2011 11:09:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Outlook 2007 (KB2288953).
4/6/2011 5:01:25 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2508979).
4/3/2011 6:02:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2007 (KB2345035).
4/3/2011 6:01:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for the 2007 Microsoft Office System (KB2344875).
.
==== End Of File ===========================


The help is much appreciated, again :P
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Browser re-directs ad nauseum

Unread postby Elrond » April 10th, 2011, 1:12 pm

While I am working through the DDS log I would like you to please post the log from MalwareBytes AntiMalware.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Browser re-directs ad nauseum

Unread postby overdrive148 » April 10th, 2011, 4:51 pm

The log from the scan I was talking about in the first post via MalwareBytes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6317

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/8/2011 7:27:45 PM
mbam-log-2011-04-08 (19-27-45).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 694701
Time elapsed: 1 hour(s), 34 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Chris\AppData\LocalLow\Sun\Java\deployment\cache\6.0\0\676cfd80-19f05a01 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\LocalLow\Sun\Java\deployment\cache\6.0\12\64f22d8c-73e45c85 (Rogue.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\LocalLow\Sun\Java\deployment\cache\6.0\20\51370814-6d3b1281 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\LocalLow\Sun\Java\deployment\cache\6.0\21\20b47915-13b162a3 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\LocalLow\Sun\Java\deployment\cache\6.0\27\2931d9b-23c62d47 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\LocalLow\Sun\Java\deployment\cache\6.0\4\3fdb35c4-6b7ad17a (Rogue.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\LocalLow\Sun\Java\deployment\cache\6.0\43\71c712b-5ef6f900 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\LocalLow\Sun\Java\deployment\cache\6.0\47\3b6872af-2f5aaeb7 (Rogue.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\LocalLow\Sun\Java\deployment\cache\6.0\53\2f534435-7348eb59 (Rogue.Agent) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\LocalLow\Sun\Java\deployment\cache\6.0\61\bb293fd-2750b4bc (Rogue.Agent) -> Quarantined and deleted successfully.
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Browser re-directs ad nauseum

Unread postby Elrond » April 11th, 2011, 2:56 am

Let's try the following:

OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Minimal Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTListIt.txt and Extras.txt files in your next reply.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Browser re-directs ad nauseum

Unread postby overdrive148 » April 11th, 2011, 11:37 am

Both files, as requested.

OTL logfile created on: 4/11/2011 8:28:45 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 427.01 Gb Free Space | 45.85% Space Free | Partition Type: NTFS

Computer Name: SASHA | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chris\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Chris\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (SaiH0255) -- C:\Windows\SysNative\drivers\SaiH0255.sys (Saitek)
DRV:64bit: - (DAdderFltr) -- C:\Windows\SysNative\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3164576052-2210846065-480863280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3164576052-2210846065-480863280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3164576052-2210846065-480863280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 B3 E3 53 86 EA CB 01 [binary data]
IE - HKU\S-1-5-21-3164576052-2210846065-480863280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3164576052-2210846065-480863280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.1
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {E4294DD8-ACD8-4C5D-986A-5968A1142E5A}:1.9.1
FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51


FF - HKLM\software\mozilla\Firefox\Extensions\\{E4294DD8-ACD8-4C5D-986A-5968A1142E5A}: C:\Users\Chris\AppData\Local\{E4294DD8-ACD8-4C5D-986A-5968A1142E5A} [2010/09/11 20:30:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/15 14:01:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/07 09:30:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/23 21:09:53 | 000,000,000 | ---D | M]

