Jump to content

Phil Collins

Members
  • Content Count

    7
  • Joined

  • Last visited

About Phil Collins

  • Rank
    New Member

Previous Fields

  • System Specifications:
    Win 7 Home Prem 64 Bit Intel i3/550 3 HD 11TB,1TB,1.5TB 8GB RAM, DVD, NVIDIA GT430
  1. Phil Collins

    My Browser has been HiJacked I hope you can help

    Smooth as glass. Can you tell me what you saw?
  2. Phil Collins

    My Browser has been HiJacked I hope you can help

    Sorry for the delay OTL.Txt fix otl.txt AdwCleanerS1.txt
  3. Phil Collins

    My Browser has been HiJacked I hope you can help

    OTL logfile created on: 10/8/2012 12:53:41 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersphilDesktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.99 Gb Total Physical Memory | 3.89 Gb Available Physical Memory | 48.63% Memory free 15.98 Gb Paging File | 10.99 Gb Available in Paging File | 68.74% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 918.72 Gb Total Space | 169.02 Gb Free Space | 18.40% Space Free | Partition Type: NTFS Drive D: | 902.25 Gb Total Space | 161.60 Gb Free Space | 17.91% Space Free | Partition Type: NTFS Drive H: | 1397.26 Gb Total Space | 687.95 Gb Free Space | 49.24% Space Free | Partition Type: NTFS Drive W: | 7.46 Gb Total Space | 6.98 Gb Free Space | 93.55% Space Free | Partition Type: FAT32 Computer Name: MOOCOW | User Name: phil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:UsersphilDesktopOTL.exe (OldTimer Tools) PRC - C:Program Files (x86)Common FilesSteamSteamService.exe (Valve Corporation) PRC - C:UsersphilAppDataLocalGoogleGoogle Talk Plugingoogletalkplugin.exe (Google) PRC - C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_4_402_278.exe (Adobe Systems, Inc.) PRC - C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation) PRC - C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe (Apple Inc.) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)CarboniteCarbonite BackupCarboniteUI.exe (Carbonite, Inc.) PRC - C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe (Apple Inc.) PRC - C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) PRC - C:Program Files (x86)SteamSteam.exe (Valve Corporation) PRC - C:Program Files (x86)FingerPrintFingerPrintService.exe (Collobos Software) PRC - C:Program Files (x86)PlexPlex Media ServerPlexDlnaServer.exe (Plex, Inc.) PRC - C:Program Files (x86)PlexPlex Media ServerPlexScriptHost.exe () PRC - C:Program Files (x86)PlexPlex Media ServerPlex Media Server.exe (Plex, Inc.) PRC - C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe (Eastman Kodak Company) PRC - C:Program Files (x86)KodakAiOCenterHelper.exe (Eastman Kodak Company) PRC - C:Program Files (x86)KodakAiOCenterAiOHomeCenter.exe (Eastman Kodak Company) PRC - C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe (Eastman Kodak Company) PRC - C:WindowsSysWOW64PnkBstrB.exe () PRC - C:WindowsSysWOW64PnkBstrA.exe () PRC - C:UsersphilAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.) PRC - C:UsersphilAppDataRoamingSpotifyDataSpotifyWebHelper.exe () PRC - C:Program Files (x86)SonyPlayMemories HomePMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe (Sony Corporation) PRC - C:Program Files (x86)AuslogicsAuslogics BoostSpeedBoostSpeed.exe (Auslogics) PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation) PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe (ESET) PRC - C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe () PRC - C:ProgramDataFLEXnetConnect11ISUSPM.exe (Acresso Corporation) PRC - C:Program Files (x86)Common FilesNuancedgnsvc.exe (Nuance Communications, Inc.) PRC - C:Program Files (x86)AudibleBinAudibleDownloadHelper.exe (Audible, Inc.) PRC - C:Program Files (x86)AirPrintairprint.exe (Apple Inc.) PRC - C:Program Files (x86)Common FilesMotiveMcciServiceHost.exe (Alcatel-Lucent) PRC - C:Program Files (x86)eFax Messenger 4.4J2GTray.exe (j2 Global Communications, Inc.) PRC - C:Program Files (x86)eFax Messenger 4.4J2GPBook.exe (j2 Global Communications, Inc.) PRC - C:Program Files (x86)eFax Messenger 4.4J2GDllCmd.exe (j2 Global Communications, Inc.) PRC - C:Program Files (x86)eFax Messenger 4.4J2GPlus.exe (j2 Global Communications, Inc.) PRC - C:Program FilesGatewayGateway UpdaterUpdaterService.exe (Acer Group) PRC - C:OEMUSBDECTIONUSBS3S4Detection.exe () PRC - C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe () PRC - C:Program Files (x86)Common FilesLogiShrdLQCVFXCOCIManager.exe () PRC - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe (Intel Corporation) PRC - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe (Intel Corporation) PRC - C:Program Files (x86)Common FilesLogiShrdLVMVFMLVPrS64H.exe (Logitech Inc.) PRC - C:Program Files (x86)GatewayRegistrationGregHSRW.exe (Acer Incorporated) PRC - C:Program Files (x86)Gateway Photo FrameButtonMonitor.exe (IOI) PRC - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:Program Files (x86)Steambinlibcef.dll () MOD - C:Program Files (x86)Steambinchromehtml.dll () MOD - C:Program Files (x86)Steambinavutil-51.dll () MOD - C:Program Files (x86)Steambinavformat-53.dll () MOD - C:Program Files (x86)Steambinavcodec-53.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79ppgooglenaclpluginchrome.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79PepperFlashpepflashplayer.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79pdf.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79libglesv2.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79libegl.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79avutil-51.