Help
This topic is locked
I'm currently runnning Windows Vista and I'm using PC Tools for a virus protection. When I go into websites to check the weather, sports, news it brings me to this website and ad with the title Ad Served by Extra Find, sometimes it brings me to the yellowpages for hotel search when i wanted to check the weather. I ran PC Tools and nothing found. Also when I do a google search items are underlined and when you move your mouse over it brings up a list of ads
Could someone pleae help me remove this?
Ad Served by Extra Find
Back to top
#2
- Member
-
- Group: Members
- Posts: 20
- Joined: 25-November 11
Posted 25 November 2011 - 10:31 AM
bdnh85, on 25 November 2011 - 10:30 AM, said:
I'm currently runnning Windows Vista and I'm using PC Tools for a virus protection. When I go into websites to check the weather, sports, news it brings me to this website and ad with the title Ad Served by Extra Find, sometimes it brings me to the yellowpages for hotel search when i wanted to check the weather. I ran PC Tools and nothing found. Also when I do a google search items are underlined and when you move your mouse over it brings up a list of ads
Could someone pleae help me remove this?
Could someone pleae help me remove this?
PS I do I insert a screen shot?
#3
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 25 November 2011 - 11:05 PM
Welcome aboard 
Download Security Check from HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=============================================================================
Please download MiniToolBox and run it.
Checkmark following boxes:
Click Go and post the result.
=============================================================================
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=============================================================================
Please download GMER from one of the following locations and save it to your desktop:
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
Download Security Check from HERE, and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=============================================================================
Please download MiniToolBox and run it.
Checkmark following boxes:
- Report IE Proxy Settings
- Report FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Users, Partitions and Memory size
Click Go and post the result.
=============================================================================
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
=============================================================================
Please download GMER from one of the following locations and save it to your desktop:
- Main Mirror
This version will download a randomly named file (Recommended) - Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
- Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
- Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
- GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
- If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
- Now click the Scan button. If you see a rootkit warning window, click OK.
- When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
- Click the Copy button and paste the results into your next reply.
- Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.
#4
- Member
-
- Group: Members
- Posts: 20
- Joined: 25-November 11
Posted 26 November 2011 - 12:03 PM
Here are the results
MiniToolBox by Farbar
Ran by Deputy Devereaux (administrator) on 26-11-2011 at 11:37:39
Windows ™ Vista Home Premium Service Pack 2 (X64)
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= FF Proxy Settings: ==============================
========================= Hosts content: =================================
::1 localhost
127.0.0.1 localhost
========================= IP Configuration: ================================
Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)
USB Wireless 802.11 b/g Adaptor = Wireless Network Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : DeputyDevere-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : chn.comcast.net
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : USB Wireless 802.11 b/g Adaptor
Physical Address. . . . . . . . . : 00-16-44-B0-F6-87
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : chn.comcast.net
Description . . . . . . . . . . . : Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-1F-C6-4D-A9-A5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, November 26, 2011 9:44:07 AM
Lease Expires . . . . . . . . . . : Saturday, November 26, 2011 12:14:11 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 68.87.71.226
68.87.73.242
192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: nrcns.chelmsfdrdc2.ma.boston.comcast.net
Address: 68.87.71.226
Name: google.com
Addresses: 74.125.226.112
74.125.226.114
74.125.226.116
74.125.226.115
74.125.226.113
Pinging google.com [74.125.226.180] with 32 bytes of data:
Reply from 74.125.226.180: bytes=32 time=29ms TTL=55
Reply from 74.125.226.180: bytes=32 time=18ms TTL=55
Ping statistics for 74.125.226.180:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 29ms, Average = 23ms
Server: nrcns.chelmsfdrdc2.ma.boston.comcast.net
Address: 68.87.71.226
Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
98.137.149.56
98.139.180.149
Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=116ms TTL=50
Reply from 72.30.2.43: bytes=32 time=108ms TTL=50
Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 108ms, Maximum = 116ms, Average = 112ms
Server: nrcns.chelmsfdrdc2.ma.boston.comcast.net
Address: 68.87.71.226
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11 ...00 16 44 b0 f6 87 ...... USB Wireless 802.11 b/g Adaptor
10 ...00 1f c6 4d a9 a5 ...... Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
========================= Event log errors: ===============================
Application errors:
==================
Error: (11/26/2011 09:45:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2011 08:48:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2011 08:46:01 PM) (Source: Application Error) (User: )
Description: Faulting application STOPzilla_Setup.exe, version 5.0.90.1, time stamp 0x4e808f4b, faulting module STOPzilla_Setup.exe, version 5.0.90.1, time stamp 0x4e808f4b, exception code 0xc0000005, fault offset 0x00018612,
process id 0x1650, application start time 0xSTOPzilla_Setup.exe0.