[2009/12/25 19:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/04/10 12:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\8p6iyrhu.default\extensions
[2010/05/03 12:27:19 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\8p6iyrhu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/02/10 23:25:51 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\8p6iyrhu.default\extensions\DeviceDetection@logitech.com
[2010/10/26 21:41:05 | 000,000,000 | ---D | M] (Firesheep) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\8p6iyrhu.default\extensions\firesheep@codebutler.com
[2010/02/02 00:19:42 | 000,000,000 | ---D | M] (InstantAction.com Game Launcher) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\8p6iyrhu.default\extensions\iaplayer@instantaction.com
[2011/04/10 12:33:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/22 10:54:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/11/28 16:19:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/10 14:06:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/15 14:01:11 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/09/11 20:30:14 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CHRIS\APPDATA\LOCAL\{E4294DD8-ACD8-4C5D-986A-5968A1142E5A}
[2003/03/18 22:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\mfc71.dll
[2003/02/21 05:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcr71.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/05/19 11:05:00 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3164576052-2210846065-480863280-1001..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3164576052-2210846065-480863280-1001..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3164576052-2210846065-480863280-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3164576052-2210846065-480863280-1001\..Trusted Domains: minecraft.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-3164576052-2210846065-480863280-1001\..Trusted Domains: minecraft.net ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/ ... msorun.cab (IEAnimBehaviorFactory Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O18:64bit: - Protocol\Handler\javascript - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\javascript - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{86c062ac-3b47-11df-9534-001fc66ebc57}\Shell - "" = AutoRun
O33 - MountPoints2\{86c062ac-3b47-11df-9534-001fc66ebc57}\Shell\AutoRun\command - "" = I:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: sethtion - (C:\Windows\system32\InfDshta.dll) - C:\Windows\SysWOW64\InfDshta.dll ()
O36 - AppCertDlls: SetImote - (C:\Windows\system32\instexec.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/09 22:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livestream Procaster
[2011/04/09 11:10:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Ubisoft Game Launcher
[2011/04/09 11:07:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Ubisoft
[2011/04/09 11:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011/04/09 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/04/08 18:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/04/08 18:04:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/03/31 17:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/03/31 17:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011/03/23 16:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SplitMediaLabs
[2011/03/22 13:11:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\CrashRpt
[2011/03/22 13:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster
[2011/03/22 13:01:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\scfh
[2011/03/22 12:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2011/03/22 12:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2011/03/22 12:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2011/03/21 12:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2011/03/14 18:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter Standard
[2011/03/14 18:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PingPlotter Standard
[2011/03/12 17:13:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/03/09 16:20:29 | 000,445,440 | ---- | C] (Dino Chiesa) -- C:\Users\Chris\AppData\Roaming\Ionic.Zip.dll
[2011/03/09 16:20:29 | 000,133,632 | ---- | C] (Wandering Samurai Studios) -- C:\Users\Chris\AppData\Roaming\MWLL.AutoUpdater.exe
[2011/03/09 16:20:29 | 000,020,480 | ---- | C] (Wandering Samurai Studios) -- C:\Users\Chris\AppData\Roaming\MwllTorrent.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Chris\Desktop\*.tmp files -> C:\Users\Chris\Desktop\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/11 08:18:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/11 08:17:55 | 536,305,663 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/10 22:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164576052-2210846065-480863280-1001UA.job
[2011/04/10 19:26:17 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/04/10 19:26:17 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/10 18:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164576052-2210846065-480863280-1001Core.job
[2011/04/10 01:00:54 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/10 01:00:54 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/09 22:16:01 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2011/04/09 17:12:14 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/04/09 09:54:24 | 000,743,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/09 09:54:24 | 000,635,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/09 09:54:24 | 000,111,186 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/08 18:04:06 | 000,002,975 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/05 21:59:46 | 004,214,032 | ---- | M] () -- C:\Users\Chris\Documents\100_2482.JPG
[2011/04/05 21:59:43 | 001,932,474 | ---- | M] () -- C:\Users\Chris\Documents\100_2487.JPG
[2011/04/05 21:59:02 | 001,940,486 | ---- | M] () -- C:\Users\Chris\Documents\100_2488.JPG
[2011/04/05 21:58:56 | 001,998,913 | ---- | M] () -- C:\Users\Chris\Documents\100_2492.JPG
[2011/04/04 22:00:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/26 19:39:06 | 000,367,949 | ---- | M] () -- C:\Users\Chris\Desktop\help.png
[2011/03/24 16:39:44 | 000,029,162 | ---- | M] () -- C:\Users\Chris\Desktop\mikelapalette.png
[2011/03/23 20:08:12 | 001,288,803 | ---- | M] () -- C:\Users\Chris\Desktop\mikela.png
[2011/03/21 17:14:18 | 000,263,732 | ---- | M] () -- C:\Users\Chris\Desktop\futuretheme.lvl
[2011/03/20 00:03:04 | 000,898,948 | ---- | M] () -- C:\Users\Chris\Desktop\Julie.png
[2011/03/18 23:57:10 | 000,218,729 | ---- | M] () -- C:\Users\Chris\Desktop\face.png
[2011/03/17 18:36:44 | 000,267,336 | ---- | M] () -- C:\Users\Chris\Desktop\2.png
[2011/03/17 15:22:25 | 000,250,820 | ---- | M] () -- C:\Users\Chris\Desktop\1.png
[2011/03/15 12:46:38 | 000,402,299 | ---- | M] () -- C:\Users\Chris\Desktop\logo.jpg
[2011/03/15 12:46:38 | 000,370,042 | ---- | M] () -- C:\Users\Chris\Desktop\deputy_duck coloring.jpg
[2011/03/14 23:41:46 | 000,721,156 | ---- | M] () -- C:\Users\Chris\Desktop\Rain.jpg
[2011/03/14 19:16:16 | 000,218,601 | ---- | M] () -- C:\Users\Chris\Desktop\pingplot2.jpg
[2011/03/14 19:01:02 | 000,086,408 | ---- | M] () -- C:\Users\Chris\Desktop\pingplotter.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Chris\Desktop\*.tmp files -> C:\Users\Chris\Desktop\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/09 22:16:01 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2011/04/08 18:04:06 | 000,002,975 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/05 21:59:35 | 001,932,474 | ---- | C] () -- C:\Users\Chris\Documents\100_2487.JPG
[2011/04/05 21:59:31 | 004,214,032 | ---- | C] () -- C:\Users\Chris\Documents\100_2482.JPG
[2011/04/05 21:58:56 | 001,940,486 | ---- | C] () -- C:\Users\Chris\Documents\100_2488.JPG
[2011/04/05 21:58:49 | 001,998,913 | ---- | C] () -- C:\Users\Chris\Documents\100_2492.JPG
[2011/03/26 19:39:06 | 000,367,949 | ---- | C] () -- C:\Users\Chris\Desktop\help.png
[2011/03/24 16:39:44 | 000,029,162 | ---- | C] () -- C:\Users\Chris\Desktop\mikelapalette.png
[2011/03/23 20:08:11 | 001,288,803 | ---- | C] () -- C:\Users\Chris\Desktop\mikela.png
[2011/03/21 17:14:17 | 000,263,732 | ---- | C] () -- C:\Users\Chris\Desktop\futuretheme.lvl
[2011/03/20 00:03:03 | 000,898,948 | ---- | C] () -- C:\Users\Chris\Desktop\Julie.png
[2011/03/18 23:57:10 | 000,218,729 | ---- | C] () -- C:\Users\Chris\Desktop\face.png
[2011/03/17 18:36:44 | 000,267,336 | ---- | C] () -- C:\Users\Chris\Desktop\2.png
[2011/03/17 15:21:28 | 000,250,820 | ---- | C] () -- C:\Users\Chris\Desktop\1.png
[2011/03/15 12:47:09 | 000,402,299 | ---- | C] () -- C:\Users\Chris\Desktop\logo.jpg
[2011/03/15 12:47:09 | 000,370,042 | ---- | C] () -- C:\Users\Chris\Desktop\deputy_duck coloring.jpg
[2011/03/14 23:41:45 | 000,721,156 | ---- | C] () -- C:\Users\Chris\Desktop\Rain.jpg
[2011/03/14 19:16:15 | 000,218,601 | ---- | C] () -- C:\Users\Chris\Desktop\pingplot2.jpg
[2011/03/14 19:01:02 | 000,086,408 | ---- | C] () -- C:\Users\Chris\Desktop\pingplotter.jpg
[2011/03/14 16:46:41 | 000,152,168 | ---- | C] () -- C:\Users\Chris\Desktop\cars.lvl
[2011/03/09 16:20:29 | 001,806,336 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\mwll_torrent.dll
[2011/03/09 16:20:29 | 000,101,888 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Shd.dll
[2011/02/25 18:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/01/15 13:55:37 | 000,221,260 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/01/15 13:55:37 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/10/28 14:34:08 | 000,052,736 | -H-- | C] () -- C:\Windows\SysWow64\InfDshta.dll
[2010/10/21 15:41:00 | 000,197,472 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/09/11 20:30:15 | 000,000,120 | ---- | C] () -- C:\Users\Chris\AppData\Local\Mteteqicox.dat
[2010/09/11 20:30:15 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\Wbamuqahivafec.bin
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/19 14:37:33 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/05/25 15:32:38 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/05/09 17:13:01 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/05/04 09:42:50 | 000,000,287 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/03/26 18:54:29 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/02/15 19:52:44 | 000,266,400 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/02/15 19:49:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/02/01 16:00:21 | 000,000,093 | ---- | C] () -- C:\Users\Chris\AppData\Local\fusioncache.dat
[2010/02/01 15:14:19 | 000,748,260 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/26 18:16:57 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/01/08 12:32:35 | 000,000,000 | ---- | C] () -- C:\Windows\ABC_mru.ini
[2009/12/25 19:29:31 | 000,007,607 | ---- | C] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >


OTL Extras logfile created on: 4/11/2011 8:28:45 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 427.01 Gb Free Space | 45.85% Space Free | Partition Type: NTFS

Computer Name: SASHA | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3164576052-2210846065-480863280-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" File not found
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2DB39FB6-161E-44E7-B2A1-B654C85EFBC1}" = MySQL Server 5.5
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{936596DB-39C5-49D7-AD0C-9BB1BE1AF72C}" = TortoiseSVN 1.6.13.20954 (64 bit)
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DB26471F-EE71-49EB-BF42-65C08AD6C74F}" = MySQL Server 5.1
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EB7C6F78-2A27-4FEF-A98B-5F2698DC4CBF}" = Saitek SD6 Programming Software 6.6.6.9
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{0325F1C1-883A-41AB-8981-B27359ABDFAF}" = Joint Operations: Typhoon Rising
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2: Deluxe Edition
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks closed beta v.0.4.5
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48530DE6-19F9-489D-809E-AFAA8AACC6DF}" = SplitMediaLabs VH Screen Capture Driver (x86)
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C00A278-AB5F-4B16-BFEA-514850B99791}" = BF2:Sandbox
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D62E2E7-99D7-4709-8185-0A5EC5A72DF3}" = PlanetSide: Aftershock
"{7E4B7FD9-4ECE-4298-A910-3160B7918059}" = CryEngine(R)2 Sandbox(TM)2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F931595-5561-4E26-AC78-7E9B1E3E9C98}" = WeatherBug
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}" = IBM Lotus Forms Viewer 3.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AEEB3643-71DE-414d-9E3F-1159177FE211}" = Office Animation Runtime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D6D425D2-803F-40E8-9D65-3DC00D577C11}" = NavyFIELD NorthAmerica
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online - Eberron Unlimited™
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon Kindle For PC" = Amazon Kindle For PC
"ArmA 2" = ArmA 2 Uninstall
"avast5" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Celestia_is1" = Celestia 1.6.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EVEMon" = EVEMon
"FAM" = FAM 1.0.0.0
"Fraps" = Fraps (remove only)
"Freelancer 1.0" = Freelancer
"Graph_is1" = Graph 4.3
"Homeworld" = Homeworld
"Homeworld2" = Homeworld2
"IAPlayer" = InstantAction.com Plug-Ins
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PingPlotter Standard" = PingPlotter Standard 3.30.4s
"PowerISO" = PowerISO
"Precision" = EVGA Precision 1.9.5
"PROR" = Microsoft Office Professional 2007
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"Sandbox" = Sandbox
"Sins of a Solar Empire Trinity_is1" = Sins of a Solar Empire Trinity
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 11020" = TrackMania Nations Forever
"Steam App 12900" = Audiosurf
"Steam App 17340" = Crysis Wars
"Steam App 17410" = Mirror's Edge
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 26800" = Braid
"Steam App 33230" = Assassin's Creed II
"Steam App 380" = Half-Life 2: Episode One
"Steam App 39000" = Moonbase Alpha
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41300" = Altitude
"Steam App 41800" = Gratuitous Space Battles
"Steam App 42500" = DogFighter
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 49900" = Plain Sight
"Steam App 550" = Left 4 Dead 2
"Steam App 55000" = Flotilla
"Steam App 70" = Half-Life
"Steam App 99850" = Crysis 2 Demo
"Stellarium_is1" = Stellarium 0.10.6.1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinPcapInst" = WinPcap 4.1.2
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3164576052-2210846065-480863280-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/7/2010 9:30:48 PM | Computer Name = Sasha | Source = avast! | ID = 33554522
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Browser re-directs ad nauseum

Unread postby Elrond » April 12th, 2011, 2:09 pm

There is a bit more to do:

*/ ===== For Windows 7 ===== */
P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
P2P Program Name

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assitance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:
Remove P2P Program(s)
  1. Click on Start > Control Panel and double click on Programs and Features.
  2. Locate the following program:
    BitTorrent
  3. Click on the Change/Remove button to uninstall it.
  4. When the program(s) have been uninstalled... Close Control Panel.
[/list]
By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
References... siting risk factors, using P2P programs: Malware: Help prevent the Infection and How to Prevent the Online Invasion of Spyware and Adware



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :OTL
    [2010/09/11 20:30:14 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CHRIS\APPDATA\LOCAL\{E4294DD8-ACD8-4C5D-986A-5968A1142E5A}
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - Reg Error: Value error. File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-21-3164576052-2210846065-480863280-1001..\Run: [BitTorrent DNA] C:\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
    O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
    O15 - HKU\S-1-5-21-3164576052-2210846065-480863280-1001\..Trusted Domains: minecraft.net ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-3164576052-2210846065-480863280-1001\..Trusted Domains: minecraft.net ([www] https in Trusted sites)
    O18:64bit: - Protocol\Handler\javascript - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\javascript - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O36 - AppCertDlls: sethtion - (C:\Windows\system32\InfDshta.dll) - C:\Windows\SysWOW64\InfDshta.dll ()
    O36 - AppCertDlls: SetImote - (C:\Windows\system32\instexec.dll) - File not found
    
    
    :Services
    
    
    :Reg
    
    
    :Files
    C:\Windows\SysWow64\InfDshta.dll
    C:\Users\Chris\AppData\Local\Mteteqicox.dat
    C:\Users\Chris\AppData\Local\Wbamuqahivafec.bin
    C:\Windows\SysWow64\pbsvc.exe
    C:\USERS\CHRIS\APPDATA\LOCAL\{E4294DD8-ACD8-4C5D-986A-5968A1142E5A}
    
    :Commands
    [purity]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Also let me know how the computer is behaving.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Browser re-directs ad nauseum