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79avformat-54.dll () MOD - C:UsersphilAppDataLocalGoogleChromeApplication22.0.1229.79avcodec-54.dll () MOD - C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_278.dll () MOD - C:Program Files (x86)Mozilla Firefoxmozjs.dll () MOD - C:Program Files (x86)PlexPlex Media ServerExtsOpenSSLSSL.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerExtssimplejson_speedups.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerExtsOpenSSLcrypto.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerExtsOpenSSLrand.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerExtslxmlobjectify.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerExtslxmletree.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_ssl.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_socket.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_multiprocessing.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_hashlib.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLs_ctypes.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLsunicodedata.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLspyexpat.pyd () MOD - C:Program Files (x86)PlexPlex Media ServerDLLsselect.pyd () MOD - C:Program Files (x86)PlexPlex Media Serverzlib1.dll () MOD - C:Program Files (x86)PlexPlex Media ServerWebKit.dll () MOD - C:Program Files (x86)PlexPlex Media Servertag.dll () MOD - C:Program Files (x86)PlexPlex Media Serversqlite3.dll () MOD - C:Program Files (x86)PlexPlex Media Serversoci_core-vc80-3_0.dll () MOD - C:Program Files (x86)PlexPlex Media Serversoci_sqlite3-vc80-3_0.dll () MOD - C:Program Files (x86)PlexPlex Media Serverlibxslt.dll () MOD - C:Program Files (x86)PlexPlex Media Serverlibxml2.dll () MOD - C:Program Files (x86)PlexPlex Media Serverlibexslt.dll () MOD - C:Program Files (x86)PlexPlex Media ServerJavascriptCore.dll () MOD - C:Program Files (x86)PlexPlex Media ServerCFLite.dll () MOD - C:Program Files (x86)PlexPlex Media Servercairo.dll () MOD - C:Program Files (x86)PlexPlex Media Serveravutil-50.dll () MOD - C:Program Files (x86)PlexPlex Media Serveravformat-52.dll () MOD - C:Program Files (x86)PlexPlex Media Serveravcodec-52.dll () MOD - C:Program Files (x86)PlexPlex Media ServerPlexScriptHost.exe () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Tray93975812864c17fc41ee7cd4d92c2aa1Inkjet.Tray.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Google.GData.Client909cbb3cddffd9f3c12080fc4f3f84f4Google.GData.Client.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Picasadcc301b44b97c0624a3683d211694feeInkjet.Picasa.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.PhotoBucket4d8b098d3ff9ed95545ecb942e823ac6Inkjet.PhotoBucket.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Flickrc518e7e720452a9f44b5634ce3b24367Inkjet.Flickr.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Facebook104f56e6aaac350ef60332acac26c912Inkjet.Facebook.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Editing8abfeaa6522fd0f5b947a52846c7e166Inkjet.Editing.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Destination4089c98567e600cde51beb871b943019Inkjet.Destination.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Browseb4d99aa57b5f0f120f76c2a489fce11fInkjet.Browse.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32EastmanKodakCompany#af5fe45e9295216b7d5bf03226e34c48EastmanKodakCompany.EasyShare.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.EasyShareff483461097fd3d966b92feab6528d1cInkjet.EasyShare.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.IO1be959412a7ea2e9ea10c18b8f721d98Inkjet.IO.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Helperfc6e1a2c4a6d06fcd4852d9d4ba3cab6Helper.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32HRIntp.Interop48eefe51e1b954aa106c9a6822c2e34fHRIntp.Interop.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Tools87fcc341251251730f4b32d5847a1a8bInkjet.Tools.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Scan997932eb7ac4e619cbed251eae0e5c13Inkjet.Scan.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32AiOHomeCenter823eb78d1b44dd675b55652d9cf0951dAiOHomeCenter.ni.exe () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Scanningd294d39e60545d16d3cee90a65b066c5Inkjet.Scanning.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Automation4a939fe61e0b13d1f8d4d252f68abda0Inkjet.Automation.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Windowscb53ab1b9ad1b63d4f888af63932ade6Inkjet.Windows.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Printing1206f877b17b28c643b3cc57353c83fbInkjet.Printing.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.DeviceSettin#132f0d3bdd8a0c5aaa116a7c2a3fa7f3Inkjet.DeviceSettings.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32ShellLibcc6d956d81e21886f5308aaadfed28f7ShellLib.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Utilitiesada4223c4f1033bbde3de717551416f5Inkjet.Utilities.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Localization05c5e140000f0db1a540c4fcde234e4eInkjet.Localization.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Diagnostics656570e73bb248bdcbc918987c7e8624Inkjet.Diagnostics.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Interop.WIA1e93b1ebc6132e4a7e18fee3aabf551aInterop.WIA.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Hardwaref165ea00266bc4a83a533c23686ef715Inkjet.Hardware.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Statistics6e986bb8ce5b666873743d97f9708648Inkjet.Statistics.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Interop.EKAiO2SDKLib240d5e0943c8db375164cda9ed934009Interop.EKAiO2SDKLib.