Error: (11/25/2011 08:45:41 PM) (Source: Application Error) (User: )
Description: Faulting application STOPzilla_Setup.exe, version 5.0.90.1, time stamp 0x4e808f4b, faulting module STOPzilla_Setup.exe, version 5.0.90.1, time stamp 0x4e808f4b, exception code 0xc0000005, fault offset 0x00018612,
process id 0x1824, application start time 0xSTOPzilla_Setup.exe0.
Error: (11/25/2011 08:37:02 PM) (Source: Microsoft-Windows-RestartManager) (User: Deputy Devereaux)Deputy Devereaux
Description: 0C:\Program Files (x86)\CheckPoint\Install\Install.exeCheck Point Install Utility0111772840
Error: (11/25/2011 05:11:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2011 05:02:20 PM) (Source: Application Error) (User: )
Description: Faulting application avast.setup, version 5.0.0.0, time stamp 0x4e668b22, faulting module avast.setup, version 5.0.0.0, time stamp 0x4e668b22, exception code 0xc0000005, fault offset 0x0008ac2c,
process id 0x1418, application start time 0xavast.setup0.
Error: (11/25/2011 03:39:20 PM) (Source: Microsoft Security Client Setup) (User: Deputy Devereaux)Deputy Devereaux
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.
Error: (11/25/2011 09:47:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2011 03:41:06 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DEPUTY DEVEREAUX\APPDATA\LOCAL\VIRTUALSTORE\PROGRAM FILES (X86)\PROSCAN CLIENT\RECORDINGS\11-24-11\154.4450> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
System errors:
=============
Error: (11/26/2011 09:45:25 AM) (Source: Service Control Manager) (User: )
Description: LogMeIn Kernel Information Provider%%2
Error: (11/26/2011 09:45:25 AM) (Source: Service Control Manager) (User: )
Description: LMIGuardianSvc%%2
Error: (11/25/2011 08:54:52 PM) (Source: Service Control Manager) (User: )
Description: Local System Utility
Error: (11/25/2011 08:48:55 PM) (Source: Service Control Manager) (User: )
Description: LogMeIn Kernel Information Provider%%2
Error: (11/25/2011 08:48:55 PM) (Source: Service Control Manager) (User: )
Description: LMIGuardianSvc%%2
Error: (11/25/2011 08:45:34 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service1
Error: (11/25/2011 08:45:34 PM) (Source: Service Control Manager) (User: )
Description: hpqcxs081
Error: (11/25/2011 08:36:04 PM) (Source: Service Control Manager) (User: )
Description: TrueVector Internet Monitor0 (0x0)
Error: (11/25/2011 08:36:01 PM) (Source: Service Control Manager) (User: )
Description: TrueVector Internet Monitor39
Error: (11/25/2011 08:35:58 PM) (Source: Service Control Manager) (User: )
Description: TrueVector Internet Monitor0 (0x0)
Microsoft Office Sessions:
=========================
Error: (01/09/2011 09:07:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3803 seconds with 60 seconds of active time. This session ended with a crash.
Error: (01/09/2011 06:36:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28551 seconds with 540 seconds of active time. This session ended with a crash.