Unread postby overdrive148 » April 12th, 2011, 6:02 pm

Log that appeared after restarting (posting because it might be necessary/to avoid another post if it is)
All processes killed
========== OTL ==========
C:\USERS\CHRIS\APPDATA\LOCAL\{E4294DD8-ACD8-4C5D-986A-5968A1142E5A}\chrome\content folder moved successfully.
C:\USERS\CHRIS\APPDATA\LOCAL\{E4294DD8-ACD8-4C5D-986A-5968A1142E5A}\chrome folder moved successfully.
C:\USERS\CHRIS\APPDATA\LOCAL\{E4294DD8-ACD8-4C5D-986A-5968A1142E5A} folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3164576052-2210846065-480863280-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA deleted successfully.
C:\Program Files (x86)\DNA\btdna.exe moved successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3164576052-2210846065-480863280-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\minecraft.net\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3164576052-2210846065-480863280-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\minecraft.net\www\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\javascript\ deleted successfully.
File Protocol\Handler\javascript - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\javascript\ not found.
File Protocol\Handler\javascript - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\sethtion deleted successfully.
C:\Windows\SysWOW64\InfDshta.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\SetImote deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Windows\SysWow64\InfDshta.dll not found.
C:\Users\Chris\AppData\Local\Mteteqicox.dat moved successfully.
C:\Users\Chris\AppData\Local\Wbamuqahivafec.bin moved successfully.
C:\Windows\SysWow64\pbsvc.exe moved successfully.
File\Folder C:\USERS\CHRIS\APPDATA\LOCAL\{E4294DD8-ACD8-4C5D-986A-5968A1142E5A} not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 1800974 bytes
->Temporary Internet Files folder emptied: 92792165 bytes
->Java cache emptied: 64916965 bytes
->FireFox cache emptied: 57433417 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 29999 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1271082 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 642598397 bytes

Total Files Cleaned = 821.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.22.3 log created on 04122011_144442

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMJQQN9K\addons-tracker-v4[1].htm moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


The logs of the quick scan, after restart:
, or OTL logfile created on: 4/12/2011 2:52:18 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 426.78 Gb Free Space | 45.82% Space Free | Partition Type: NTFS

Computer Name: SASHA | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chris\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Chris\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (SaiH0255) -- C:\Windows\SysNative\drivers\SaiH0255.sys (Saitek)
DRV:64bit: - (DAdderFltr) -- C:\Windows\SysNative\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 B3 E3 53 86 EA CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.1
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51


FF - HKLM\software\mozilla\Firefox\Extensions\\{E4294DD8-ACD8-4C5D-986A-5968A1142E5A}: C:\Users\Chris\AppData\Local\{E4294DD8-ACD8-4C5D-986A-5968A1142E5A}
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/15 14:01:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/07 09:30:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/23 21:09:53 | 000,000,000 | ---D | M]