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Inkjet.Configurationfea5b8b89a5c4d9130274f59527cfdd1Inkjet.Configuration.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32InkjetCore29e6e616fcb2dd7e933a6c5f0a1e15bfInkjetCore.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32CommonControlsb60b4a7c44a003da13d794e7c06764a9CommonControls.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.ServiceProce#69ca4a43ba14b66689715ad62aed70e6System.ServiceProcess.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Runtime.Remo#03dee80574f4ec770b6f77ca030ded6cSystem.Runtime.Remoting.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Weba501b7960f6c6e2e39162b83f3303aaaSystem.Web.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms7b7fbe651c6e72f12099a298654c9594System.Windows.Forms.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawing6bb439b3f87736d3248ae27d43e2c0d6System.Drawing.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmlba3d70b651454c7d49b407b93663bfedSystem.Xml.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32System.Configurationcfa9c506bfb9254c89dace7b83bc9f9dSystem.Configuration.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32Systemce9ff6baf9053ed2ed673d948179195cSystem.ni.dll () MOD - C:WindowsassemblyNativeImages_v2.0.50727_32mscorlibacfc1391e45fedd2a359778ea57d914cmscorlib.ni.dll () MOD - C:Program Files (x86)KodakAiOCenterInkjet.PrintProject.dll () MOD - C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionssupport@lastpass.complatformWINNT_x86-msvccomponentslpxpcom.dll () MOD - C:Program Files (x86)KodakAiOCenterEastmanKodakCompany.EasyShare.dll () MOD - C:UsersphilAppDataRoamingSpotifyDataSpotifyWebHelper.exe () MOD - C:Program Files (x86)NVIDIA Corporation3D VisionNv3DVStreaming.dll () MOD - C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll () MOD - C:Program Files (x86)Common Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF () MOD - C:Program Files (x86)Microsoft OfficeOffice141033GrooveIntlResource.dll () MOD - C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe () MOD - C:Program Files (x86)Common FilesLogiShrdLQCVFXCOCIManager.exe () MOD - C:Program Files (x86)Gateway Photo FrameIOIUSBLib.dll () MOD - C:Program Files (x86)Gateway Photo FrameIOIHIDLib.dll () ========== Services (SafeList) ========== SRV:64bit: - (CarboniteService) -- C:Program FilesCarboniteCarbonite BackupCarboniteService.exe (Carbonite, Inc. (www.carbonite.com)) SRV:64bit: - (ekrn) -- C:Program FilesESETESET NOD32 Antivirusx86ekrn.exe (ESET) SRV:64bit: - (arXfrSvc) -- C:Program FilesWindows Home ServerMicrosoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation) SRV:64bit: - (esClient) -- C:Program FilesWindows Home ServeresClient.exe (Microsoft Corporation) SRV:64bit: - (WHSConnector) -- C:Program FilesWindows Home ServerWHSConnector.exe (Microsoft Corporation) SRV:64bit: - (ZuneWlanCfgSvc) -- C:Program FilesZuneZuneWlanCfgSvc.exe (Microsoft Corporation) SRV:64bit: - (WMZuneComm) -- C:Program FilesZuneWMZuneComm.exe (Microsoft Corporation) SRV:64bit: - (ZuneNetworkSvc) -- C:Program FilesZuneZuneNss.exe (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:Program FilesGatewayGateway UpdaterUpdaterService.exe (Acer Group) SRV:64bit: - (LVPrcS64) -- C:Program FilesCommon FileslogishrdLVMVFMLVPrcSrv.exe (Logitech Inc.) SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:Program Files (x86)Common FilesSteamSteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation) SRV - (FingerPrint) -- C:Program Files (x86)FingerPrintFingerPrintService.exe (Collobos Software) SRV - (SkypeUpdate) -- C:Program Files (x86)SkypeUpdaterUpdater.exe (Skype Technologies) SRV - (Kodak AiO Status Monitor Service) -- C:Program Files (x86)KodakAiOStatusMonitorEKPrinterSDK.exe (Eastman Kodak Company) SRV - (Kodak AiO Network Discovery Service) -- C:Program Files (x86)KodakAiOCenterEKAiOHostService.exe (Eastman Kodak Company) SRV - (PnkBstrB) -- C:WindowsSysWOW64PnkBstrB.exe () SRV - (PnkBstrA) -- C:WindowsSysWOW64PnkBstrA.exe () SRV - (PMBDeviceInfoProvider) -- C:Program Files (x86)SonyPlayMemories HomePMBDeviceInfoProvider.exe (Sony Corporation) SRV - (HiPatchService) -- C:Program Files (x86)Hi-Rez StudiosHiPatchService.exe (Hi-Rez Studios) SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) SRV - (DragonSvc) -- C:Program Files (x86)Common FilesNuancedgnsvc.exe (Nuance Communications, Inc.) SRV - (AirPrint) -- C:Program Files (x86)AirPrintairprint.exe (Apple Inc.) SRV - (McciServiceHost) -- C:Program Files (x86)Common FilesMotiveMcciServiceHost.exe (Alcatel-Lucent) SRV - (rpcapd) -- C:Program Files (x86)WinPcaprpcapd.exe (CACE Technologies, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation) SRV - (Nero BackItUp Scheduler 4.0) -- C:Program Files (x86)Common FilesNeroNero BackItUp 4NBService.exe (Nero AG) SRV - (USBS3S4Detection) -- C:OEMUSBDECTIONUSBS3S4Detection.exe () SRV - (IAANTMON) -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe (Intel Corporation) SRV - (Greg_Service) -- C:Program Files (x86)GatewayRegistrationGregHSRW.exe (Acer Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:Program FilesEnigma Software GroupSpyHunteresgiguard.sys File not found DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation) DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation) DRV:64bit: - (NVHDA) -- C:WindowsSysNativedriversnvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (eamonm) -- C:WindowsSysNativedriverseamonm.sys (ESET) DRV:64bit: - (ehdrv) -- C:WindowsSysNativedriversehdrv.sys (ESET) DRV:64bit: - (epfwwfpr) -- C:WindowsSysNativedriversepfwwfpr.sys (ESET) DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (ivusb) -- C:WindowsSysNativedriversivusb.sys (Initio Corporation) DRV:64bit: - (MRESP50a64) -- C:Program FilesCommon FilesMotiveMRESP50a64.