=========================== Installed Programs ============================
Update for Microsoft Office 2007 (KB2508958)
18 Wheels of Steel - Across America
2007 Microsoft Office system (Version: 12.0.6425.1000)
3CXPhone (Version: 4.0.19920.0)
6000E609_eDocs (Version: 1.00.0000)
6000E609_Help (Version: 1.00.0000)
6000E609a (Version: 140.0.000.000)
64 Bit HP CIO Components Installer (Version: 6.2.2)
911 - First Responders (Version: 1.03.001)
Adobe AIR (Version: 2.5.1.17730)
Adobe Download Assistant (Version: 1.0.6)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Reader X (Version: 10.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AIM 7
Any Video Converter 3.2.3
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Are You Smarter Than A 5th Grader (remove only)
AXIS Media Control Embedded
Bonjour (Version: 3.0.0.10)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
Browser Defender 4.0 (Version: 4.0.0.0)
BufferChm (Version: 140.0.213.000)
Burger Shop 2 (remove only)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Contextual Tool Extrafind
CyberLink DVD Suite Deluxe (Version: 5.5.1126)
DeviceDiscovery (Version: 140.0.213.000)
dj_sf_software_req (Version: 90.0.235.000)
Download Manager 2.3.10 (Version: 2.3.10)
Download Updater (AOL LLC)
Enhanced Multimedia Keyboard Solution
Google Earth (Version: 6.1.0.5001)
Google Gmail Notifier
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2308.2056)
Google Update Helper (Version: 1.3.21.79)
GPBaseService2 (Version: 140.0.212.000)
Hardware Diagnostic Tools (Version: 5.1.4708.19)
Hewlett-Packard Active Check (Version: 1.1.11.0)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5)
High Detail Map (Version: 1.0.0)
HP Active Support Library (Version: 2.3.0.2)
HP Advisor (Version: 3.1.9152.3107)
HP Customer Experience Enhancements (Version: 5.6.0.2499)
HP Customer Feedback (Version: 1.0.0)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet & Photosmart Printer Driver Software 8.0.A (Version: 8.0)
HP Deskjet Printer Driver Software 9.0 (Version: 9.0)
HP Easy Setup - Frontend (Version: 5.6.0.2542)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6000 E609 Series (Version: 14.0)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential (Version: 1.12.0.46)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.008.001)
HPProductAssistant (Version: 140.0.213.000)
HPSSupply (Version: 140.0.212.000)
HxD Hex Editor version 1.7.7.0 (Version: 1.7.7.0)
Intel® Matrix Storage Manager
iTunes (Version: 10.5.0.142)
iWin Games (remove only)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
LabelPrint (Version: 2.2.2329)
LightScribe System Software 1.10.23.1 (Version: 1.10.23.1)
LightScribeTemplateLabeler (Version: 1.10.23.1)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 140.0.214.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.6.0)
MotoConnect (Version: 1.1.25)
Motorola Driver Installation 4.6.0 (Version: 4.6.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.1 (Version: 6.10.050)
My HP Games (Version: HPCMPQ1902)
Napster Burn Engine (Version: 3.5.0000)
Network64 (Version: 140.0.215.000)
NVIDIA Drivers
OLYMPUS ib (Version: 1.1.1404)
OutlookTools 2 (Version: 2.3.0)
PC Tools Spyware Doctor with AntiVirus 9.0 (Version: 9.0)
Power2Go (Version: 5.6.3610)
PowerDirector (Version: 6.5.2420)
ProductContext (Version: 140.0.000.000)
ProScan Client 4.4.7
Python 2.5 (Version: 2.5.150)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.33.21.1)
Samsung Universal Print Driver PS (Version: 2.02.05.00:25)
SF_CDA_ProductContext (Version: 82.0.233.000)
SF_CDA_Software (Version: 82.0.233.000)
SF_CDA_ToolboxIni64 (Version: 82.0.233.000)
Shop for HP Supplies (Version: 14.0)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories USBXpress Device (Driver Removal)
SmartWebPrinting (Version: 140.0.213.000)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
SolutionCenter (Version: 140.0.214.000)
StartNow Toolbar (Version: 2.3.0)
Status (Version: 140.0.256.000)
SyncThru Web Admin Service
TeamViewer 6 (Version: 6.0.11117)
The Weather Channel Desktop 6
Toolbox (Version: 140.0.428.000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 140.0.213.000)
TweetDeck (Version: 0.37.5)
UnloadSupport (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC 9.0 Runtime (Version: 1.0.0)
Ventrilo Client (Version: 3.0.7)
Video Watermark Pro
WeatherBug (Version: 7.0.0.7)
WeatherBug Gadget (Version: 1.0.0.6)
WebReg (Version: 140.0.213.017)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (Version: 09/09/2009 1.0.0.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
========================= Memory info: ===================================
Percentage of memory in use: 62%
Total physical RAM: 4094.39 MB
Available physical RAM: 1549.09 MB
Total Pagefile: 8368.07 MB
Available Pagefile: 5673.13 MB
Total Virtual: 4095.88 MB
Available Virtual: 3997.01 MB
========================= Partitions: =====================================
1 Drive c: (HP) (Fixed) (Total:288.36 GB) (Free:187.85 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.73 GB) (Free:1.3 GB) NTFS
========================= Users: ========================================
User accounts for \\DEPUTYDEVERE-PC
Administrator Deputy Devereaux Guest
Results of screen317's Security Check version 0.99.24
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
PC Tools Spyware Doctor with AntiVirus 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 22
Java™ SE Runtime Environment 6 Update 1
Out of date Java installed!
Adobe Flash Player ( 10.3.181.34) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbam.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
Internet Explorer 8.0.6001.19154
11/26/2011 11:43:24 AM
mbam-log-2011-11-26 (11-42-52).txt
Scan type: Quick scan
Objects scanned: 185160
Time elapsed: 13 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (Adware.MyWebSearch) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files (x86)\2pres.dll (Adware.MyWebSearch) -> No action taken.
c:\Users\deputy devereaux\local settings\promo.exe (PUP.Soge) -> No action taken.
c:\Users\deputy devereaux\local settings\application data\promo.exe (PUP.Soge) -> No action taken.
ttp://www.gmer.net
Rootkit scan 2011-11-26 11:59:04
Windows 6.0.6002 Service Pack 2
Running: dy4upq1k[1].exe
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report104fdc12 0 bytes
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report104fdc12\appcompat.txt 736 bytes
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report104fdc12\Report.wer 2078 bytes
File C:\Users\Deputy Devereaux\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1G792LHM\default-albumart[2].gif 0 bytes
File C:\Users\Deputy Devereaux\AppData\Local\Temp\fla4013.tmp 30290531 bytes
File C:\Users\Deputy Devereaux\AppData\Roaming\Microsoft\Windows\Cookies\G0ZNP587.txt 0 bytes
---- EOF - GMER 1.0.15 ----
MiniToolBox by Farbar
Ran by Deputy Devereaux (administrator) on 26-11-2011 at 11:37:39
Windows ™ Vista Home Premium Service Pack 2 (X64)
***************************************************************************
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
========================= FF Proxy Settings: ==============================
========================= Hosts content: =================================
::1 localhost
127.0.0.1 localhost
========================= IP Configuration: ================================
Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)
USB Wireless 802.11 b/g Adaptor = Wireless Network Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : DeputyDevere-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : chn.comcast.net
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : USB Wireless 802.11 b/g Adaptor
Physical Address. . . . . . . . . : 00-16-44-B0-F6-87
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : chn.comcast.net
Description . . . . . . . . . . . : Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-1F-C6-4D-A9-A5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, November 26, 2011 9:44:07 AM
Lease Expires . . . . . . . . . . : Saturday, November 26, 2011 12:14:11 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 68.87.71.226
68.87.73.242
192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: nrcns.chelmsfdrdc2.ma.boston.comcast.net
Address: 68.87.71.226
Name: google.com
Addresses: 74.125.226.112
74.125.226.114
74.125.226.116
74.125.226.115
74.125.226.113
Pinging google.com [74.125.226.180] with 32 bytes of data:
Reply from 74.125.226.180: bytes=32 time=29ms TTL=55
Reply from 74.125.226.180: bytes=32 time=18ms TTL=55
Ping statistics for 74.125.226.180:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 29ms, Average = 23ms
Server: nrcns.chelmsfdrdc2.ma.boston.comcast.net
Address: 68.87.71.226
Name: yahoo.com
Addresses: 209.191.122.70
72.30.2.43
98.137.149.56
98.139.180.149
Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=116ms TTL=50
Reply from 72.30.2.43: bytes=32 time=108ms TTL=50
Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 108ms, Maximum = 116ms, Average = 112ms
Server: nrcns.chelmsfdrdc2.ma.boston.comcast.net
Address: 68.87.71.226
Name: bleepingcomputer.com
Address: 208.43.87.2
Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.
Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11 ...00 16 44 b0 f6 87 ...... USB Wireless 802.11 b/g Adaptor
10 ...00 1f c6 4d a9 a5 ...... Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329656] (PC Tools Research Pty Ltd.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 17 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [447928] (PC Tools Research Pty Ltd.)
========================= Event log errors: ===============================
Application errors:
==================
Error: (11/26/2011 09:45:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2011 08:48:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2011 08:46:01 PM) (Source: Application Error) (User: )
Description: Faulting application STOPzilla_Setup.exe, version 5.0.90.1, time stamp 0x4e808f4b, faulting module STOPzilla_Setup.exe, version 5.0.90.1, time stamp 0x4e808f4b, exception code 0xc0000005, fault offset 0x00018612,
process id 0x1650, application start time 0xSTOPzilla_Setup.exe0.
Error: (11/25/2011 08:45:41 PM) (Source: Application Error) (User: )
Description: Faulting application STOPzilla_Setup.exe, version 5.0.90.1, time stamp 0x4e808f4b, faulting module STOPzilla_Setup.exe, version 5.0.90.1, time stamp 0x4e808f4b, exception code 0xc0000005, fault offset 0x00018612,
process id 0x1824, application start time 0xSTOPzilla_Setup.exe0.
Error: (11/25/2011 08:37:02 PM) (Source: Microsoft-Windows-RestartManager) (User: Deputy Devereaux)Deputy Devereaux
Description: 0C:\Program Files (x86)\CheckPoint\Install\Install.exeCheck Point Install Utility0111772840
Error: (11/25/2011 05:11:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/25/2011 05:02:20 PM) (Source: Application Error) (User: )
Description: Faulting application avast.setup, version 5.0.0.0, time stamp 0x4e668b22, faulting module avast.setup, version 5.0.0.0, time stamp 0x4e668b22, exception code 0xc0000005, fault offset 0x0008ac2c,
process id 0x1418, application start time 0xavast.setup0.
Error: (11/25/2011 03:39:20 PM) (Source: Microsoft Security Client Setup) (User: Deputy Devereaux)Deputy Devereaux
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.
Error: (11/25/2011 09:47:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/24/2011 03:41:06 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DEPUTY DEVEREAUX\APPDATA\LOCAL\VIRTUALSTORE\PROGRAM FILES (X86)\PROSCAN CLIENT\RECORDINGS\11-24-11\154.4450> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
System errors:
=============
Error: (11/26/2011 09:45:25 AM) (Source: Service Control Manager) (User: )
Description: LogMeIn Kernel Information Provider%%2
Error: (11/26/2011 09:45:25 AM) (Source: Service Control Manager) (User: )
Description: LMIGuardianSvc%%2
Error: (11/25/2011 08:54:52 PM) (Source: Service Control Manager) (User: )
Description: Local System Utility
Error: (11/25/2011 08:48:55 PM) (Source: Service Control Manager) (User: )
Description: LogMeIn Kernel Information Provider%%2
Error: (11/25/2011 08:48:55 PM) (Source: Service Control Manager) (User: )
Description: LMIGuardianSvc%%2
Error: (11/25/2011 08:45:34 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service1
Error: (11/25/2011 08:45:34 PM) (Source: Service Control Manager) (User: )
Description: hpqcxs081
Error: (11/25/2011 08:36:04 PM) (Source: Service Control Manager) (User: )
Description: TrueVector Internet Monitor0 (0x0)
Error: (11/25/2011 08:36:01 PM) (Source: Service Control Manager) (User: )
Description: TrueVector Internet Monitor39
Error: (11/25/2011 08:35:58 PM) (Source: Service Control Manager) (User: )
Description: TrueVector Internet Monitor0 (0x0)
Microsoft Office Sessions:
=========================
Error: (01/09/2011 09:07:21 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3803 seconds with 60 seconds of active time. This session ended with a crash.
Error: (01/09/2011 06:36:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28551 seconds with 540 seconds of active time. This session ended with a crash.
=========================== Installed Programs ============================
Update for Microsoft Office 2007 (KB2508958)
18 Wheels of Steel - Across America
2007 Microsoft Office system (Version: 12.0.6425.1000)
3CXPhone (Version: 4.0.19920.0)
6000E609_eDocs (Version: 1.00.0000)
6000E609_Help (Version: 1.00.0000)
6000E609a (Version: 140.0.000.000)
64 Bit HP CIO Components Installer (Version: 6.2.2)
911 - First Responders (Version: 1.03.001)
Adobe AIR (Version: 2.5.1.17730)
Adobe Download Assistant (Version: 1.0.6)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.32)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Reader X (Version: 10.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
AIM 7
Any Video Converter 3.2.3
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Are You Smarter Than A 5th Grader (remove only)
AXIS Media Control Embedded
Bonjour (Version: 3.0.0.10)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
Browser Defender 4.0 (Version: 4.0.0.0)
BufferChm (Version: 140.0.213.000)
Burger Shop 2 (remove only)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Contextual Tool Extrafind
CyberLink DVD Suite Deluxe (Version: 5.5.1126)
DeviceDiscovery (Version: 140.0.213.000)
dj_sf_software_req (Version: 90.0.235.000)
Download Manager 2.3.10 (Version: 2.3.10)
Download Updater (AOL LLC)
Enhanced Multimedia Keyboard Solution
Google Earth (Version: 6.1.0.5001)
Google Gmail Notifier
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2308.2056)
Google Update Helper (Version: 1.3.21.79)
GPBaseService2 (Version: 140.0.212.000)
Hardware Diagnostic Tools (Version: 5.1.4708.19)
Hewlett-Packard Active Check (Version: 1.1.11.0)
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5)
High Detail Map (Version: 1.0.0)
HP Active Support Library (Version: 2.3.0.2)
HP Advisor (Version: 3.1.9152.3107)
HP Customer Experience Enhancements (Version: 5.6.0.2499)
HP Customer Feedback (Version: 1.0.0)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Deskjet & Photosmart Printer Driver Software 8.0.A (Version: 8.0)
HP Deskjet Printer Driver Software 9.0 (Version: 9.0)
HP Easy Setup - Frontend (Version: 5.6.0.2542)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6000 E609 Series (Version: 14.0)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential (Version: 1.12.0.46)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.002.008.001)
HPProductAssistant (Version: 140.0.213.000)
HPSSupply (Version: 140.0.212.000)
HxD Hex Editor version 1.7.7.0 (Version: 1.7.7.0)
Intel® Matrix Storage Manager
iTunes (Version: 10.5.0.142)
iWin Games (remove only)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
LabelPrint (Version: 2.2.2329)
LightScribe System Software 1.10.23.1 (Version: 1.10.23.1)
LightScribeTemplateLabeler (Version: 1.10.23.1)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MarketResearch (Version: 140.0.214.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.6.0)
MotoConnect (Version: 1.1.25)
Motorola Driver Installation 4.6.0 (Version: 4.6.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.1 (Version: 6.10.050)
My HP Games (Version: HPCMPQ1902)
Napster Burn Engine (Version: 3.5.0000)
Network64 (Version: 140.0.215.000)
NVIDIA Drivers
OLYMPUS ib (Version: 1.1.1404)
OutlookTools 2 (Version: 2.3.0)
PC Tools Spyware Doctor with AntiVirus 9.0 (Version: 9.0)
Power2Go (Version: 5.6.3610)
PowerDirector (Version: 6.5.2420)
ProductContext (Version: 140.0.000.000)
ProScan Client 4.4.7
Python 2.5 (Version: 2.5.150)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.33.21.1)
Samsung Universal Print Driver PS (Version: 2.02.05.00:25)
SF_CDA_ProductContext (Version: 82.0.233.000)
SF_CDA_Software (Version: 82.0.233.000)
SF_CDA_ToolboxIni64 (Version: 82.0.233.000)
Shop for HP Supplies (Version: 14.0)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories USBXpress Device (Driver Removal)
SmartWebPrinting (Version: 140.0.213.000)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
SolutionCenter (Version: 140.0.214.000)
StartNow Toolbar (Version: 2.3.0)
Status (Version: 140.0.256.000)
SyncThru Web Admin Service
TeamViewer 6 (Version: 6.0.11117)
The Weather Channel Desktop 6
Toolbox (Version: 140.0.428.000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 140.0.213.000)
TweetDeck (Version: 0.37.5)
UnloadSupport (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC 9.0 Runtime (Version: 1.0.0)
Ventrilo Client (Version: 3.0.7)
Video Watermark Pro
WeatherBug (Version: 7.0.0.7)
WeatherBug Gadget (Version: 1.0.0.6)
WebReg (Version: 140.0.213.017)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (Version: 09/09/2009 1.0.0.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
========================= Memory info: ===================================
Percentage of memory in use: 62%
Total physical RAM: 4094.39 MB
Available physical RAM: 1549.09 MB
Total Pagefile: 8368.07 MB
Available Pagefile: 5673.13 MB
Total Virtual: 4095.88 MB
Available Virtual: 3997.01 MB
========================= Partitions: =====================================
1 Drive c: (HP) (Fixed) (Total:288.36 GB) (Free:187.85 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.73 GB) (Free:1.3 GB) NTFS
========================= Users: ========================================
User accounts for \\DEPUTYDEVERE-PC
Administrator Deputy Devereaux Guest
Results of screen317's Security Check version 0.99.24
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
PC Tools Spyware Doctor with AntiVirus 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 22
Java™ SE Runtime Environment 6 Update 1
Out of date Java installed!
Adobe Flash Player ( 10.3.181.34) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbam.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````
Internet Explorer 8.0.6001.19154
11/26/2011 11:43:24 AM
mbam-log-2011-11-26 (11-42-52).txt
Scan type: Quick scan
Objects scanned: 185160
Time elapsed: 13 minute(s), 20 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (Adware.MyWebSearch) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files (x86)\2pres.dll (Adware.MyWebSearch) -> No action taken.
c:\Users\deputy devereaux\local settings\promo.exe (PUP.Soge) -> No action taken.
c:\Users\deputy devereaux\local settings\application data\promo.exe (PUP.Soge) -> No action taken.
ttp://www.gmer.net
Rootkit scan 2011-11-26 11:59:04
Windows 6.0.6002 Service Pack 2
Running: dy4upq1k[1].exe
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report104fdc12 0 bytes
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report104fdc12\appcompat.txt 736 bytes
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report104fdc12\Report.wer 2078 bytes
File C:\Users\Deputy Devereaux\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1G792LHM\default-albumart[2].gif 0 bytes
File C:\Users\Deputy Devereaux\AppData\Local\Temp\fla4013.tmp 30290531 bytes
File C:\Users\Deputy Devereaux\AppData\Roaming\Microsoft\Windows\Cookies\G0ZNP587.txt 0 bytes
---- EOF - GMER 1.0.15 ----
#5
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 26 November 2011 - 12:30 PM
Your MBAM log says "No action taken".
Re-run it, FIX all issues and post new log.
Re-run it, FIX all issues and post new log.
#6
- Member
-
- Group: Members
- Posts: 20
- Joined: 25-November 11
Posted 26 November 2011 - 01:02 PM
Internet Explorer 8.0.6001.19154
11/26/2011 12:58:56 PM
mbam-log-2011-11-26 (12-58-56).txt
Scan type: Quick scan
Objects scanned: 180733
Time elapsed: 5 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files (x86)\2pres.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\deputy devereaux\local settings\promo.exe (PUP.Soge) -> Quarantined and deleted successfully.
c:\Users\deputy devereaux\local settings\application data\promo.exe (PUP.Soge) -> Quarantined and deleted successfully.
11/26/2011 12:58:56 PM
mbam-log-2011-11-26 (12-58-56).txt
Scan type: Quick scan
Objects scanned: 180733
Time elapsed: 5 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\program files (x86)\2pres.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\deputy devereaux\local settings\promo.exe (PUP.Soge) -> Quarantined and deleted successfully.
c:\Users\deputy devereaux\local settings\application data\promo.exe (PUP.Soge) -> Quarantined and deleted successfully.