[2009/12/25 19:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/04/11 12:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\8p6iyrhu.default\extensions
[2010/05/03 12:27:19 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\8p6iyrhu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/02/10 23:25:51 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\8p6iyrhu.default\extensions\DeviceDetection@logitech.com
[2010/02/02 00:19:42 | 000,000,000 | ---D | M] (InstantAction.com Game Launcher) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\8p6iyrhu.default\extensions\iaplayer@instantaction.com
[2011/04/11 12:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/22 10:54:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/11/28 16:19:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/10 14:06:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/15 14:01:11 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2003/03/18 22:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\mfc71.dll
[2003/02/21 05:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\msvcr71.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/05/19 11:05:00 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.microsoft.com/download/ ... msorun.cab (IEAnimBehaviorFactory Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{86c062ac-3b47-11df-9534-001fc66ebc57}\Shell - "" = AutoRun
O33 - MountPoints2\{86c062ac-3b47-11df-9534-001fc66ebc57}\Shell\AutoRun\command - "" = I:\setup.exe
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/12 13:56:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/09 22:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livestream Procaster
[2011/04/09 11:10:32 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Ubisoft Game Launcher
[2011/04/09 11:07:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Ubisoft
[2011/04/09 11:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011/04/09 11:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011/04/08 18:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/04/08 18:04:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/03/31 17:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011/03/31 17:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011/03/23 16:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SplitMediaLabs
[2011/03/22 13:11:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\CrashRpt
[2011/03/22 13:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livestream Procaster
[2011/03/22 13:01:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\scfh
[2011/03/22 12:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs
[2011/03/22 12:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
[2011/03/22 12:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitMediaLabs
[2011/03/21 12:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2011/03/14 18:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PingPlotter Standard
[2011/03/14 18:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PingPlotter Standard
[2011/03/09 16:20:29 | 000,445,440 | ---- | C] (Dino Chiesa) -- C:\Users\Chris\AppData\Roaming\Ionic.Zip.dll
[2011/03/09 16:20:29 | 000,133,632 | ---- | C] (Wandering Samurai Studios) -- C:\Users\Chris\AppData\Roaming\MWLL.AutoUpdater.exe
[2011/03/09 16:20:29 | 000,020,480 | ---- | C] (Wandering Samurai Studios) -- C:\Users\Chris\AppData\Roaming\MwllTorrent.dll
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/12 14:48:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/12 14:47:52 | 536,305,663 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/12 13:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164576052-2210846065-480863280-1001UA.job
[2011/04/11 18:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3164576052-2210846065-480863280-1001Core.job
[2011/04/10 19:26:17 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/04/10 19:26:17 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/10 01:00:54 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/10 01:00:54 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/09 22:16:01 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2011/04/09 17:12:14 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/04/09 09:54:24 | 000,743,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/09 09:54:24 | 000,635,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/09 09:54:24 | 000,111,186 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/08 18:04:06 | 000,002,975 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/05 21:59:46 | 004,214,032 | ---- | M] () -- C:\Users\Chris\Documents\100_2482.JPG
[2011/04/05 21:59:43 | 001,932,474 | ---- | M] () -- C:\Users\Chris\Documents\100_2487.JPG
[2011/04/05 21:59:02 | 001,940,486 | ---- | M] () -- C:\Users\Chris\Documents\100_2488.JPG
[2011/04/05 21:58:56 | 001,998,913 | ---- | M] () -- C:\Users\Chris\Documents\100_2492.JPG
[2011/04/04 22:00:18 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/03/26 19:39:06 | 000,367,949 | ---- | M] () -- C:\Users\Chris\Desktop\help.png
[2011/03/24 16:39:44 | 000,029,162 | ---- | M] () -- C:\Users\Chris\Desktop\mikelapalette.png
[2011/03/23 20:08:12 | 001,288,803 | ---- | M] () -- C:\Users\Chris\Desktop\mikela.png
[2011/03/21 17:14:18 | 000,263,732 | ---- | M] () -- C:\Users\Chris\Desktop\futuretheme.lvl
[2011/03/20 00:03:04 | 000,898,948 | ---- | M] () -- C:\Users\Chris\Desktop\Julie.png
[2011/03/18 23:57:10 | 000,218,729 | ---- | M] () -- C:\Users\Chris\Desktop\face.png
[2011/03/17 18:36:44 | 000,267,336 | ---- | M] () -- C:\Users\Chris\Desktop\2.png
[2011/03/17 15:22:25 | 000,250,820 | ---- | M] () -- C:\Users\Chris\Desktop\1.png
[2011/03/15 12:46:38 | 000,402,299 | ---- | M] () -- C:\Users\Chris\Desktop\logo.jpg
[2011/03/15 12:46:38 | 000,370,042 | ---- | M] () -- C:\Users\Chris\Desktop\deputy_duck coloring.jpg
[2011/03/14 23:41:46 | 000,721,156 | ---- | M] () -- C:\Users\Chris\Desktop\Rain.jpg
[2011/03/14 19:16:16 | 000,218,601 | ---- | M] () -- C:\Users\Chris\Desktop\pingplot2.jpg
[2011/03/14 19:01:02 | 000,086,408 | ---- | M] () -- C:\Users\Chris\Desktop\pingplotter.jpg
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/09 22:16:01 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2011/04/08 18:04:06 | 000,002,975 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/05 21:59:35 | 001,932,474 | ---- | C] () -- C:\Users\Chris\Documents\100_2487.JPG
[2011/04/05 21:59:31 | 004,214,032 | ---- | C] () -- C:\Users\Chris\Documents\100_2482.JPG
[2011/04/05 21:58:56 | 001,940,486 | ---- | C] () -- C:\Users\Chris\Documents\100_2488.JPG
[2011/04/05 21:58:49 | 001,998,913 | ---- | C] () -- C:\Users\Chris\Documents\100_2492.JPG
[2011/03/26 19:39:06 | 000,367,949 | ---- | C] () -- C:\Users\Chris\Desktop\help.png
[2011/03/24 16:39:44 | 000,029,162 | ---- | C] () -- C:\Users\Chris\Desktop\mikelapalette.png
[2011/03/23 20:08:11 | 001,288,803 | ---- | C] () -- C:\Users\Chris\Desktop\mikela.png
[2011/03/21 17:14:17 | 000,263,732 | ---- | C] () -- C:\Users\Chris\Desktop\futuretheme.lvl
[2011/03/20 00:03:03 | 000,898,948 | ---- | C] () -- C:\Users\Chris\Desktop\Julie.png
[2011/03/18 23:57:10 | 000,218,729 | ---- | C] () -- C:\Users\Chris\Desktop\face.png
[2011/03/17 18:36:44 | 000,267,336 | ---- | C] () -- C:\Users\Chris\Desktop\2.png
[2011/03/17 15:21:28 | 000,250,820 | ---- | C] () -- C:\Users\Chris\Desktop\1.png
[2011/03/15 12:47:09 | 000,402,299 | ---- | C] () -- C:\Users\Chris\Desktop\logo.jpg
[2011/03/15 12:47:09 | 000,370,042 | ---- | C] () -- C:\Users\Chris\Desktop\deputy_duck coloring.jpg
[2011/03/14 23:41:45 | 000,721,156 | ---- | C] () -- C:\Users\Chris\Desktop\Rain.jpg
[2011/03/14 19:16:15 | 000,218,601 | ---- | C] () -- C:\Users\Chris\Desktop\pingplot2.jpg
[2011/03/14 19:01:02 | 000,086,408 | ---- | C] () -- C:\Users\Chris\Desktop\pingplotter.jpg
[2011/03/14 16:46:41 | 000,152,168 | ---- | C] () -- C:\Users\Chris\Desktop\cars.lvl
[2011/03/09 16:20:29 | 001,806,336 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\mwll_torrent.dll
[2011/03/09 16:20:29 | 000,101,888 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Shd.dll
[2011/02/25 18:19:32 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/01/15 13:55:37 | 000,221,260 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/01/15 13:55:37 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/10/21 15:41:00 | 000,197,472 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/05/25 15:32:38 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/05/09 17:13:01 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010/05/04 09:42:50 | 000,000,287 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/03/26 18:54:29 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/02/15 19:52:44 | 000,266,400 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/02/15 19:49:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/02/01 16:00:21 | 000,000,093 | ---- | C] () -- C:\Users\Chris\AppData\Local\fusioncache.dat
[2010/02/01 15:14:19 | 000,748,260 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/26 18:16:57 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/01/08 12:32:35 | 000,000,000 | ---- | C] () -- C:\Windows\ABC_mru.ini
[2009/12/25 19:29:31 | 000,007,607 | ---- | C] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/03/19 14:22:08 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\.minecraft
[2011/01/24 12:21:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Amazon
[2011/03/04 20:26:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Braid
[2010/03/30 08:45:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Lite
[2011/04/12 14:40:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DNA
[2010/11/17 20:54:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox
[2010/11/29 10:16:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\EVEMon
[2010/06/16 22:47:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Facebook
[2010/05/23 18:01:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FileZilla
[2010/01/12 22:00:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\gtk-2.0
[2009/12/25 20:33:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2010/01/08 17:19:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org
[2011/02/26 13:50:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera
[2010/02/16 15:33:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PureEdge
[2011/02/25 14:50:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Rainmeter
[2010/07/14 15:14:35 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Screaming Bee
[2011/01/18 12:37:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Stellarium
[2011/01/05 20:19:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Subversion
[2011/04/01 22:54:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SystemRequirementsLab
[2010/12/29 18:32:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TeamViewer
[2011/03/22 20:49:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
[2010/08/13 11:28:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Turbine
[2011/04/09 11:07:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ubisoft
[2011/03/10 16:10:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\UnknownApplicationVendor
[2010/09/02 21:20:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\W
[2010/12/25 18:02:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\wargaming.net
[2009/12/25 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WeatherBug
[2010/07/21 08:31:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WinBatch
[2011/04/06 08:49:08 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