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV:64bit: - (MREMP50a64) -- C:Program FilesCommon FilesMotiveMREMP50a64.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV:64bit: - (RTL8192su) -- C:WindowsSysNativedriversRTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (NPF) -- C:WindowsSysNativedriversnpf.sys (CACE Technologies, Inc.) DRV:64bit: - (tbhsd) -- C:WindowsSysNativedriverstbhsd.sys (RapidSolution Software AG) DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:WindowsSysNativedriversiaStor.sys (Intel Corporation) DRV:64bit: - (LGVirHid) -- C:WindowsSysNativedriversLGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:WindowsSysNativedriversLGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:WindowsSysNativedriversLVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:WindowsSysNativedriversLVPr2M64.sys () DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (LVRS64) -- C:WindowsSysNativedriverslvrs64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) -- C:WindowsSysNativedriversLV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:WindowsSysNativedriverslv302a64.sys (Logitech Inc.) DRV:64bit: - (SndTAudio) -- C:WindowsSysNativedriversSndTAudio.sys (Windows ® Codename Longhorn DDK provider) DRV:64bit: - (xusb21) -- C:WindowsSysNativedriversxusb21.sys (Microsoft Corporation) DRV:64bit: - (LVUSBS64) -- C:WindowsSysNativedriversLVUSBS64.sys (Logitech Inc.) DRV:64bit: - (RimUsb) -- C:WindowsSysNativedriversRimUsb_AMD64.sys (Research In Motion Limited) DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 IE - HKLM..SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM..SearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 IE - HKCU..SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU..SearchScopes{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS442US442 IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: denggb@balandro.net:1.6 FF - prefs.js..extensions.enabledAddons: exif_viewer@mozilla.doslash.org:2.00 FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0 FF - prefs.js..extensions.enabledAddons: vsgtbubccc@vsgtbubccc.org:1.0 FF - prefs.js..extensions.enabledAddons: {473f9a20-ce5a-11da-a94d-0800200c9a66}:0.7 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_278.dll () FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll () FF - HKLMSoftwareMozillaPlugins@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:PROGRAM FILES (X86)FOXIT SOFTWAREFOXIT READERpluginsnpFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLMSoftwareMozillaPlugins@garmin.com/GpsControl: C:Program Files (x86)Garmin GPS PluginnpGarmin.dll (GARMIN Corp.) FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.) FF - HKLMSoftwareMozillaPlugins@logitech.com/HarmonyRemote,version=1.0.0: C:Program Files (x86)LogitechHarmony Remote DriverNprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=14.0.8081.0709: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@nvidia.com/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation) FF - HKLMSoftwareMozillaPlugins@nvidia.com/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLMSoftwareMozillaPlugins@pandonetworks.com/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.2: C:Program Files (x86)VideoLANVLCnpvlc.dll (VideoLAN) FF - HKCUSoftwareMozillaPlugins@talk.google.com/GoogleTalkPlugin: C:UsersphilAppDataRoamingMozillapluginsnpgoogletalk.dll (Google) FF - HKCUSoftwareMozillaPlugins@talk.google.com/O3DPlugin: C:UsersphilAppDataRoamingMozillapluginsnpgtpo3dautoplugin.dll () FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:UsersphilAppDataLocalGoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:UsersphilAppDataLocalGoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.) FF - HKCUSoftwareMozillaPlugins@unity3d.com/UnityPlayer,version=1.0: C:UsersphilAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS) FF - HKCUSoftwareMozillaPluginspandonetworks.com/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINEsoftwaremozillaThunderbirdExtensionseplgTb@eset.com: C:PROGRAM FILESESETESET NOD32 ANTIVIRUSMOZILLA THUNDERBIRD [2012/04/02 06:18:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 15.0.1extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/09/11 21:52:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 15.0.1extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/06/24 10:25:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaThunderbirdExtensionseplgTb@eset.com: C:Program FilesESETESET NOD32 AntivirusMozilla Thunderbird [2012/04/02 06:18:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 15.0.1extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/09/11 21:52:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 15.0.1extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/06/24 10:25:31 | 000,000,000 | ---D | M] [2012/05/11 20:50:38 | 000,000,000 | ---D | M] (No name found) -- C:UsersphilAppDataRoamingMozillaExtensions [2012/05/11 20:50:38 | 000,000,000 | ---D | M] (No name found) -- C:UsersphilAppDataRoamingMozillaExtensionsprism@developer.mozilla.org [2012/09/03 19:06:53 | 000,000,000 | ---D | M] (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensions [2012/06/21 19:00:08 | 000,000,000 | ---D | M] (LastPass) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionssupport@lastpass.com [2011/12/14 00:57:28 | 