|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
February 3rd, 2013, 01:50 AM
|
||||
|
||||
|
secure browser doesn't work - Secunia PSI won't load
I'm having several problems, they are probably related. I first noticed the new update to Secunia PSI won't run. It starts a scan, but never finishes it. Ever. It used to run. Something has changed. Secunia suggested I go in and add them as a 'trusted site'. I did that it still won't scan.
I also can't log in to my secure bank account. Well, I log in, then it's immediately "reset". Same thing at PayPal, same thing at TurboTax. I don't seem to have a browser problem unless it's a secure site, then it doesn't work at all or it constantly resets. This computer is on my Belkin wireless router Thanks 
|
|
#2
February 3rd, 2013, 06:55 AM
|
||||
|
||||
|
Hello, cajungenes2
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix:
Which browser do you use? Same problem with another browser?
Please download aswMBR ( 511KB ) to your desktop.
|
icon on your desktop.|
#3
February 3rd, 2013, 07:47 PM
|
||||
|
||||
|
OTL logfile created on: 2/3/2013 12:25:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cajun Castle\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.87 Gb Total Physical Memory | 3.98 Gb Available Physical Memory | 67.92% Memory free 11.73 Gb Paging File | 9.65 Gb Available in Paging File | 82.26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919.41 Gb Total Space | 756.95 Gb Free Space | 82.33% Space Free | Partition Type: NTFS Computer Name: CAJUNCASTLE-PC | User Name: Cajun Castle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/03 12:24:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cajun Castle\Desktop\OTL.exe PRC - [2013/01/19 08:19:49 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/08/29 12:35:44 | 006,315,680 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/11/14 14:13:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe PRC - [2011/11/14 14:13:32 | 001,884,064 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe PRC - [2011/11/14 14:13:30 | 007,029,664 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe PRC - [2010/03/25 13:04:14 | 005,578,224 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\AHClient.exe PRC - [2009/10/13 13:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe PRC - [2009/08/21 02:15:32 | 000,900,816 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi.exe PRC - [2009/08/03 10:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009/07/20 15:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe PRC - [2007/01/30 02:08:40 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ========== Modules (No Company Name) ========== MOD - [2013/01/19 08:19:49 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013/01/10 03:28:22 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\c6fb88c8055653672314c29ca4b78a7e \System.Windows.Forms.ni.dll MOD - [2013/01/10 03:28:17 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\Syste m.Drawing.ni.dll MOD - [2013/01/10 03:28:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xm l.ni.dll MOD - [2013/01/10 03:27:59 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013/01/10 03:27:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\96a3b737db1e72adaf32d2b350e50c23 \System.Configuration.ni.dll MOD - [2013/01/10 03:27:54 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni .dll MOD - [2011/11/14 14:13:38 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll MOD - [2011/11/14 13:28:24 | 000,663,552 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/08/22 19:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll MOD - [2010/08/22 19:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll MOD - [2010/08/22 19:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll MOD - [2010/08/22 19:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll MOD - [2010/08/22 18:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll MOD - [2010/03/25 13:04:14 | 005,578,224 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\AHClient.exe MOD - [2010/03/25 13:03:38 | 000,765,488 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\XML.dll MOD - [2010/03/25 13:03:38 | 000,453,680 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\REALSQLDatabase.dll MOD - [2010/03/25 13:03:38 | 000,214,064 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\PNGUtilitiesPluginV181.DLL MOD - [2010/03/25 13:03:38 | 000,150,576 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\RegEx.dll MOD - [2010/03/25 13:03:38 | 000,138,288 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\Appearance Pak.dll MOD - [2010/03/25 13:03:38 | 000,101,424 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\Shell.dll MOD - [2010/03/25 13:03:38 | 000,101,424 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\Browser Plugin.dll MOD - [2010/03/25 13:03:38 | 000,076,848 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\Internet Encodings.dll MOD - [2010/03/25 13:03:38 | 000,057,392 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\MBSStringPlugin15968.dll MOD - [2010/03/25 13:03:38 | 000,038,448 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\MBSProcessPlugin15968.dll MOD - [2010/03/25 13:03:38 | 000,035,888 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\MBSWinHIDPlugin15968.dll MOD - [2010/03/25 13:03:38 | 000,034,864 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\MBSSystemInformationPlugin15968.dll MOD - [2010/03/25 13:03:38 | 000,031,792 | ---- | M] () -- C:\Program Files (x86)\ActiHealth\ape Libs\MBSRegistrationPlugin15968.dll MOD - [2009/08/03 10:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009/06/12 17:37:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll MOD - [2009/06/12 17:37:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll MOD - [2007/01/30 02:08:40 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ========== Services (SafeList) ========== SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service) SRV - [2013/01/19 08:19:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/11/14 14:13:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/08/26 06:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/01 00:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/11 00:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/09/25 17:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/09/23 03:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/06/17 06:19:14 | 000,015,208 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2009/06/10 14:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/02/15 18:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV:64bit: - [2007/01/23 15:47:00 | 000,051,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2007/01/23 15:47:00 | 000,048,912 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2012/08/26 06:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007/02/15 18:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? } IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...5v155k4861r213 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx...5v155k4861r213 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACGW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...5v155k4861r213 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ACGW_enUS365US365 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{7C6741B0-2FFE-496D-A789-FF96C4EFD45F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/?search={searchTerms}&loc=IM3DJUN09IESB IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgames player.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Cajun Castle\Desktop\npAmazonMP3DownloaderPlugin101772.d ll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2013/01/24 07:09:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2013/01/24 07:09:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 15:56:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/24 07:09:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/24 07:09:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/22 15:56:44 | 000,000,000 | ---D | M] [2010/02/04 08:58:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Extensions [2012/12/17 10:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\ho g9nz91.default\extensions [2010/02/25 10:05:00 | 000,000,000 | ---D | M] (eMusic Toolbar) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\ho g9nz91.default\extensions\{9ee802e8-c931-47ab-b570-aa8f791598ca} [2013/01/16 12:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\xp e5sh5i.default\extensions [2012/10/09 08:21:14 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\xp e5sh5i.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013/01/14 11:10:31 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\xp e5sh5i.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011/04/15 13:27:45 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\xp e5sh5i.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} [2012/12/18 19:17:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\xp e5sh5i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010/11/13 11:17:19 | 000,000,000 | ---D | M] (RetailMeNot) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\xp e5sh5i.default\extensions\enquiries@retailmenot.co m [2012/05/23 08:11:04 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\xp e5sh5i.default\extensions\en-US@dictionaries.addons.mozilla.org [2010/06/01 07:48:51 | 000,000,000 | ---D | M] (Bejeweled) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\xp e5sh5i.default\extensions\jewel@ledrug.theme [2010/02/15 15:56:07 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\xp e5sh5i.default\extensions\moveplayer@movenetworks. com [2010/07/14 07:00:04 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\xp e5sh5i.default\extensions\support@ancestry.com [2010/02/16 01:48:12 | 000,000,000 | ---D | M] ("Glazoom (anciennement Zoom It!)") -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\xp e5sh5i.default\extensions\zoomit@disruptive-innovations.com [2010/06/01 07:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\Firefox\Profiles\xp e5sh5i.default\extensions\jewel@ledrug.theme\mozap ps\extensions [2012/12/09 13:02:02 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\firefox\profiles\xp e5sh5i.default\extensions\autofillForms@blueimp.ne t.xpi [2012/09/08 11:50:50 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\firefox\profiles\xp e5sh5i.default\extensions\nosquint@urandom.ca.xpi [2012/08/26 22:32:30 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\firefox\profiles\xp e5sh5i.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2013/01/14 11:10:31 | 000,516,839 | ---- | M] () (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\firefox\profiles\xp e5sh5i.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2012/05/23 08:11:03 | 000,081,104 | ---- | M] () (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\firefox\profiles\xp e5sh5i.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi [2013/01/01 12:37:11 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\firefox\profiles\xp e5sh5i.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2012/11/28 15:28:15 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\firefox\profiles\xp e5sh5i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/06/02 12:23:15 | 000,210,366 | ---- | M] () (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\firefox\profiles\xp e5sh5i.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}.xpi [2013/01/16 12:51:53 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\firefox\profiles\xp e5sh5i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2009/10/17 19:22:06 | 000,001,656 | ---- | M] () (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\firefox\profiles\xp e5sh5i.default\extensions\jewel@ledrug.theme\mozap ps\xpinstall\xpinstallConfirm.css [2009/07/29 21:21:28 | 000,001,423 | ---- | M] () (No name found) -- C:\Users\Cajun Castle\AppData\Roaming\mozilla\firefox\profiles\xp e5sh5i.default\extensions\jewel@ledrug.theme\mozap ps\xpinstall\xpinstallItemGeneric.png [2013/01/19 08:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/01/19 08:19:49 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll [2012/08/28 19:09:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/19 15:38:52 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - Extension: Entanglement = C:\Users\Cajun Castle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchp hgkefd\2.4.6_0\ CHR - Extension: Poppit = C:\Users\Cajun Castle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopgl ifcfmi\2.2_0\ O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI) O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - Startup: C:\Users\Cajun Castle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Network Client.lnk = C:\Program Files (x86)\ActiHealth\AHClient.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{469D5299-D589-4F20-9BF5-927B08E7317F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{F7156E44-546D-47FE-8D9A-CC2C2FD80066}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d5b87cbb-119c-11df-ad3f-90fba62b5d1a}\Shell - "" = AutoRun O33 - MountPoints2\{d5b87cbb-119c-11df-ad3f-90fba62b5d1a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]
|
|
#4
February 3rd, 2013, 07:48 PM
|
||||
|
||||
|
========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/02/03 12:24:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Cajun Castle\Desktop\OTL.exe [2013/02/02 21:25:35 | 000,000,000 | ---D | C] -- C:\Users\Cajun Castle\AppData\Roaming\HPAppData [2013/02/02 19:05:56 | 000,000,000 | ---D | C] -- C:\Users\Cajun Castle\AppData\Roaming\Malwarebytes [2013/02/02 19:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/02 19:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/02 19:05:51 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/02/02 19:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/02 19:05:37 | 000,000,000 | ---D | C] -- C:\Users\Cajun Castle\AppData\Local\Programs [2013/02/02 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013/02/02 19:03:48 | 000,000,000 | ---D | C] -- C:\Users\Cajun Castle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013/01/24 07:40:55 | 000,000,000 | ---D | C] -- C:\Users\Cajun Castle\Desktop\Waddell and Reed [2013/01/24 07:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2013/01/24 07:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/01/24 07:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/01/24 07:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/01/24 07:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/01/24 07:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/01/24 07:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013/01/24 07:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013/01/23 