I removed bittorrent as requested. Performance wise, I have not had any re-directs lately. I don't know if this is the result of the previous malwarebytes/spybot S&D scans or the actions taken through this forum. I am not sure if the re-directs problem is totally gone or is just not re-directing me right now (it seemed intermittent before; sometimes it would, sometimes it wouldn't). As for the Yahoo messenger scam attempts, I have not had one for about a week prior to posting here, and have not had one since action began here.
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Browser re-directs ad nauseum

Unread postby Elrond » April 13th, 2011, 3:50 am

Let me know how it goes in another 48 hours. I do not see anything in the logs but as you say that it is intermittent I want to be sure that it does not return. Once that period has past I will give you instuctions about what to do next.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Browser re-directs ad nauseum

Unread postby Elrond » April 13th, 2011, 12:55 pm

While we wait and see if the redirects come back please do the following:

ESET NOD32 Online Scan
You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
Remember to enable your Anti-virus protection... before continuing!
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Browser re-directs ad nauseum

Unread postby overdrive148 » April 13th, 2011, 5:54 pm

Two hours after starting the scan:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=f20d72dee3287341be2df49927514683
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-13 09:49:16
# local_time=2011-04-13 02:49:16 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=770 16774141 100 97 29588143 238083270 0 0
# compatibility_mode=5893 16776573 100 94 4645673 54267166 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=546537
# found=18
# cleaned=0
# scan_time=7640
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\70z1twrhrz.exe Win32/Krepper.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\gb0fft24h2.exe Win32/Krepper.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\hji8w6a5jj.exe Win32/Krepper.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\internt.exe a variant of Win32/Dialer.EB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\tr127oouny.exe Win32/Krepper.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\yo34tbbkpb.exe Win32/Krepper.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\7m2gsyiu6bvn.dll Win32/Krepper.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\9kc08ze12f163.dll Win32/Krepper.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\9s228om17s0.exe Win32/Krepper.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\f3ren6pgwp6.dll Win32/TrojanDownloader.Small.NBF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\Hot_Party16-uninstall.exe a variant of Win32/Dialer.DialerComp application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\mdnme1bydce7z.dll Win32/TrojanDownloader.Small.NBF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\mzw1fb6s91lthd.exe Win32/Krepper.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\rp8iwnkz73mr.dll Win32/Krepper.AE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM32\rundll32.vbe VBS/StartPage.U.gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\TEMP\166002227.tmp Win32/Krepper.AJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\TEMP\481861.tmp Win32/Krepper.AJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\04122011_144442\C_Windows\SysWOW64\InfDshta.dll a variant of Win32/Kryptik.HTA trojan (unable to clean) 00000000000000000000000000000000 I


The folder that all but one of those was found is part of a backup from an old computer of mine that has since been re-formatted and turned into a desktop for my father. I have not run anything in that folder, nor visited it since moving it off the external HDD.
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Browser re-directs ad nauseum

Unread postby Elrond » April 13th, 2011, 11:18 pm

A nice little collection.

I would like you to do the following:

Step ?
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.


Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    :otl
    :services
    :reg
    :files
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\70z1twrhrz.exe 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\gb0fft24h2.exe 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\hji8w6a5jj.exe 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\internt.exe 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\tr127oouny.exe 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\yo34tbbkpb.exe 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\7m2gsyiu6bvn.dll 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\9kc08ze12f163.dll 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\9s228om17s0.exe 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\f3ren6pgwp6.dll 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\Hot_Party16-uninstall.exe
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\mdnme1bydce7z.dll
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\mzw1fb6s91lthd.exe 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\rp8iwnkz73mr.dll 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM32\rundll32.vbe 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\TEMP\166002227.tmp 
    C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\TEMP\481861.tmp 
    C:\_OTL\MovedFiles\04122011_144442\C_Windows\SysWOW64\InfDshta.dll
    :commands
    [PURITY]
    [EMPTYTEMP]
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please let me have the logs from
TDSSKiller
OTL
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Re: Browser re-directs ad nauseum

Unread postby overdrive148 » April 14th, 2011, 1:10 am

TDSS logs. Found nothing but a suspicious object by the name of sptd. The default state was to skip.