000,060,571 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsdenggb@balandro.net.xpi [2012/09/03 19:06:53 | 000,230,013 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsexif_viewer@mozilla.doslash.org.xpi [2012/04/27 17:18:09 | 000,272,844 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsjid1-F9UJ2thwoAm5gQ@jetpack.xpi [2012/05/26 23:31:27 | 000,401,328 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsjid1-xUfzOsOFlzSOXg@jetpack.xpi [2012/05/27 13:17:52 | 000,004,733 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensionsvsgtbubccc@vsgtbubccc.org.xpi [2011/09/01 09:38:54 | 000,026,347 | ---- | M] () (No name found) -- C:UsersphilAppDataRoamingMozillaFirefoxProfilesg5dfm5sk.defaultextensions{473f9a20-ce5a-11da-a94d-0800200c9a66}.xpi [2012/01/10 19:29:15 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions [2012/09/11 21:52:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll [2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpwachk.dll [2012/09/03 19:06:50 | 000,002,465 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml [2012/09/03 19:06:50 | 000,002,253 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:UsersphilAppDataLocalGoogleChromeApplication16.0.912.63ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:UsersphilAppDataLocalGoogleChromeApplication16.0.912.63pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:UsersphilAppDataLocalGoogleChromeApplication16.0.912.63gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:WindowsSysWOW64MacromedFlashNPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:Program Files (x86)AdobeReader 9.0ReaderBrowsernppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:Program Files (x86)QuickTimepluginsnpqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:UsersphilAppDataRoamingMozillapluginsnpgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:UsersphilAppDataRoamingMozillapluginsnpgtpo3dautoplugin.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:PROGRAM FILES (X86)FOXIT SOFTWAREFOXIT READERpluginsnpFoxitReaderPlugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll CHR - plugin: Windows Liveu00AE Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll CHR - plugin: Unity Player (Enabled) = C:UsersphilAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.2_0 CHR - Extension: YouTube = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0 CHR - Extension: Google Search = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.14_1 CHR - Extension: Google Search = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0 CHR - Extension: Gmail = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia6.1.4_0 CHR - Extension: Gmail = C:UsersphilAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0 O1 HOSTS File: ([2012/10/07 13:17:44 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:Program Files (x86)LastPassLPBar64.dll (LastPass) O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:Program FilesWindows Home ServerWHSDeskBands.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:Program Files (x86)LastPassLPBar.dll (LastPass) O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM..Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:Program Files (x86)LastPassLPBar64.dll (LastPass) O3:64bit: - HKLM..Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:Program FilesWindows Home ServerWHSDeskBands.dll (Microsoft Corporation) O3 - HKLM..Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:Program Files (x86)LastPassLPBar.dll (LastPass) O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..Run: [egui] C:Program FilesESETESET NOD32 Antivirusegui.exe (ESET) O4:64bit: - HKLM..Run: [EKIJ5000StatusMonitor] C:WindowsSysNativespooldriversx643EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..Run: [iAAnotif] C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..Run: [Launch LCore] C:Program FilesLogitech Gaming SoftwareLCore.exe (Logitech Inc.) O4:64bit: - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..Run: [Zune Launcher] C:Program FilesZuneZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) O4 - HKLM..Run: [Carbonite Backup] C:Program Files (x86)CarboniteCarbonite BackupCarboniteUI.exe (Carbonite, Inc.) O4 - HKLM..Run: [Conime] %windir%system32conime.exe File not found O4 - HKLM..Run: [DNS7reminder] C:Program Files (x86)NuanceNaturallySpeaking11EregEreg.exe (Nuance Communications, Inc.) O4 - HKLM..Run: [EKIJ5000StatusMonitor] C:Windowssystem32spoolDRIVERSx643EKIJ5000MUI.exe File not found O4 - HKLM..Run: [Gateway Photo Frame] C:Program Files (x86)Gateway Photo FrameButtonMonitor.exe (IOI) O4 - HKLM..Run: [LogitechQuickCamRibbon] C:Program FilesLogitechLogitech WebCam SoftwareLWS.exe () O4 - HKLM..Run: [PMBVolumeWatcher] C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe (Sony Corporation) O4 - HKCU..Run: [ApplePhotoStreams] C:Program Files (x86)Common FilesAppleInternet ServicesApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..Run: [eFax 4.4] C:Program Files (x86)eFax Messenger 4.4J2GDllCmd.exe (j2 Global Communications, Inc.) O4 - HKCU..Run: [iCloudServices] C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe (Apple Inc.) O4 - HKCU..Run: [iSUSPM] C:ProgramDataFLEXnetConnect11ISUSPM.exe (Acresso Corporation) O4 - HKCU..Run: [Pando Media Booster] C:Program Files (x86)Pando NetworksMedia BoosterPMB.exe () O4 - HKCU..Run: [Plex Media Server] C:Program Files (x86)PlexPlex Media ServerPlex Media Server.exe (Plex, Inc.) O4 - HKCU..Run: [spotify Web Helper] C:UsersphilAppDataRoamingSpotifyDataSpotifyWebHelper.exe () O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..Run: [steam] C:Program Files (x86)Steamsteam.exe (Valve Corporation) O4 - Startup: C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDropbox.lnk = C:UsersphilAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.) O4 - Startup: C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupeFax 4.4.lnk = C:Program Files (x86)eFax Messenger 4.4J2GTray.exe (j2 Global Communications, Inc.) O4 - Startup: C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMy Program.lnk = C:Program Files (x86)FingerPrintFingerPrint.exe (Collobos Software) O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O8:64bit: - Extra context menu item: LastPass - file://C:Program Files (x86)LastPasscontext.