08:16:57 | 000,000,000 | ---D | C] -- C:\Users\Cajun Castle\Desktop\HealthPort2_files [2013/01/23 08:12:34 | 000,000,000 | ---D | C] -- C:\Users\Cajun Castle\Desktop\HealthPort_files [2013/01/19 08:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/05 13:25:31 | 000,000,000 | ---D | C] -- C:\Users\Cajun Castle\Documents\Amazon MP3 [2013/01/05 13:24:33 | 000,000,000 | ---D | C] -- C:\Users\Cajun Castle\Desktop\translations [2013/01/05 13:11:07 | 000,000,000 | ---D | C] -- C:\Users\Cajun Castle\AppData\Roaming\com.amazon.music.uploader [2013/01/05 13:11:03 | 000,000,000 | ---D | C] -- C:\Users\Cajun Castle\Documents\Amazon Music Importer [2010/03/23 12:27:39 | 005,025,995 | ---- | C] (Turbo Tax ) -- C:\Users\Cajun Castle\AuditSupportCenter_Installer.exe [2009/11/11 05:21:10 | 032,931,656 | ---- | C] (eBay Inc. ) -- C:\Users\Cajun Castle\setupUS.exe [2009/07/19 23:12:56 | 002,142,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Cajun Castle\flashplayer_10_plugin_debug.exe [2009/05/14 21:18:27 | 001,222,128 | ---- | C] (McAfee, Inc.) -- C:\Users\Cajun Castle\DMSetup-Serial.exe ========== Files - Modified Within 30 Days ========== [2013/02/03 12:26:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/03 12:26:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/03 12:24:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cajun Castle\Desktop\OTL.exe [2013/02/03 12:10:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/02 21:23:28 | 000,622,355 | ---- | M] () -- C:\Users\Cajun Castle\Desktop\taxReturn.pdf [2013/02/02 21:21:56 | 000,825,345 | ---- | M] () -- C:\Users\Cajun Castle\Desktop\taxReturn.tax2012 [2013/02/02 19:20:43 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/02 19:20:43 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/02 19:20:43 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/02 19:16:57 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/02 19:16:55 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job [2013/02/02 19:16:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/02 19:16:07 | 429,203,455 | -HS- | M] () -- C:\hiberfil.sys [2013/02/02 19:05:52 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/02/02 19:03:48 | 000,003,007 | ---- | M] () -- C:\Users\Cajun Castle\Desktop\HiJackThis.lnk [2013/01/31 10:24:10 | 001,432,557 | ---- | M] () -- C:\Users\Cajun Castle\Desktop\BECCAaccident report.pdf [2013/01/30 19:11:32 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/24 07:11:50 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/01/24 07:09:52 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/01/24 07:09:18 | 000,002,515 | ---- | M] () -- C:\Users\Cajun Castle\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2013/01/24 07:09:18 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2013/01/23 08:16:58 | 000,006,473 | ---- | M] () -- C:\Users\Cajun Castle\Desktop\HealthPort2.htm [2013/01/23 08:12:35 | 000,006,466 | ---- | M] () -- C:\Users\Cajun Castle\Desktop\HealthPort.htm [2013/01/23 05:14:00 | 000,107,083 | ---- | M] () -- C:\Users\Cajun Castle\Desktop\securedoc_20130122T220335.html [2013/01/23 04:57:25 | 000,002,051 | ---- | M] () -- C:\Users\Cajun Castle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/01/16 12:42:03 | 000,570,403 | ---- | M] () -- C:\Users\Cajun Castle\Desktop\waddill0001.pdf [2013/01/14 11:10:06 | 000,002,286 | ---- | M] () -- C:\Users\Cajun Castle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/10 03:23:46 | 000,430,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/06 11:23:40 | 000,318,377 | ---- | M] () -- C:\Users\Cajun Castle\Desktop\lolita.jpg.png [2013/01/06 08:41:28 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2013/01/05 13:44:07 | 000,008,384 | -HS- | M] () -- C:\Users\Cajun Castle\Folder.jpg [2013/01/05 13:44:07 | 000,008,384 | -HS- | M] () -- C:\Users\Cajun Castle\AlbumArt_{458434C8-DD85-4C37-8B4E-CC9A28EFC7C4}_Large.jpg [2013/01/05 13:44:07 | 000,002,283 | -HS- | M] () -- C:\Users\Cajun Castle\AlbumArtSmall.jpg [2013/01/05 13:44:07 | 000,002,283 | -HS- | M] () -- C:\Users\Cajun Castle\AlbumArt_{458434C8-DD85-4C37-8B4E-CC9A28EFC7C4}_Small.jpg [2013/01/05 13:24:34 | 000,001,616 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk [2013/01/05 13:24:34 | 000,000,146 | ---- | M] () -- C:\Users\Cajun Castle\Desktop\Amazon Cloud Player.url [2013/01/05 13:24:33 | 000,077,202 | ---- | M] () -- C:\Users\Cajun Castle\Desktop\Uninstall.exe [2013/01/05 13:11:02 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Music Importer.lnk ========== Files Created - No Company Name ========== [2013/02/02 21:21:56 | 000,825,345 | ---- | C] () -- C:\Users\Cajun Castle\Desktop\taxReturn.tax2012 [2013/02/02 21:18:19 | 000,622,355 | ---- | C] () -- C:\Users\Cajun Castle\Desktop\taxReturn.pdf [2013/02/02 19:05:52 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/02/02 19:03:48 | 000,003,007 | ---- | C] () -- C:\Users\Cajun Castle\Desktop\HiJackThis.lnk [2013/01/31 10:24:10 | 001,432,557 | ---- | C] () -- C:\Users\Cajun Castle\Desktop\BECCAaccident report.pdf [2013/01/24 07:11:50 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/01/24 07:09:52 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013/01/23 08:16:57 | 000,006,473 | ---- | C] () -- C:\Users\Cajun Castle\Desktop\HealthPort2.htm [2013/01/23 08:12:34 | 000,006,466 | ---- | C] () -- C:\Users\Cajun Castle\Desktop\HealthPort.htm [2013/01/23 05:14:00 | 000,107,083 | ---- | C] () -- C:\Users\Cajun Castle\Desktop\securedoc_20130122T220335.html [2013/01/16 12:42:00 | 000,570,403 | ---- | C] () -- C:\Users\Cajun Castle\Desktop\waddill0001.pdf [2013/01/06 11:23:40 | 000,318,377 | ---- | C] () -- C:\Users\Cajun Castle\Desktop\lolita.jpg.png [2013/01/05 13:44:07 | 000,008,384 | -HS- | C] () -- C:\Users\Cajun Castle\Folder.jpg [2013/01/05 13:44:07 | 000,008,384 | -HS- | C] () -- C:\Users\Cajun Castle\AlbumArt_{458434C8-DD85-4C37-8B4E-CC9A28EFC7C4}_Large.jpg [2013/01/05 13:44:07 | 000,002,283 | -HS- | C] () -- C:\Users\Cajun Castle\AlbumArtSmall.jpg [2013/01/05 13:44:07 | 000,002,283 | -HS- | C] () -- C:\Users\Cajun Castle\AlbumArt_{458434C8-DD85-4C37-8B4E-CC9A28EFC7C4}_Small.jpg [2013/01/05 13:24:34 | 000,000,146 | ---- | C] () -- C:\Users\Cajun Castle\Desktop\Amazon Cloud Player.url [2013/01/05 13:24:33 | 000,077,202 | ---- | C] () -- C:\Users\Cajun Castle\Desktop\Uninstall.exe [2013/01/05 13:11:02 | 000,001,239 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Music Importer.lnk [2013/01/05 13:11:02 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Music Importer.lnk [2012/02/19 07:31:58 | 000,192,808 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011/10/31 18:30:56 | 001,020,821 | ---- | C] () -- C:\Users\Cajun Castle\2011-2012 616.PNG [2011/08/04 20:42:10 | 000,003,584 | ---- | C] () -- C:\Users\Cajun Castle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/27 17:38:22 | 000,026,624 | -H-- | C] () -- C:\Users\Cajun Castle\photothumb.db [2010/05/26 14:02:31 | 001,324,722 | ---- | C] () -- C:\Users\Cajun Castle\color rings.jpg [2010/05/25 12:28:36 | 000,656,508 | ---- | C] () -- C:\Users\Cajun Castle\LDR0001.pdf [2010/05/25 12:24:41 | 001,583,885 | ---- | C] () -- C:\Users\Cajun Castle\LDR0002.pdf [2010/05/04 21:21:49 | 000,092,857 | ---- | C] () -- C:\Users\Cajun Castle\2009.pdf [2010/04/23 03:33:29 | 000,109,971 | ---- | C] () -- C:\Users\Cajun Castle\doc.jpg [2010/04/22 19:04:30 | 000,001,058 | ---- | C] () -- C:\Users\Cajun Castle\AVATAR Interactive Desktop.lnk [2010/03/31 01:38:56 | 000,081,769 | ---- | C] () -- C:\Users\Cajun Castle\expediaMarilyn.htm [2010/03/30 14:26:00 | 000,001,957 | ---- | C] () -- C:\Users\Cajun Castle\straighttalk.rtf [2010/03/16 16:06:29 | 000,699,862 | ---- | C] () -- C:\Users\Cajun Castle\usfidelisscan0001.pdf [2010/02/20 07:06:09 | 000,001,866 | ---- | C] () -- C:\Users\Cajun Castle\McAfee Security Scan Plus.lnk [2010/02/19 17:25:00 | 000,006,786 | ---- | C] () -- C:\Users\Cajun Castle\sv_arcade_1.dat [2010/02/15 19:18:44 | 000,002,679 | ---- | C] () -- C:\Users\Cajun Castle\Microsoft Office Groove 2007.lnk [2010/02/15 06:09:00 | 002,513,275 | ---- | C] () -- C:\Users\Cajun Castle\pre-interstate_map_of_us_routes_and_highways_1955.jpg [2010/02/13 15:06:45 | 000,001,006 | ---- | C] () -- C:\Users\Cajun Castle\AppData\Roaming\wklnhst.dat [2010/02/10 19:34:27 | 003,710,825 | ---- | C] () -- C:\Users\Cajun Castle\01 Dreams.wma [2010/02/06 07:46:22 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2010/02/05 00:15:06 | 000,000,143 | ---- | C] () -- C:\Users\Cajun Castle\More Games at GameHouse.com.url [2010/02/02 11:18:08 | 006,686,094 | ---- | C] () -- C:\Users\Cajun Castle\U3update.exe [2010/01/28 18:25:32 | 000,002,842 | ---- | C] () -- C:\Users\Cajun Castle\My IncrediMail Premium.html [2009/12/09 12:40:54 | 000,008,815 | ---- | C] () -- C:\Users\Cajun Castle\winniethepooh.jpg [2008/01/29 16:04:06 | 000,590,037 | ---- | C] () -- C:\Users\Cajun Castle\Interestingtoseeifyousendthisback1 2.pdf ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 19:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010/10/08 03:14:10 | 000,000,000 | ---D | M] -- C:\Users\Cajun Castle\AppData\Roaming\ActiHealth [2011/04/16 12:19:58 | 000,000,000 | ---D | M] -- C:\Users\Cajun Castle\AppData\Roaming\Amazon [2013/01/05 13:11:07 | 000,000,000 | ---D | M] -- C:\Users\Cajun Castle\AppData\Roaming\com.amazon.music.uploader [2010/04/22 19:04:31 | 000,000,000 | ---D | M] -- C:\Users\Cajun Castle\AppData\Roaming\com.oskoui-oskoui.avatar [2010/02/25 10:05:00 | 000,000,000 | ---D | M] -- C:\Users\Cajun Castle\AppData\Roaming\eMusic [2010/02/03 10:04:47 | 000,000,000 | ---D | M] -- C:\Users\Cajun Castle\AppData\Roaming\GetRightToGo [2012/05/15 17:59:23 | 000,000,000 | ---D | M] -- C:\Users\Cajun Castle\AppData\Roaming\PhotoScape [2010/02/13 15:06:47 | 000,000,000 | ---D | M] -- C:\Users\Cajun Castle\AppData\Roaming\Template ========== Purity Check ==========< End of report >
|
|
#5
February 3rd, 2013, 07:48 PM
|
||||
|
||||
|
OTL Extras logfile created on: 2/3/2013 12:25:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cajun Castle\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.87 Gb Total Physical Memory | 3.98 Gb Available Physical Memory | 67.92% Memory free 11.73 Gb Paging File | 9.65 Gb Available in Paging File | 82.26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 919.41 Gb Total Space | 756.95 Gb Free Space | 82.33% Space Free | Partition Type: NTFS Computer Name: CAJUNCASTLE-PC | User Name: Cajun Castle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{01B7578B-28E3-491B-88E6-F9ECA90F2C0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{12525070-6E77-464A-918E-46577C507F19}" = lport=138 | protocol=17 | dir=in | app=system | "{15DC2C8B-03B4-4E40-BD61-E26D045255E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{28178BE1-FF4C-4BEF-ADBB-C2F6C843ECD3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{32EBF5DF-E3C5-4687-9C2E-066BE264C819}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{35AD6768-8FEF-4E1E-BAE4-96AD19D0747B}" = lport=2869 | protocol=6 | dir=in | app=system | "{366EA600-4FDC-40C8-8F23-C0B89702DC62}" = lport=139 | protocol=6 | dir=in | app=system | "{3BA788CC-723F-4C74-913A-314A918EFF7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{53234EDB-2B1D-492A-BD22-ACC5039F4B10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5898B0C8-4F48-4081-AC4F-C849A1CC65D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{68887B14-C6F0-4FF0-AFDB-EA980B55E53B}" = rport=445 | protocol=6 | dir=out | app=system | "{7B31BFF2-C4AA-4782-9E83-D2CCD34DB9FE}" = lport=137 | protocol=17 | dir=in | app=system | "{7FBB668F-C339-4A32-A059-A3BCE7EDB3DD}" = rport=138 | protocol=17 | dir=out | app=system | "{8126F3FA-3A82-4030-B5D2-805FB43EFA36}" = lport=2869 | protocol=6 | dir=in | app=system | "{96B2F53C-06E1-4ACB-9E28-EA93F2C31F9E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A17F4759-8B56-445E-8617-53F410D6ACFC}" = lport=445 | protocol=6 | dir=in | app=system | "{A7F3161C-05CD-4001-9952-48AFF7F9DFF3}" = rport=137 | protocol=17 | dir=out | app=system | "{B8114675-5C15-42CB-93DF-5B0BCD699749}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B9917A1B-FB03-486A-A526-DF372052AC19}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CAB84D3B-F786-4B5C-BF37-F8F627655787}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D3B1ADA1-3499-488F-A4A8-0D911E6A5886}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E1865FC8-A616-4A1F-ABBE-E0BC1047CAF9}" = rport=139 | protocol=6 | dir=out | app=system | "{EA0B3C70-3FD8-4A32-9AC5-58AB7E1885C9}" = rport=10243 | protocol=6 | dir=out | app=system | "{ED836C8E-93A2-4302-84F8-570489E438E1}" = lport=10243 | protocol=6 | dir=in | app=system | "{EE5BCED2-73EF-49AA-BAB6-BA445A854CAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F2B60C5A-2316-4CBD-ADAE-55457BCFE6F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{04954853-DE60-4473-8B71-063695A48EB4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{04D8117E-52B4-4321-A0BC-19B06B4E10B7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{0CED59B3-E6AC-4503-9BA4-BBB08426F351}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0EF03FC1-6D3E-426C-BA33-0A8B8ED3A5B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{1112030C-8650-4314-A1FF-F087A63250D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{1544701B-B94A-450F-BCEB-5C600E52180D}" = dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{157FA9B8-8885-40D7-9AA6-FC38E3758E23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{17BB661B-B487-460D-AD6A-6FAF1794A779}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{1DFBB8D1-ED1A-41A3-9FBE-9723C50B0AEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1E2BB839-03FE-4F2A-896C-DBEB2F7C9E3D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{213E2D1C-CF19-441E-9CF4-AA3ACC3E547A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{3037E3A9-1AD2-467E-B6CC-2E879F18DD85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{30B8785E-492C-4952-B384-2E6031F2DD81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{342F63E4-F970-4F8E-BB22-EF5FDCE0EA15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{3581A56B-B444-42A4-9626-485692AD7E2A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{36D2FD16-D27A-43E0-A114-50CF5659A3C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{3AA8B915-C853-4A86-81B2-844B655E4B91}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{40430ECD-58E8-4A0F-B37B-19E87F97658F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{40A43F21-6299-4EDD-9D87-DF40DCD0C7AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{40E818AF-D590-4B18-AE0E-39675544D44D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{45854FF4-EF30-4190-A63A-0B9B25F1DA86}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{45C750D4-FB66-4409-BF47-099480ECAAA3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{4C7CE10E-AA94-4750-8274-791B5F94E0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4CAA9B90-2441-4E07-A9C1-02998DBF5FB6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{50AF3F87-B342-4452-9403-2E2798EBFF05}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{512A71F2-FDF0-49EB-81DB-FCC8E9D88B47}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5B78B8FF-17A1-43CF-910A-1B6CE4147BCE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{605CFF1B-D899-437F-A251-8F0EFCB622B9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{63A10F8F-B89A-4533-9924-273EE0B4F9B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{648296C9-8FB1-4393-9921-B457F277B34C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{65E90690-887C-4BF9-9B22-9D0DC2E81935}" = protocol=6 | dir=out | app=system | "{66FECCFA-DB39-4BB5-8F29-AE1FE9D1E341}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{67357B25-8CEF-4A10-9FC4-5C5A0BD04D93}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6CB1181C-94C7-4A10-8865-0A593429C1C1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{7243919D-6A84-4643-ABED-7B60F870453E}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{7C474681-DB07-4968-9794-A0F05022B680}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8134465B-65D3-42E5-A1B4-E16D17EEDF03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8A6EA2C9-E70E-45F3-BDB8-272D24417C24}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{8B7D1885-71A8-4248-979E-0B7CB572F5DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{926BF340-C064-4A37-9468-EC465F260E1F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{92DB6C57-18B5-4650-AE94-BAA8C63C55C0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{A1F7EF25-F7E0-43C8-AE0E-227A8A81C4E7}" = protocol=6 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{A2C6851C-90C1-499A-81DD-3EFE1892801F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{AC3FF766-ECF6-4D43-8F6C-DBC1631D85AA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{AE5AEBDA-9FAE-401F-90FD-9B372AE7F838}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B0B8E031-0A58-42E0-BBF6-BE5A2A9B3280}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B2666334-4A24-47CD-864A-5AA019391310}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B2D78549-EA1E-4D80-B782-C941A3001789}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B4B1DFC2-0EAE-4D98-B415-0F56CFEC0134}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{B7E43697-C272-43B3-9379-62AE531320EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B8B47EC8-6404-4C4A-967B-AC82DD6CCEDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{B8C12575-1AB6-4560-B274-530CA1402F2E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{BACA97C9-6429-4AC6-981D-2E169672E766}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{BD616B8D-FCD5-48C7-82A5-160D4B9ED07B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{BF0EB457-6D64-4E10-8223-5B85E7E687D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CCF6A62F-BBBA-4956-86B6-E7985D432C66}" = protocol=17 | dir=in | app=c:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe | "{DF44F5D0-35E3-477B-84AB-A25AA386E0A1}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{E7869E54-4DA7-44F3-8E3C-4BFD81F69C21}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{F294C828-96C0-4D4A-A824-20EFFAA3A138}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{F32EE507-23FD-4A6F-B7AE-793D0FA4E5AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{F347925F-ECB8-47EA-A709-6A3D89A81412}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{FC631064-E1DC-4116-AE48-1E0D98A84038}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FF67A510-5D49-4A9B-865C-765533306154}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "TCP Query User{13C5CF16-535A-42E0-86FF-5B9B35F495B9}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe | "UDP Query User{C5990585-A744-4D94-9889-2DDD9AEC7E46}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{293FE8CE-376E-4F5E-B129-D3A2065F2EA7}" = Amazon Cloud Drive "{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{4037A2B9-A976-4538-8B08-A0D95B637F35}" = C5100 "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{98823CC0-51DA-565C-FF90-DCC72D47BD24}" = Amazon Music Importer "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help "{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17 "am-bejeweled2deluxe" = Bejeweled 2 Deluxe "amg-supercollapse3" = Super Collapse! 3 "am-luxor" = Luxor "am-luxor2" = Luxor 2 "am-luxor3" = Luxor 3 "am-mahjongescapetmancientchina" = Mahjong Escape(TM) - Ancient China "am-rainbowweb2" = Rainbow Web 2 "am-shapeshifter" = Shape Shifter "am-supercollapseii" = Super Collapse! II "am-supertexttwist" = Super TextTwist "am-yahtzeedownloadedition" = Yahtzee Download Edition "AnyDVD" = AnyDVD "AudibleManager" = AudibleManager "Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor "Best Buy Software Installer" = Best Buy Software Installer "CloneCD" = CloneCD "CloneDVD2" = CloneDVD2 "com.amazon.music.uploader" = Amazon Music Importer "eMusic Download Manager" = eMusic Download Manager 4.1.4 "ENTERPRISER" = Microsoft Office Enterprise 2007 "Gateway InfoCentre" = Gateway InfoCentre "Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10 "Gateway Registration" = Gateway Registration "Gateway Screensaver" = Gateway ScreenSaver "Gateway Welcome Center" = Welcome Center "Google Chrome" = Google Chrome "Identity Card" = Identity Card "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Picasa 3" = Picasa 3 "Secunia PSI" = Secunia PSI "The Master Genealogist (for Cajun Castle)" = The Master Genealogist (for Cajun Castle) "Web Games Player Plugin" = Web Games Player Plugin "WinLiveSuite_Wave3" = Windows Live Essentials "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/30/2013 2:30:19 AM | Computer Name = CajunCastle-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 1/30/2013 2:30:19 AM | Computer Name = CajunCastle-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 1/30/2013 2:30:19 AM | Computer Name = CajunCastle-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 2/2/2013 10:51:23 PM | Computer Name = CajunCastle-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32", version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",ve rsion="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 2/2/2013 10:51:36 PM | Computer Name = CajunCastle-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 2/2/2013 10:51:36 PM | Computer Name = CajunCastle-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 2/2/2013 10:51:36 PM | Computer Name = CajunCastle-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 2/2/2013 10:51:36 PM | Computer Name = CajunCastle-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 2/2/2013 11:19:26 PM | Computer Name = CajunCastle-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 2/2/2013 11:19:26 PM | Computer Name = CajunCastle-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32", version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. [ System Events ] Error - 1/24/2013 11:19:12 AM | Computer Name = CajunCastle-PC | Source = DCOM | ID = 10010 Description = Error - 1/25/2013 2:15:37 PM | Computer Name = CajunCastle-PC | Source = DCOM | ID = 10016 Description = Error - 1/25/2013 2:15:38 PM | Computer Name = CajunCastle-PC | Source = DCOM | ID = 10016 Description = Error - 1/25/2013 2:16:17 PM | Computer Name = CajunCastle-PC | Source = DCOM | ID = 10016 Description = Error - 1/27/2013 3:00:07 AM | Computer Name = CajunCastle-PC | Source = DCOM | ID = 10016 Description = Error - 1/27/2013 3:00:07 AM | Computer Name = CajunCastle-PC | Source = DCOM | ID = 10016 Description = Error - 1/27/2013 3:00:07 AM | Computer Name = CajunCastle-PC | Source = DCOM | ID = 10016 Description = Error - 1/27/2013 3:00:07 AM | Computer Name = CajunCastle-PC | Source = DCOM | ID = 10016 Description = Error - 1/27/2013 3:00:07 AM | Computer Name = CajunCastle-PC | Source = DCOM | ID = 10016 Description = Error - 1/31/2013 12:20:55 PM | Computer Name = CajunCastle-PC | Source = DCOM | ID = 10016 Description = < End of report >
|
|
#6
February 3rd, 2013, 07:50 PM
|
||||
|
||||
|
The browser I use is Firefox 18.0.1 I tried using Internet Explorer, with exactly the same problems. So, it appears not to be a Firefox issue.
|
|
#8
February 4th, 2013, 04:53 PM
|
||||
|
||||
|
sorry, I forgot.
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-04 09:50:44 ----------------------------- 09:50:44.937 OS Version: Windows x64 6.1.7600 09:50:44.937 Number of processors: 4 586 0x2502 09:50:44.937 ComputerName: CAJUNCASTLE-PC UserName: Cajun Castle 09:50:46.825 Initialize success 09:51:06.310 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 09:51:06.325 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3 09:51:06.325 Disk 0 MBR read successfully 09:51:06.341 Disk 0 MBR scan 09:51:06.341 Disk 0 unknown MBR code 09:51:06.341 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048 09:51:06.356 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872 09:51:06.372 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941479 MB offset 25372672 09:51:06.403 Disk 0 scanning C:\Windows\system32\drivers 09:51:10.756 Service scanning 09:51:20.974 Modules scanning 09:51:20.974 Disk 0 trace - called modules: 09:51:20.989 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 09:51:21.005 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f9060] 09:51:21.005 3 CLASSPNP.SYS[fffff880015cb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062ce050] 09:51:21.020 Scan finished successfully 09:51:47.494 Disk 0 MBR has been saved successfully to "C:\Users\Cajun Castle\Desktop\MBR.dat" 09:51:47.509 The log file has been saved successfully to "C:\Users\Cajun Castle\Desktop\aswMBR.txt"
|
|
#9
February 4th, 2013, 05:42 PM
|
||||
|
||||
|
Next, download ComboFix Save to the Desktop
|
|
#10
February 5th, 2013, 05:54 PM
|
||||
|
||||
|
ComboFix 13-02-03.03 - Cajun Castle 02/04/2013 20:09:13.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6007.4023 [GMT -6:00] Running from: c:\users\Cajun Castle\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 ))))))))))))))))))))))))))))))) . . 2013-02-05 02:12 . 2013-02-05 02:12 -------- d-----w- c:\users\Mellisa Haley\AppData\Local\temp 2013-02-05 02:12 . 2013-02-05 02:12 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-02-05 02:12 . 2013-02-05 02:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-05 02:12 . 2013-02-05 02:12 -------- d-----w- c:\users\Brad\AppData\Local\temp 2013-02-05 02:12 . 2013-02-05 02:12 -------- d-----w- c:\users\Becca Dupuis\AppData\Local\temp 2013-02-05 02:12 . 2013-02-05 02:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-02-03 03:27 . 2013-02-03 03:27 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18EC77DE-8839-4D7B-8DD8-C723F0128E9C}\offreg.dll 2013-02-03 03:25 . 2013-02-03 03:25 -------- d-----w- c:\users\Cajun Castle\AppData\Roaming\HPAppData 2013-02-03 01:05 . 2013-02-03 01:05 -------- d-----w- c:\users\Cajun Castle\AppData\Roaming\Malwarebytes 2013-02-03 01:05 . 2013-02-03 01:05 -------- d-----w- c:\programdata\Malwarebytes 2013-02-03 01:05 . 2013-02-03 01:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-02-03 01:05 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-03 01:05 . 2013-02-03 01:05 -------- d-----w- c:\users\Cajun Castle\AppData\Local\Programs 2013-02-03 01:03 . 2013-02-03 01:03 388096 ----a-r- c:\users\Cajun Castle\AppData\Roaming\Microsoft\Installer\{45A667 26-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-02-03 01:03 . 2013-02-03 01:03 -------- d-----w- c:\program files (x86)\Trend Micro 2013-02-02 02:32 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18EC77DE-8839-4D7B-8DD8-C723F0128E9C}\mpengine.dll 2013-01-24 13:11 . 2013-01-24 13:11 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-01-24 13:11 . 2013-01-24 13:11 -------- d-----w- c:\program files\iTunes 2013-01-24 13:11 . 2013-01-24 13:11 -------- d-----w- c:\program files (x86)\iTunes 2013-01-24 13:11 . 2013-01-24 13:11 -------- d-----w- c:\program files\iPod 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2013-01-24 13:09 . 2013-01-24 13:09 -------- d-----w- c:\program files (x86)\QuickTime 2013-01-09 19:10 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 19:10 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 19:10 . 2012-11-02 05:30 2001408 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 19:10 . 2012-11-02 05:30 1880064 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 19:10 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 19:10 . 2012-11-02 04:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 19:10 . 2012-11-22 10:32 801280 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 19:10 . 2012-11-22 09:33 627712 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 19:10 . 2012-11-20 05:55 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 19:10 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2013-01-17 07:28 . 2010-02-03 13:41 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-10 09:01 . 2010-04-20 10:42 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-05 18:57 . 2013-01-05 18:57 664448 ----a-r- c:\users\Becca Dupuis\AppData\Roaming\Microsoft\Installer\{293FE8 CE-376E-4F5E-B129-D3A2065F2EA7}\Icon.exe 2012-12-16 16:52 . 2012-12-22 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:40 . 2012-12-22 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-22 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:25 . 2012-12-22 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-11-30 04:56 . 2013-01-09 19:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-13 09:01 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 09:01 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 09:01 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 09:01 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 09:01 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 09:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 09:01 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 09:01 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 09:01 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 09:01 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 09:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 09:01 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 09:01 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 09:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 09:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 09:01 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 09:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 09:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 09:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 09:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 09:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 09:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:34 . 2012-12-13 03:31 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:49 . 2012-12-13 03:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-08-29 6315680] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-08-03 498160] "CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-11-14 1884064] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\Brad\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\ Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-28 1132984] . c:\users\Cajun Castle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Network Client.lnk - c:\program files (x86)\ActiHealth\AHClient.exe [2010-10-8 5578224] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-13 1019904] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-28 1132984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2012-12-14 24176] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 15208] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [2009-07-09 55280] S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160] S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-25 233984] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 01:10 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Insta ller\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 13:59] . 2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 13:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 134416] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.ex e" [2010-08-26 415256] . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uLocal Page = c:\windows\system32\blank.htm uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p031 5v155k4861r213 mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p031 5v155k4861r213 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: secunia.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Cajun Castle\AppData\Roaming\Mozilla\Firefox\Profiles\xp e5sh5i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - ExtSQL: !HIDDEN! 2010-02-22 16:03; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1451849399-368517075-4041329832-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Favorite Movies] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1451849399-368517075-4041329832-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Recent Movies] @DACL=(02 0000) "msg0001"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0001.WAV" "msg0001-1"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0001-1.WAV" "msg0002"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0002.WAV" "msg0002-1"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0002-1.WAV" "msg0003"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0003.WAV" "msg0003-1"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0003-1.WAV" "msg0004"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0004.WAV" "msg0004-1"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0004-1.WAV" "msg0005"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0005.WAV" "std_564964299f9979558a68d66da7070e0f_8"="1,c:\\Us ers\\Cajun Castle\\Documents\\Downloads\\Music\\std_564964299 f9979558a68d66da7070e0f_8.mp3" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-04 20:13:38 ComboFix-quarantined-files.txt 2013-02-05 02:13 ComboFix2.txt 2013-02-04 21:14 . Pre-Run: 818,855,583,744 bytes free Post-Run: 818,539,802,624 bytes free . - - End Of File - - CD6EA191B4933DA13735DCF2F028E564
|
|
#12
February 6th, 2013, 12:47 AM
|
||||
|
||||
|
ComboFix 13-02-03.03 - Cajun Castle 02/04/2013 15:08:19.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6007.4263 [GMT -6:00] Running from: c:\users\Cajun Castle\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\drvrtmp c:\users\Cajun Castle\2009.pdf c:\users\Cajun Castle\WINDOWS . . ((((((((((((((((((((((((( Files Created from 2013-01-04 to 2013-02-04 ))))))))))))))))))))))))))))))) . . 2013-02-04 21:12 . 2013-02-04 21:12 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-02-04 21:12 . 2013-02-04 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-04 21:12 . 2013-02-04 21:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-02-04 21:12 . 2013-02-04 21:12 -------- d-----w- c:\users\Brad\AppData\Local\temp 2013-02-04 21:12 . 2013-02-04 21:12 -------- d-----w- c:\users\Becca Dupuis\AppData\Local\temp 2013-02-03 03:27 . 2013-02-03 03:27 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18EC77DE-8839-4D7B-8DD8-C723F0128E9C}\offreg.dll 2013-02-03 03:25 . 2013-02-03 03:25 -------- d-----w- c:\users\Cajun Castle\AppData\Roaming\HPAppData 2013-02-03 01:05 . 2013-02-03 01:05 -------- d-----w- c:\users\Cajun Castle\AppData\Roaming\Malwarebytes 2013-02-03 01:05 . 2013-02-03 01:05 -------- d-----w- c:\programdata\Malwarebytes 2013-02-03 01:05 . 2013-02-03 01:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-02-03 01:05 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-03 01:05 . 2013-02-03 01:05 -------- d-----w- c:\users\Cajun Castle\AppData\Local\Programs 2013-02-03 01:03 . 2013-02-03 01:03 388096 ----a-r- c:\users\Cajun Castle\AppData\Roaming\Microsoft\Installer\{45A667 26-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-02-03 01:03 . 2013-02-03 01:03 -------- d-----w- c:\program files (x86)\Trend Micro 2013-02-02 02:32 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18EC77DE-8839-4D7B-8DD8-C723F0128E9C}\mpengine.dll 2013-01-24 13:11 . 2013-01-24 13:11 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-01-24 13:11 . 2013-01-24 13:11 -------- d-----w- c:\program files\iTunes 2013-01-24 13:11 . 2013-01-24 13:11 -------- d-----w- c:\program files (x86)\iTunes 2013-01-24 13:11 . 2013-01-24 13:11 -------- d-----w- c:\program files\iPod 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2013-01-24 13:09 . 2013-01-24 13:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2013-01-24 13:09 . 2013-01-24 13:09 -------- d-----w- c:\program files (x86)\QuickTime 2013-01-09 19:10 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 19:10 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-09 19:10 . 2012-11-02 05:30 2001408 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 19:10 . 2012-11-02 05:30 1880064 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 19:10 . 2012-11-02 04:50 1388544 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 19:10 . 2012-11-02 04:50 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 19:10 . 2012-11-22 10:32 801280 ----a-w- c:\windows\system32\usp10.dll 2013-01-09 19:10 . 2012-11-22 09:33 627712 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-09 19:10 . 2012-11-20 05:55 307200 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 19:10 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2013-01-17 07:28 . 2010-02-03 13:41 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-10 09:01 . 2010-04-20 10:42 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-05 18:57 . 2013-01-05 18:57 664448 ----a-r- c:\users\Becca Dupuis\AppData\Roaming\Microsoft\Installer\{293FE8 CE-376E-4F5E-B129-D3A2065F2EA7}\Icon.exe 2012-12-16 16:52 . 2012-12-22 09:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:40 . 2012-12-22 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-22 09:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:25 . 2012-12-22 09:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-11-30 04:56 . 2013-01-09 19:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-11-14 07:06 . 2012-12-13 09:01 17811968 ----a-w- c:\windows\system32\mshtml.dll 2012-11-14 06:32 . 2012-12-13 09:01 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-14 06:11 . 2012-12-13 09:01 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-11-14 06:04 . 2012-12-13 09:01 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-11-14 06:04 . 2012-12-13 09:01 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-11-14 06:02 . 2012-12-13 09:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-14 06:02 . 2012-12-13 09:01 237056 ----a-w- c:\windows\system32\url.dll 2012-11-14 05:59 . 2012-12-13 09:01 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-11-14 05:58 . 2012-12-13 09:01 816640 ----a-w- c:\windows\system32\jscript.dll 2012-11-14 05:57 . 2012-12-13 09:01 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-11-14 05:57 . 2012-12-13 09:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-11-14 05:55 . 2012-12-13 09:01 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-11-14 05:55 . 2012-12-13 09:01 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-11-14 05:53 . 2012-12-13 09:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-11-14 05:52 . 2012-12-13 09:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-14 05:46 . 2012-12-13 09:01 248320 ----a-w- c:\windows\system32\ieui.dll 2012-11-14 02:09 . 2012-12-13 09:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-11-14 01:58 . 2012-12-13 09:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57 . 2012-12-13 09:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-11-14 01:49 . 2012-12-13 09:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48 . 2012-12-13 09:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-11-14 01:44 . 2012-12-13 09:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-11-09 05:34 . 2012-12-13 03:31 2048 ----a-w- c:\windows\system32\tzres.dll 2012-11-09 04:49 . 2012-12-13 03:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-08-29 6315680] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" [2009-07-20 124416] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-08-03 498160] "CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-11-14 1884064] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\users\Brad\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\ Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-28 1132984] . c:\users\Cajun Castle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Network Client.lnk - c:\program files (x86)\ActiHealth\AHClient.exe [2010-10-8 5578224] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-13 1019904] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-28 1132984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2012-12-14 24176] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 15208] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [2009-07-09 55280] S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240] S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160] S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-25 233984] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 01:10 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Insta ller\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 13:59] . 2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-03 13:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 134416] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.ex e" [2010-08-26 415256] . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie uLocal Page = c:\windows\system32\blank.htm uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.yahoo.com mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p031 5v155k4861r213 mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360210p106p031 5v155k4861r213 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: secunia.com TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Cajun Castle\AppData\Roaming\Mozilla\Firefox\Profiles\xp e5sh5i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - ExtSQL: !HIDDEN! 2010-02-22 16:03; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1451849399-368517075-4041329832-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Favorite Movies] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-1451849399-368517075-4041329832-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime\Recent Movies] @DACL=(02 0000) "msg0001"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0001.WAV" "msg0001-1"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0001-1.WAV" "msg0002"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0002.WAV" "msg0002-1"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0002-1.WAV" "msg0003"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0003.WAV" "msg0003-1"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0003-1.WAV" "msg0004"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0004.WAV" "msg0004-1"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0004-1.WAV" "msg0005"="1,c:\\Users\\Cajun Castle\\Local Settings\\Temp\\msg0005.WAV" "std_564964299f9979558a68d66da7070e0f_8"="1,c:\\Us ers\\Cajun Castle\\Documents\\Downloads\\Music\\std_564964299 f9979558a68d66da7070e0f_8.mp3" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-04 15:14:56 ComboFix-quarantined-files.txt 2013-02-04 21:14 . Pre-Run: 813,204,901,888 bytes free Post-Run: 818,773,733,376 bytes free . - - End Of File - - 942281F440A39BF40AA0443A547887A0
|
|
#13
February 6th, 2013, 08:11 AM
|
||||
|
||||
|
Hi,
please update Malwarebytes and run a quick scan, post back with the logfile. Next, disable your antivirus program and close Internet Explorer. Click on your Start Menu and rightclick on the Internet Explorer icon and choose "Run as Administrator". IE will open again. Go here -> http://www.eset.com/onlinescan and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes: Remove found threats Scan unwanted applications Click Start. This scan may take a while, so please be patient. Go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt. Click Edit - Select All then copy/paste that log back here. Also please post back with a fresh OTL logfile and tell me how the system is running.
|
|
#14
February 6th, 2013, 04:29 PM
|
||||
|
||||
|
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org Database version: v2013.02.06.06 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Cajun Castle :: CAJUNCASTLE-PC [administrator] Protection: Disabled 2/6/2013 9:23:07 AM mbam-log-2013-02-06 (09-23-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 334909 Time elapsed: 1 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| WiFi no longer able to connect to secure or public browser. | Mary1970 | Networking | 15 | December 12th, 2010 04:07 AM |
| Cannot load secure websites? | link03783 | Internet / Browsers | 4 | June 7th, 2006 01:27 AM |
| Browser closes when accessing secure sites... | dazza75 | Internet / Browsers | 5 | June 20th, 2005 05:54 PM |
| What's the most secure browser to use? | sweetpea1994 | Malware Removal | 3 | April 9th, 2005 05:26 AM |
| Browser taken over trafficex.org/secure.html | Em-Jay | Internet / Browsers | 1 | April 8th, 2004 01:25 AM |
All times are GMT +1. The time now is 07:52 PM.