2011/04/13 22:01:16.0400 6004 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/13 22:01:16.0727 6004 ================================================================================
2011/04/13 22:01:16.0727 6004 SystemInfo:
2011/04/13 22:01:16.0727 6004
2011/04/13 22:01:16.0727 6004 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/13 22:01:16.0727 6004 Product type: Workstation
2011/04/13 22:01:16.0727 6004 ComputerName: SASHA
2011/04/13 22:01:16.0727 6004 UserName: Chris
2011/04/13 22:01:16.0727 6004 Windows directory: C:\Windows
2011/04/13 22:01:16.0727 6004 System windows directory: C:\Windows
2011/04/13 22:01:16.0727 6004 Running under WOW64
2011/04/13 22:01:16.0727 6004 Processor architecture: Intel x64
2011/04/13 22:01:16.0727 6004 Number of processors: 4
2011/04/13 22:01:16.0727 6004 Page size: 0x1000
2011/04/13 22:01:16.0727 6004 Boot type: Normal boot
2011/04/13 22:01:16.0727 6004 ================================================================================
2011/04/13 22:01:21.0841 6004 Initialize success
2011/04/13 22:01:42.0974 3636 ================================================================================
2011/04/13 22:01:42.0974 3636 Scan started
2011/04/13 22:01:42.0974 3636 Mode: Manual;
2011/04/13 22:01:42.0974 3636 ================================================================================
2011/04/13 22:01:44.0081 3636 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/13 22:01:44.0128 3636 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/13 22:01:44.0159 3636 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/13 22:01:44.0206 3636 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/13 22:01:44.0237 3636 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/13 22:01:44.0269 3636 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/13 22:01:44.0331 3636 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/13 22:01:44.0362 3636 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/13 22:01:44.0393 3636 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/13 22:01:44.0409 3636 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/13 22:01:44.0440 3636 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/13 22:01:44.0456 3636 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/13 22:01:44.0487 3636 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/13 22:01:44.0503 3636 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/13 22:01:44.0534 3636 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/13 22:01:44.0565 3636 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/13 22:01:44.0627 3636 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/13 22:01:44.0643 3636 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/13 22:01:44.0690 3636 aswFsBlk (84f3571ee66e24ec3d4083ced7b1942c) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/13 22:01:44.0721 3636 aswMonFlt (33589943084ce93d3de02fcc276dd394) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/13 22:01:44.0737 3636 aswRdr (fa10d9a448e6e6b8d5b28a0cdee44dbe) C:\Windows\system32\drivers\aswRdr.sys
2011/04/13 22:01:44.0752 3636 aswSP (b0da6281a0bdd76d0d546da026961859) C:\Windows\system32\drivers\aswSP.sys
2011/04/13 22:01:44.0783 3636 aswTdi (a177990c3a524fbec22913dffba9a171) C:\Windows\system32\drivers\aswTdi.sys
2011/04/13 22:01:44.0846 3636 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/13 22:01:44.0877 3636 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/13 22:01:44.0971 3636 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/13 22:01:45.0017 3636 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/13 22:01:45.0080 3636 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/13 22:01:45.0127 3636 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/13 22:01:45.0158 3636 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/13 22:01:45.0173 3636 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/13 22:01:45.0205 3636 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/13 22:01:45.0251 3636 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/13 22:01:45.0314 3636 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/13 22:01:45.0329 3636 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/13 22:01:45.0361 3636 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/13 22:01:45.0392 3636 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/13 22:01:45.0439 3636 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/13 22:01:45.0470 3636 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/13 22:01:45.0501 3636 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/13 22:01:45.0532 3636 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/13 22:01:45.0626 3636 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/13 22:01:45.0641 3636 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/13 22:01:45.0673 3636 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/13 22:01:45.0704 3636 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/13 22:01:45.0735 3636 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/13 22:01:45.0751 3636 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/13 22:01:45.0813 3636 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) C:\Windows\system32\drivers\dadder.sys
2011/04/13 22:01:45.0844 3636 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/13 22:01:45.0875 3636 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/13 22:01:45.0922 3636 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/13 22:01:45.0985 3636 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/13 22:01:46.0031 3636 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/13 22:01:46.0063 3636 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/13 22:01:46.0109 3636 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/13 22:01:46.0203 3636 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/13 22:01:46.0343 3636 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/13 22:01:46.0468 3636 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/13 22:01:46.0484 3636 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/13 22:01:46.0546 3636 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/13 22:01:46.0562 3636 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/13 22:01:46.0609 3636 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/13 22:01:46.0640 3636 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/13 22:01:46.0655 3636 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/13 22:01:46.0687 3636 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/13 22:01:46.0718 3636 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/13 22:01:46.0749 3636 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/13 22:01:46.0780 3636 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/13 22:01:46.0811 3636 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/13 22:01:46.0858 3636 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/13 22:01:46.0905 3636 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/13 22:01:46.0967 3636 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/13 22:01:47.0108 3636 HCW85BDA (98405343d7dcd330fe1b08c8f4c3900c) C:\Windows\system32\drivers\HCW85BDA.sys
2011/04/13 22:01:47.0186 3636 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/13 22:01:47.0217 3636 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/13 22:01:47.0264 3636 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/13 22:01:47.0326 3636 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/13 22:01:47.0342 3636 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/13 22:01:47.0373 3636 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/13 22:01:47.0435 3636 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/13 22:01:47.0529 3636 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/13 22:01:47.0560 3636 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/13 22:01:47.0591 3636 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/13 22:01:47.0623 3636 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/13 22:01:47.0654 3636 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/13 22:01:47.0701 3636 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/13 22:01:47.0825 3636 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/13 22:01:47.0872 3636 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/13 22:01:47.0903 3636 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/13 22:01:47.0935 3636 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/13 22:01:47.0950 3636 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/13 22:01:47.0981 3636 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/13 22:01:48.0028 3636 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/13 22:01:48.0044 3636 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/13 22:01:48.0075 3636 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/13 22:01:48.0106 3636 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/13 22:01:48.0153 3636 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/13 22:01:48.0200 3636 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/13 22:01:48.0247 3636 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/13 22:01:48.0278 3636 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/13 22:01:48.0340 3636 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
2011/04/13 22:01:48.0387 3636 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
2011/04/13 22:01:48.0418 3636 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/13 22:01:48.0465 3636 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/13 22:01:48.0496 3636 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/13 22:01:48.0512 3636 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/13 22:01:48.0543 3636 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/13 22:01:48.0559 3636 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/13 22:01:48.0590 3636 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/04/13 22:01:48.0605 3636 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
2011/04/13 22:01:48.0699 3636 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\DRIVERS\LVUSBS64.sys
2011/04/13 22:01:48.0746 3636 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/13 22:01:48.0793 3636 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/13 22:01:48.0824 3636 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/13 22:01:48.0871 3636 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/13 22:01:48.0917 3636 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/13 22:01:48.0933 3636 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/13 22:01:48.0964 3636 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/13 22:01:48.0980 3636 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/13 22:01:49.0011 3636 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/13 22:01:49.0042 3636 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/13 22:01:49.0089 3636 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/13 22:01:49.0245 3636 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/13 22:01:49.0323 3636 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/13 22:01:49.0339 3636 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/13 22:01:49.0354 3636 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/13 22:01:49.0401 3636 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/13 22:01:49.0417 3636 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/13 22:01:49.0432 3636 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/13 22:01:49.0479 3636 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/13 22:01:49.0495 3636 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/13 22:01:49.0526 3636 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/13 22:01:49.0541 3636 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/13 22:01:49.0573 3636 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/13 22:01:49.0604 3636 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/13 22:01:49.0635 3636 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/13 22:01:49.0666 3636 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/13 22:01:49.0713 3636 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/13 22:01:49.0760 3636 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/13 22:01:49.0791 3636 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/13 22:01:49.0807 3636 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/13 22:01:49.0838 3636 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/13 22:01:49.0853 3636 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/13 22:01:49.0885 3636 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/13 22:01:49.0916 3636 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/13 22:01:49.0947 3636 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/13 22:01:50.0025 3636 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys
2011/04/13 22:01:50.0072 3636 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/13 22:01:50.0134 3636 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
2011/04/13 22:01:50.0165 3636 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/13 22:01:50.0197 3636 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/13 22:01:50.0243 3636 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/13 22:01:50.0306 3636 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/13 22:01:50.0353 3636 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/04/13 22:01:50.0867 3636 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/13 22:01:51.0008 3636 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/04/13 22:01:51.0039 3636 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/13 22:01:51.0070 3636 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/04/13 22:01:51.0101 3636 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/13 22:01:51.0133 3636 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/13 22:01:51.0179 3636 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/13 22:01:51.0226 3636 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/13 22:01:51.0257 3636 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/13 22:01:51.0304 3636 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/13 22:01:51.0335 3636 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/13 22:01:51.0367 3636 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/13 22:01:51.0382 3636 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/13 22:01:51.0429 3636 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/13 22:01:51.0569 3636 PID_PEPI (ae0b94363da0f60d42b9d05b352f61ed) C:\Windows\system32\DRIVERS\LV302V64.SYS
2011/04/13 22:01:51.0788 3636 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/13 22:01:51.0819 3636 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/13 22:01:51.0866 3636 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/13 22:01:51.0959 3636 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/13 22:01:52.0022 3636 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/13 22:01:52.0069 3636 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/13 22:01:52.0084 3636 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/13 22:01:52.0115 3636 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/13 22:01:52.0147 3636 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/13 22:01:52.0193 3636 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/13 22:01:52.0209 3636 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/13 22:01:52.0240 3636 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/13 22:01:52.0256 3636 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/13 22:01:52.0287 3636 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/13 22:01:52.0303 3636 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/13 22:01:52.0334 3636 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/13 22:01:52.0365 3636 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/13 22:01:52.0396 3636 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/13 22:01:52.0459 3636 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/13 22:01:52.0505 3636 SaiH0255 (45c0b193065219189772a038e6c29d49) C:\Windows\system32\DRIVERS\SaiH0255.sys
2011/04/13 22:01:52.0568 3636 SaiMini (296d0cc623eeb6d2b9800ad421f9116a) C:\Windows\system32\DRIVERS\SaiMini.sys
2011/04/13 22:01:52.0630 3636 SaiNtBus (6a77d63b566df14da0e7dd0d2c594ef7) C:\Windows\system32\drivers\SaiBus.sys
2011/04/13 22:01:52.0661 3636 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/13 22:01:52.0739 3636 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
2011/04/13 22:01:52.0755 3636 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/13 22:01:52.0817 3636 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) C:\Windows\system32\drivers\ScreamingBAudio64.sys
2011/04/13 22:01:52.0849 3636 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/13 22:01:52.0927 3636 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/13 22:01:52.0958 3636 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/13 22:01:52.0989 3636 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/13 22:01:53.0051 3636 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/13 22:01:53.0083 3636 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/13 22:01:53.0098 3636 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/13 22:01:53.0129 3636 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/13 22:01:53.0176 3636 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/13 22:01:53.0192 3636 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/13 22:01:53.0239 3636 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/13 22:01:53.0348 3636 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/13 22:01:53.0457 3636 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/04/13 22:01:53.0457 3636 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/04/13 22:01:53.0473 3636 sptd - detected Locked file (1)
2011/04/13 22:01:53.0519 3636 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/13 22:01:53.0582 3636 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/13 22:01:53.0660 3636 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/13 22:01:53.0722 3636 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/13 22:01:53.0753 3636 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/13 22:01:53.0863 3636 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/13 22:01:53.0972 3636 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/13 22:01:54.0019 3636 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/13 22:01:54.0034 3636 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/13 22:01:54.0050 3636 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/13 22:01:54.0081 3636 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/13 22:01:54.0128 3636 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/13 22:01:54.0190 3636 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/13 22:01:54.0206 3636 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/13 22:01:54.0237 3636 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/13 22:01:54.0268 3636 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/13 22:01:54.0315 3636 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/13 22:01:54.0331 3636 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/13 22:01:54.0362 3636 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/13 22:01:54.0424 3636 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/13 22:01:54.0471 3636 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/13 22:01:54.0549 3636 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/13 22:01:54.0580 3636 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/13 22:01:54.0643 3636 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/13 22:01:54.0721 3636 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/13 22:01:54.0767 3636 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/13 22:01:54.0814 3636 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/13 22:01:54.0845 3636 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/13 22:01:54.0877 3636 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/13 22:01:54.0923 3636 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/13 22:01:54.0939 3636 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/13 22:01:54.0970 3636 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/13 22:01:55.0001 3636 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/13 22:01:55.0048 3636 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/13 22:01:55.0079 3636 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/13 22:01:55.0126 3636 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/13 22:01:55.0189 3636 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/13 22:01:55.0220 3636 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/13 22:01:55.0251 3636 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/13 22:01:55.0298 3636 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/13 22:01:55.0360 3636 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/13 22:01:55.0407 3636 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 22:01:55.0438 3636 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 22:01:55.0485 3636 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/13 22:01:55.0516 3636 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/13 22:01:55.0610 3636 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/13 22:01:55.0641 3636 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/13 22:01:55.0719 3636 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/13 22:01:55.0766 3636 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/13 22:01:55.0797 3636 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/13 22:01:55.0828 3636 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/13 22:01:55.0891 3636 ================================================================================
2011/04/13 22:01:55.0891 3636 Scan finished
2011/04/13 22:01:55.0891 3636 ================================================================================
2011/04/13 22:01:55.0906 4780 Detected object count: 1
2011/04/13 22:02:33.0019 4780 Locked file(sptd) - User select action: Skip