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:Program Files (x86)LastPasscontext.html?cmd=fillforms File not found O8 - Extra context menu item: LastPass - file://C:Program Files (x86)LastPasscontext.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:Program Files (x86)LastPasscontext.html?cmd=fillforms File not found O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:Program Files (x86)LastPassLPBar64.dll (LastPass) O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:Program Files (x86)LastPassLPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:Program Files (x86)LastPassLPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5Catalog_Entries000000000007 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU..Trusted Domains: $talisma_url$ ([]https in Trusted sites) O15 - HKCU..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU..Trusted Domains: localhost ([]* in Local intranet) O15 - HKCU..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{0ACC7907-B634-4F26-B2BC-1EC4C5BC96A5}: DhcpNameServer = 192.168.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{8EF916CF-C649-4EC3-8A53-706A022EE6C6}: DhcpNameServer = 192.168.1.254 O18:64bit: - ProtocolHandlerlivecall - No CLSID value found O18:64bit: - ProtocolHandlerms-help - No CLSID value found O18:64bit: - ProtocolHandlerms-itss - No CLSID value found O18:64bit: - ProtocolHandlermsnim - No CLSID value found O18:64bit: - ProtocolHandlerskype4com - No CLSID value found O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM..comfile [open] -- "%1" %* O35:64bit: - HKLM..exefile [open] -- "%1" %* O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystemsWindows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/10/08 00:52:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:UsersphilDesktopOTL.exe [2012/10/07 13:17:51 | 000,000,000 | ---D | C] -- C:$RECYCLE.BIN [2012/10/06 23:51:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe [2012/10/06 23:51:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe [2012/10/06 23:51:26 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe [2012/10/06 23:48:33 | 004,762,471 | R--- | C] (Swearware) -- C:UsersphilDesktopComboFix.exe [2012/10/06 23:48:02 | 000,000,000 | ---D | C] -- C:Qoobox [2012/10/06 23:47:19 | 000,000,000 | ---D | C] -- C:Windowserdnt [2012/10/06 09:38:04 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:UsersphilDesktoptdsskiller.exe [2012/10/06 09:35:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:UsersphilDesktopaswMBR.exe [2012/10/05 19:54:43 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingj2 Global [2012/10/05 19:54:08 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingeFax Messenger [2012/10/05 19:54:07 | 000,000,000 | ---D | C] -- C:ProgramDataeFax Messenger 4.4 Output [2012/10/05 19:53:59 | 000,000,000 | ---D | C] -- C:UsersphilDocumentseFax Messenger 4.4 [2012/10/05 19:53:58 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramseFax Messenger 4.4 [2012/10/05 19:53:24 | 000,000,000 | ---D | C] -- C:Program Files (x86)eFax Messenger 4.4 [2012/10/04 19:57:33 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCarbonite [2012/09/27 18:43:51 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiCloud [2012/09/26 04:04:58 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeOxpsConverter.exe [2012/09/22 20:53:42 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingMalwarebytes [2012/09/22 20:53:35 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware [2012/09/22 20:53:34 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes [2012/09/22 20:53:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys [2012/09/22 20:53:33 | 000,000,000 | ---D | C] -- C:Program Files (x86)Malwarebytes' Anti-Malware [2012/09/22 03:01:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll [2012/09/22 03:01:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll [2012/09/22 03:01:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll [2012/09/22 03:00:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll [2012/09/22 03:00:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll [2012/09/22 03:00:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieUnatt.exe [2012/09/22 03:00:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieUnatt.exe [2012/09/22 03:00:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll [2012/09/22 03:00:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl [2012/09/22 03:00:53 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll [2012/09/22 03:00:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl [2012/09/22 03:00:53 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll [2012/09/22 03:00:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll [2012/09/22 03:00:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevbscript.dll [2012/09/22 03:00:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll [2012/09/20 19:07:42 | 000,000,000 | ---D | C] -- C:UsersphilTracing [2012/09/18 18:10:54 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuPrograms7-Zip [2012/09/18 18:10:54 | 000,000,000 | ---D | C] -- C:Program Files7-Zip [2012/09/18 06:29:32 | 000,000,000 | ---D | C] -- C:Program FilesEnigma Software Group [2012/09/18 00:19:09 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy [2012/09/18 00:19:04 | 000,000,000 | ---D | C] -- C:ProgramDataSpybot - Search & Destroy [2012/09/18 00:19:04 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy [2012/09/18 00:16:53 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes [2012/09/18 00:16:49 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:WindowsSysNativedriversGEARAspiWDM.sys [2012/09/18 00:14:41 | 000,000,000 | ---D | C] -- C:Program FilesiTunes [2012/09/18 00:14:41 | 000,000,000 | ---D | C] -- C:Program FilesiPod [2012/09/18 00:14:41 | 000,000,000 | ---D | C] -- C:ProgramData34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/09/14 18:19:24 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsGOG.com [2012/09/14 18:19:22 | 000,000,000 | ---D | C] -- C:Program Files (x86)GOG.com [2012/09/12 04:40:36 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived3d10level9.dll [2012/09/12 04:40:36 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversRNDISMP.sys [2012/09/12 04:40:30 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversnetio.sys [2012/09/12 04:40:30 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversFWPKCLNT.SYS [2012/09/09 18:42:22 | 000,000,000 | ---D | C] -- C:UsersphilAppDataRoamingGalaxy on Fire 2 Full HD [2011/08/15 22:52:11 | 013,571,624 | ---- | C] (LastPass) -- C:Program Files (x86)Common Fileslpuninstall.exe [2 C:Windows*.tmp files -> C:Windows*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/10/08 01:02:00 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job [2012/10/08 00:59:00 | 000,000,898 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job [2012/10/08 00:50:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersphilDesktopOTL.exe [2012/10/08 00:44:00 | 000,000,904 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-521803664-223263629-1628716014-1001UA.job [2012/10/07 14:59:01 | 000,000,894 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job [2012/10/07 14:35:04 | 000,000,359 | ---- | M] () -- C:UsersphilDesktopprofile.bin [2012/10/07 13:17:44 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts [2012/10/07 10:36:57 | 000,009,920 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/07 10:36:57 | 000,009,920 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/07 10:27:45 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2012/10/07 10:27:24 | 2140,491,775 | -HS- | M] () -- C:hiberfil.sys [2012/10/07 06:44:00 | 000,000,852 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-521803664-223263629-1628716014-1001Core.job [2012/10/06 23:46:28 | 004,762,471 | R--- | M] (Swearware) -- C:UsersphilDesktopComboFix.exe [2012/10/06 09:54:35 | 000,000,497 | ---- | M] () -- C:UsersphilDesktopMBR.zip [2012/10/06 09:45:37 | 000,000,512 | ---- | M] () -- C:UsersphilDesktopMBR.dat [2012/10/06 09:37:26 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:UsersphilDesktoptdsskiller.exe [2012/10/06 09:34:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:UsersphilDesktopaswMBR.exe [2012/10/05 19:54:06 | 000,001,031 | ---- | M] () -- C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupeFax 4.4.lnk [2012/10/05 19:54:06 | 000,001,002 | ---- | M] () -- C:UsersphilDesktopeFax Compose Fax 4.4.lnk [2012/10/05 19:54:06 | 000,000,995 | ---- | M] () -- C:UsersphilDesktopeFax Messenger 4.4.lnk [2012/10/04 19:57:33 | 000,002,139 | ---- | M] () -- C:UsersPublicDesktopCarbonite InfoCenter.lnk [2012/10/02 18:54:01 | 000,001,007 | ---- | M] () -- C:UsersPublicDesktopHero Lab.lnk [2012/10/01 06:27:37 | 000,000,854 | ---- | M] () -- C:Usersphil.recently-used.xbel [2012/09/26 18:45:20 | 000,002,484 | ---- | M] () -- C:UsersphilDesktopGoogle Chrome.lnk [2012/09/22 22:52:31 | 000,001,086 | ---- | M] () -- C:UsersphilAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMy Program.lnk [2012/09/22 20:53:35 | 000,001,116 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/09/20 21:02:47 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2012/09/20 21:02:47 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl [2012/09/18 17:53:15 | 000,793,184 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI [2012/09/18 17:53:15 | 000,660,296 | ---- | M] () -- C:WindowsSysNativeperfh009.dat [2012/09/18 17:53:15 | 000,121,224 | ---- | M] () -- C:WindowsSysNativeperfc009.dat [2012/09/18 00:19:09 | 000,001,289 | ---- | M] () -- C:UsersphilApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/09/18 00:19:09 | 000,001,265 | ---- | M] () -- C:UsersphilDesktopSpybot - Search & Destroy.lnk [2012/09/18 00:16:53 | 000,001,790 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk [2012/09/14 18:19:24 | 000,002,106 | ---- | M] () -- C:UsersPublicDesktopFaster Than Light.lnk [2012/09/09 12:50:08 | 000,000,734 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120918-063047.backup [2 C:Windows*.tmp files -> C:Windows*.tmp -> ] ========== Files Created - No Company Name ========== [2012/10/07 14:35:02 | 000,000,359 | ---- | C] () -- C:UsersphilDesktopprofile.bin [2012/10/06 23:51:26 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe [2012/10/06 23:51:26 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe [2012/10/06 23:51:26 | 000,098,816 | ---- | C] () -- C:Windowssed
  4. Phil Collins

    My Browser has been HiJacked I hope you can help

    Took a while but here we are... ComboFix.txt
  5. Phil Collins

    My Browser has been HiJacked I hope you can help

    Thanks again for your assistance. The issue only appears to happen in firefox. When I click a link in google, I get redirected to something other than what I selected. Chrome does not do this. I do not use IE TDSSKiller.2.8.10.0_06.10.2012_09.45.43_log.txt MBR.zip aswMBR.txt
  6. Phil Collins

    My Browser has been HiJacked I hope you can help

    Yes I still need assistance. If I search Google. about 3 in 10 search results send me someplace other than the result.
  7. Good afternoon, I believe my system may be compromised and I cannot figure out how to undo this. below are my logs from DDS Please let me know what else I should provide : DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by phil at 19:05:58 on 2012-10-01 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.4641 [GMT -4:00] . AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files\Windows Home Server\esClient.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\FingerPrint\FingerPrintService.exe C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\OEM\USBDECTION\USBS3S4Detection.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AirPrint\airprint.exe C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\splwow64.exe C:\Program Files\Windows Home Server\WHSConnector.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Users\phil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files\Windows Home Server\WHSTrayApp.exe C:\Users\phil\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\FingerPrint\FingerPrint.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\phil\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Windows\system32\DllHost.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\taskeng.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4840&r=17360711a506p0435v125k4741r556 uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [Google Update] "C:\Users\phil\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler uRun: [spotify Web Helper] "C:\Users\phil\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun: [Conime] %windir%\system32\conime.exe mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" StartupFolder: C:\Users\phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\phil\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPROG~1.LNK - C:\Program Files (x86)\FingerPrint\FingerPrint.exe StartupFolder: C:\Users\phil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UVREAL~1.LNK - C:\Program Files (x86)\UV Realtime\UVRTAutostart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll Trusted Zone: $talisma_url$ Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{0ACC7907-B634-4F26-B2BC-1EC4C5BC96A5} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{8EF916CF-C649-4EC3-8A53-706A022EE6C6} : DhcpNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll BHO-X64: LastPass Browser Helper Object - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun-x64: [Conime] %windir%\system32\conime.exe mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\phil\AppData\Roaming\Mozilla\Firefox\Profiles\g5dfm5sk.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\phil\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\phil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\phil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\phil\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll . ============= SERVICES / DRIVERS =============== . R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AirPrint;AirPrint;C:\Program Files (x86)\AirPrint\airprint.exe -s --> C:\Program Files (x86)\AirPrint\airprint.exe -s [?] R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280] R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944] R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936] R2 FingerPrint;FingerPrint Service;C:\Program Files (x86)\FingerPrint\FingerPrintService.exe -start --> C:\Program Files (x86)\FingerPrint\FingerPrintService.exe -start [?] R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-24 8704] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712] R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-22 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-22 676936] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-8-29 517632] R2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2011-8-29 315392] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-31 2348352] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-4-22 474168] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-18 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-4-14 243232] R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320] R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?] R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-31 135664] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250288] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-31 135664] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 114144] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?] S3 SndTAudio;SndTAudio;C:\Windows\system32\drivers\SndTAudio.sys --> C:\Windows\system32\drivers\SndTAudio.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416] . =============== Created Last 30 ================ . 2012-09-30 06:02:21 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76D721C7-DCEA-4B80-9C3D-065B9415592F}\offreg.dll 2012-09-28 09:22:48 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76D721C7-DCEA-4B80-9C3D-065B9415592F}\mpengine.dll 2012-09-26 08:04:58 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-23 00:53:42 -------- d-----w- C:\Users\phil\AppData\Roaming\Malwarebytes 2012-09-23 00:53:34 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-23 00:53:33 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-23 00:53:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-23 00:48:15 125952 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\CBF9.tmp.dat 2012-09-22 07:01:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-09-22 07:01:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-09-22 07:01:00 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-09-22 07:01:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll 2012-09-22 07:01:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll 2012-09-22 07:01:00 174216 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2012-09-22 07:01:00 140936 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2012-09-21 01:02:17 9573296 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-09-20 23:07:42 -------- d-----w- C:\Users\phil\Tracing 2012-09-18 10:29:32 -------- d-----w- C:\Program Files\Enigma Software Group 2012-09-18 10:28:16 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP 2012-09-18 04:19:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-09-18 04:19:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-09-18 04:16:49 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-09-18 04:14:41 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-18 04:14:41 -------- d-----w- C:\Program Files\iTunes 2012-09-18 04:14:41 -------- d-----w- C:\Program Files\iPod 2012-09-14 22:19:22 -------- d-----w- C:\Program Files (x86)\GOG.com 2012-09-12 08:40:37 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 08:40:36 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 08:40:36 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 08:40:35 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 08:40:30 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 08:40:30 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-12 08:40:30 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-09 22:42:22 -------- d-----w- C:\Users\phil\AppData\Roaming\Galaxy on Fire 2 Full HD 2012-09-04 22:23:17 -------- d-----w- C:\.dcsample_pictures 2012-09-04 22:20:49 -------- d-----w- C:\Users\phil\AppData\Roaming\gcstar 2012-09-04 22:20:01 -------- d-----w- C:\Program Files (x86)\GCstar 2012-09-04 21:57:55 -------- d-----w- C:\Users\phil\AppData\Local\Collectorz.com 2012-09-04 21:57:50 -------- d-----w- C:\Program Files (x86)\Collectorz.com 2012-09-03 23:06:51 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll . ==================== Find3M ==================== . 2012-09-21 01:02:47 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 01:02:47 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-09 17:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-07-09 17:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2011-08-16 02:52:12 13571624 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe . ============= FINISH: 19:07:19.26 ===============
×