#7
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 26 November 2011 - 02:46 PM
I still need GMER log.
#8
- Member
-
- Group: Members
- Posts: 20
- Joined: 25-November 11
Posted 26 November 2011 - 02:48 PM
I thought I sent it. HMM. Its rescanning. I will post when done
#9
- Member
-
- Group: Members
- Posts: 20
- Joined: 25-November 11
Posted 26 November 2011 - 03:13 PM
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-26 11:59:04
Windows 6.0.6002 Service Pack 2
Running: dy4upq1k[1].exe
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report104fdc12 0 bytes
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report104fdc12\appcompat.txt 736 bytes
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report104fdc12\Report.wer 2078 bytes
File C:\Users\Deputy Devereaux\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1G792LHM\default-albumart[2].gif 0 bytes
File C:\Users\Deputy Devereaux\AppData\Local\Temp\fla4013.tmp 30290531 bytes
File C:\Users\Deputy Devereaux\AppData\Roaming\Microsoft\Windows\Cookies\G0ZNP587.txt 0 bytes
---- EOF - GMER 1.0.15 ----
Rootkit scan 2011-11-26 11:59:04
Windows 6.0.6002 Service Pack 2
Running: dy4upq1k[1].exe
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report104fdc12 0 bytes
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report104fdc12\appcompat.txt 736 bytes
File C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report104fdc12\Report.wer 2078 bytes
File C:\Users\Deputy Devereaux\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1G792LHM\default-albumart[2].gif 0 bytes
File C:\Users\Deputy Devereaux\AppData\Local\Temp\fla4013.tmp 30290531 bytes
File C:\Users\Deputy Devereaux\AppData\Roaming\Microsoft\Windows\Cookies\G0ZNP587.txt 0 bytes
---- EOF - GMER 1.0.15 ----
#10
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 26 November 2011 - 03:20 PM
Quote
Also when I do a google search items are underlined and when you move your mouse over it brings up a list of ads
It's called intellitxt.
You need to install adblocker for your browser.
See here: http://ryanblock.com/2007/08/disable-intellitxt-and-keyword-popovers-some-solutions-for-the-end-user/
#11
- Member
-
- Group: Members
- Posts: 20
- Joined: 25-November 11
Posted 26 November 2011 - 03:23 PM
Broni, on 26 November 2011 - 03:20 PM, said:
Quote
Also when I do a google search items are underlined and when you move your mouse over it brings up a list of ads
It's called intellitxt.
You need to install adblocker for your browser.
See here: http://ryanblock.com/2007/08/disable-intellitxt-and-keyword-popovers-some-solutions-for-the-end-user/
sorry really not that tech LOL Can you show me how to put it on my browser. I'm using Internet Exp not firefox
This post has been edited by bdnh85: 26 November 2011 - 03:25 PM
#12
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 26 November 2011 - 03:26 PM
For Internet Explorer install this one: http://simple-adblock.com/
#13
- Member
-
- Group: Members
- Posts: 20
- Joined: 25-November 11
Posted 26 November 2011 - 03:29 PM
Broni, on 26 November 2011 - 03:26 PM, said:
For Internet Explorer install this one: http://simple-adblock.com/
Anything else you need from me?
#14
- The Coolest BC Computer
-
- Group: BC Advisor
- Posts: 22,167
- Joined: 01-February 08
- Gender:Male
- Location:Daly City, CA
Posted 26 November 2011 - 03:32 PM
Install the above, restart Internet Explorer and report back with any current issues.
#15
- Member
-
- Group: Members
- Posts: 20
- Joined: 25-November 11
Posted 26 November 2011 - 03:51 PM
Broni, on 26 November 2011 - 03:32 PM, said:
Install the above, restart Internet Explorer and report back with any current issues.
Do I need to purchase the Malware Anti Virus? I use PC Doctor didnt know what you recommend. And Everything seems ok
This post has been edited by bdnh85: 26 November 2011 - 03:51 PM