The logs from OTL, after restarting.

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\70z1twrhrz.exe moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\gb0fft24h2.exe moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\hji8w6a5jj.exe moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\internt.exe moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\tr127oouny.exe moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\yo34tbbkpb.exe moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\7m2gsyiu6bvn.dll moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\9kc08ze12f163.dll moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\9s228om17s0.exe moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\f3ren6pgwp6.dll moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\Hot_Party16-uninstall.exe moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\mdnme1bydce7z.dll moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\mzw1fb6s91lthd.exe moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM\rp8iwnkz73mr.dll moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\SYSTEM32\rundll32.vbe moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\TEMP\166002227.tmp moved successfully.
C:\Users\Chris\Desktop\Chris's Stuff\New folder (4)\WINDOWS\TEMP\481861.tmp moved successfully.
C:\_OTL\MovedFiles\04122011_144442\C_Windows\SysWOW64\InfDshta.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 52272 bytes
->Temporary Internet Files folder emptied: 11789006 bytes
->Java cache emptied: 9077 bytes
->FireFox cache emptied: 97500069 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 9484 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1191877 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 105.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.22.3 log created on 04132011_215437

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


I assume that is a nasty set of trojans and the like in that folder?
overdrive148
Regular Member
 
Posts: 26
Joined: April 8th, 2011, 9:12 pm

Re: Browser re-directs ad nauseum

Unread postby Elrond » April 14th, 2011, 1:44 pm

I would like to see what Malwarebytes Anti-Malware will show now:

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 200 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware