Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirect, random popups


  • This topic is locked This topic is locked
31 replies to this topic

#1 puyow18

puyow18

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:41 PM

Posted 06 November 2010 - 09:23 PM

I'm running Win7 Premium on HP g60 laptop. A few weeks ago I was having internet speed problems, but had resolved them (see my first thread). So in the process I uninstalled Firefox and started using Opera since it was quicker/lighter. The only problem is that Opera doesn't have a NoScript alternative (I tried it's native 'BlockContent' and 'BlockIt . . . wasn't impressed), and I believe I probably encountered some malware while using the Opera browser. Now when I click on links from say, Google, the links redirect me to some random websites selling something. This "redirect" happens about 40% of the time. I have since uninstalled Opera and reinstalled Firefox w/NoScript. So now when I get redirected, at least the pages won't load (thanks to NoScript).

The only other thing I have noticed on the computer is that it takes longer than usual to fully boot up, say from 2 minutes to now around 4-5 minutes.
I have run scans with the TrendMicro online scanner, Microsoft Security Essentials (normal AND SafeMode), and Malwarebytes (normal AND SafeMode) and they have all come up 'clean'.

Please find my DDS and GMER logs below and attached. Thank you in advance for the help.


DDS (Ver_10-11-05.01) - NTFS_AMD64
Run by Natnal at 21:40:13.75 on Sat 11/06/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.1944 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Natnal\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyServer = http=72.254.128.201:80
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
mWinlogon: Userinit=userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - C:\PROGRA~2\FlashFXP\IEFlash.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_Plugin.exe -update plugin
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1267289680590
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);C:\Windows\System32\drivers\tdrpm228.sys [2010-10-8 1462304]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-6-18 173984]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-6-24 292864]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-6-18 40832]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-11-25 215040]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;C:\Windows\System32\drivers\libusb0.sys [2010-5-1 32256]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-18 216064]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2010-3-11 35112]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-26 1255736]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2010-11-2 29288]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2010-11-2 29288]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2010-11-2 29288]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2010-11-2 29288]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2010-11-2 29288]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-11-05 15:33:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2010-11-05 15:33:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2010-11-05 15:33:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2010-11-05 15:33:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2010-11-05 15:33:57 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2010-11-05 15:33:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2010-11-05 15:33:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2010-11-05 15:33:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2010-11-05 15:33:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2010-11-05 15:33:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2010-11-05 14:52:28 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-11-05 14:52:28 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-11-05 14:52:28 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-11-05 14:36:54 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{FE1DA39B-B403-4D40-9FE3-FC5E3021A345}\mpengine.dll
2010-11-04 23:31:18 -------- d-----w- C:\PROGRA~3\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
2010-11-04 20:54:52 -------- d-----w- C:\Users\Natnal\AppData\Roaming\Malwarebytes
2010-11-04 20:54:44 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-04 20:54:42 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-04 20:54:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-04 20:54:42 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-04 00:58:34 -------- d-----w- C:\PROGRA~3\RapidSolution
2010-11-03 22:21:15 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-11-03 19:09:55 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2010-11-02 20:21:17 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys
2010-11-02 20:20:33 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys
2010-11-02 20:19:51 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys
2010-11-02 20:19:18 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys
2010-11-02 20:17:04 153600 ----a-w- C:\Windows\SysWow64\WSContextMenu.dll
2010-11-02 20:16:56 892928 ----a-w- C:\Windows\SysWow64\iconv.dll
2010-11-02 20:16:56 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax
2010-11-02 20:16:56 496640 ----a-w- C:\Windows\SysWow64\xvid.ax
2010-11-02 19:58:49 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys
2010-11-01 19:32:29 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPLHN.DLL
2010-10-30 19:07:59 -------- d-----w- C:\Program Files\Tracker Software
2010-10-28 20:36:25 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-28 20:36:25 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-28 20:36:25 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-28 20:36:25 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-28 20:36:25 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-28 20:36:25 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-28 20:36:05 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-26 09:29:11 -------- d-----w- C:\Users\Natnal\AppData\Local\Conexant
2010-10-23 01:06:05 -------- d-----w- C:\PROGRA~3\MFAData
2010-10-20 21:24:16 -------- d-----w- C:\Users\Natnal\AppData\Roaming\Windows Live Writer
2010-10-20 21:24:16 -------- d-----w- C:\Users\Natnal\AppData\Local\Windows Live Writer
2010-10-20 17:51:09 -------- d-----w- C:\Windows\en
2010-10-20 17:46:27 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-10-20 17:46:27 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-10-20 17:46:27 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-10-20 17:46:27 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-10-20 17:39:17 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b637185f1cb707d2d\InstallManager_WLE_WLE.exe
2010-10-20 17:38:34 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9ca7718e1cb707d22\MeshBetaRemover.exe
2010-10-20 17:37:43 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ec74c3e1cb707d1a\DSETUP.dll
2010-10-20 17:37:43 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ec74c3e1cb707d1a\DXSETUP.exe
2010-10-20 17:37:43 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ec74c3e1cb707d1a\dsetup32.dll
2010-10-20 17:37:38 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ba51c811cb707d19\DXSETUP.exe
2010-10-20 17:37:37 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ba51c811cb707d19\DSETUP.dll
2010-10-20 17:37:37 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7ba51c811cb707d19\dsetup32.dll
2010-10-20 17:35:22 -------- d-----w- C:\Users\Natnal\AppData\Local\Windows Live
2010-10-20 17:34:04 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-20 17:34:03 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-20 17:34:03 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-20 17:34:02 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-20 17:34:02 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-20 17:34:01 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-20 17:34:01 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-13 18:26:32 -------- d-----w- C:\Users\Natnal\AppData\Roaming\DVDFab
2010-10-13 18:19:34 -------- d-----w- C:\DVDFab
2010-10-13 18:08:21 99384 ----a-w- C:\Users\Natnal\AppData\Roaming\inst.exe
2010-10-13 18:08:21 82816 ----a-w- C:\Windows\System32\drivers\pcouffin.sys
2010-10-13 18:08:21 82816 ----a-w- C:\Users\Natnal\AppData\Roaming\pcouffin.sys
2010-10-13 18:08:10 -------- d-----w- C:\Program Files (x86)\DVDFab 8
2010-10-13 15:52:54 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-10-11 18:31:45 -------- d-----w- C:\Program Files (x86)\Audacity
2010-10-11 14:49:53 -------- d---a-w- C:\Users\Natnal\RosettaStone
2010-10-10 23:43:26 -------- d-----w- C:\Program Files (x86)\FlashFXP
2010-10-10 19:35:09 202048 ----a-w- C:\Windows\SysWow64\AVLibrary.dll
2010-10-10 19:24:47 -------- d-----w- C:\PROGRA~3\Arovax
2010-10-10 19:15:09 -------- d-----w- C:\Program Files (x86)\VLC
2010-10-10 17:51:25 -------- d-----w- C:\Users\Natnal\Apps
2010-10-10 17:26:01 -------- d-----w- C:\Program Files (x86)\JDownloader
2010-10-10 03:42:08 69632 ----a-w- C:\Windows\SysWow64\Crypserv.exe
2010-10-10 03:42:08 31846 ----a-w- C:\Windows\SysWow64\Ckldrv.sys
2010-10-09 04:43:59 -------- d-----w- C:\Users\Natnal\Ebay
2010-10-09 03:27:04 -------- d-----w- C:\Users\Natnal\Coastal Chiropractic & Acupuncture
2010-10-09 02:55:58 -------- d-----w- C:\Log
2010-10-09 02:55:37 28664 ----a-w- C:\Windows\System32\Ckldrv.sys
2010-10-09 02:55:37 27648 ----a-r- C:\Windows\Setup_ck.exe
2010-10-09 02:55:37 18432 ----a-w- C:\Windows\Setup_ck.dll
2010-10-09 02:55:37 165888 ----a-w- C:\Windows\Ckconfig.exe
2010-10-09 02:55:37 122880 ----a-w- C:\Windows\System32\Crypserv.exe
2010-10-09 02:55:37 11776 ----a-w- C:\Windows\Ckrfresh.exe
2010-10-09 01:53:21 -------- d-----w- C:\Windows\System32\catroot2
2010-10-08 21:10:01 3119896 ----a-w- C:\Windows\System32\AutoPartNt.exe
2010-10-08 15:00:49 1462304 ----a-w- C:\Windows\System32\drivers\tdrpm228.sys
2010-10-08 15:00:39 880160 ----a-w- C:\Windows\System32\drivers\timntr.sys
2010-10-08 15:00:39 83488 ----a-w- C:\Windows\System32\drivers\tifsfilt.sys
2010-10-08 15:00:32 222240 ----a-w- C:\Windows\System32\drivers\snapman.sys

==================== Find3M ====================

2010-10-27 17:28:46 11320 ----a-w- C:\Windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 04:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 18:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 18:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-15 08:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-03 02:36:25 46112 ----a-w- C:\Windows\System32\drivers\tbhsd.sys
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-25 23:45:04 161304 ----a-w- C:\Windows\System32\igfxtray.exe
2010-08-25 23:45:00 508952 ----a-w- C:\Windows\System32\igfxsrvc.exe
2010-08-25 23:45:00 415256 ----a-w- C:\Windows\System32\igfxpers.exe
2010-08-25 23:44:56 223768 ----a-w- C:\Windows\System32\igfxext.exe
2010-08-25 23:44:54 386584 ----a-w- C:\Windows\System32\hkcmd.exe
2010-08-25 23:44:52 3156504 ----a-w- C:\Windows\System32\GfxUI.exe
2010-08-25 23:44:48 152600 ----a-w- C:\Windows\System32\difx64.exe
2010-08-25 23:40:48 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2202.dll
2010-08-25 23:36:04 10611552 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2010-08-25 23:36:02 6547968 ----a-w- C:\Windows\System32\igdumd64.dll
2010-08-25 23:31:30 4967424 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2010-08-25 23:28:22 571904 ----a-w- C:\Windows\SysWow64\igdumdx32.dll
2010-08-25 23:26:32 4720128 ----a-w- C:\Windows\System32\igd10umd64.dll
2010-08-25 23:23:14 4411904 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2010-08-25 23:17:38 15032832 ----a-w- C:\Windows\System32\ig4icd64.dll
2010-08-25 23:09:34 11040256 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2010-08-25 23:04:48 380416 ----a-w- C:\Windows\System32\igfxTMM.dll
2010-08-25 23:04:48 243200 ----a-w- C:\Windows\System32\igfxpph.dll
2010-08-25 23:04:40 27648 ----a-w- C:\Windows\System32\igfxexps.dll
2010-08-25 23:04:28 61952 ----a-w- C:\Windows\System32\igfxsrvc.dll
2010-08-25 23:04:00 108032 ----a-w- C:\Windows\System32\hccutils.dll
2010-08-25 23:03:50 4096 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2010-08-25 23:03:50 271360 ----a-w- C:\Windows\System32\igfxdev.dll
2010-08-25 23:03:50 119808 ----a-w- C:\Windows\System32\gfxSrvc.dll
2010-08-25 23:03:24 87552 ----a-w- C:\Windows\System32\igfxrenu.lrc
2010-08-25 23:03:18 830464 ----a-w- C:\Windows\System32\igfxress.dll
2010-08-25 23:03:18 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2010-08-25 23:00:00 23552 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2010-08-25 22:59:06 228864 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 21:40:51.26 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:41 AM

Posted 14 November 2010 - 07:09 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 puyow18

puyow18
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:41 PM

Posted 14 November 2010 - 03:51 PM

Hi Elise, thank you for the help. I have ran the OTL quick scan and have pasted the two .txt files below. I downloaded the Rootkit Unhooker and double clicked the .exe file. It ran through an install wizard, which completed successfully. However, when I tried to open and run the program, I get get the following error: "Error loading driver, NTSTATUS code: 0xC000036B"

I tried to run it as an administrator, in compatibility mode for Win XP and Vista, but still got the same "Error Loading Driver" error. Please let me know if there's anything I can do to make this program work so I can post its results.

Thank you again for the help.

OTL logfile created on: 11/14/2010 3:15:45 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Natnal\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.58 Gb Total Space | 90.36 Gb Free Space | 31.97% Space Free | Partition Type: NTFS
Drive D: | 15.25 Gb Total Space | 5.34 Gb Free Space | 35.00% Space Free | Partition Type: NTFS

Computer Name: POLAPTOP | User Name: Natnal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 15:13:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Natnal\Desktop\OTL.exe
PRC - [2010/10/27 01:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/06/22 18:03:18 | 000,960,568 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/06/22 17:57:20 | 000,377,248 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/06/22 17:37:38 | 004,355,464 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/02/28 20:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\SysWOW64\Crypserv.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 15:13:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Natnal\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 20:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 22:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/05/07 18:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/24 12:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/06/22 17:59:10 | 000,828,864 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/02/28 20:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysWow64\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/13 13:08:21 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/10/08 10:00:49 | 001,462,304 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm228.sys -- (tdrpman228) Acronis Try&Decide and Restore Points filter (build 228)
DRV:64bit: - [2010/10/08 10:00:39 | 000,880,160 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/10/08 10:00:39 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010/10/08 10:00:32 | 000,222,240 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/09/02 21:36:25 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/24 09:31:28 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV:64bit: - [2010/05/24 09:31:28 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV:64bit: - [2010/05/24 09:31:28 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV:64bit: - [2010/05/24 09:31:28 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV:64bit: - [2010/03/25 18:52:36 | 000,145,936 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/03/23 13:10:02 | 000,699,960 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/11 04:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2009/12/19 21:27:51 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/22 10:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/10/22 10:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/10/13 15:42:22 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV:64bit: - [2009/10/09 21:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/05 08:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/07 11:53:04 | 000,032,256 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2009/06/24 12:53:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/24 12:53:14 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/24 12:52:52 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/06/24 12:52:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/24 12:52:32 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/18 23:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 01:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/08 15:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/09/23 09:37:40 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV - [2006/01/09 21:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3340699187-643359693-1507460131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-3340699187-643359693-1507460131-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-3340699187-643359693-1507460131-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3340699187-643359693-1507460131-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE - HKU\S-1-5-21-3340699187-643359693-1507460131-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=72.254.128.201:80

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.10.19.1
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: {0471d3b0-a403-11df-981c-0800200c9a66}:0.921
FF - prefs.js..extensions.enabledItems: {8a39fe10-f553-11dd-87af-0800200c9a66}:1.3
FF - prefs.js..extensions.enabledItems: {239c61a8-e55f-11db-8314-0800200c9a66}:2.1.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/05 10:33:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/05 10:33:57 | 000,000,000 | ---D | M]

[2010/11/04 15:41:27 | 000,000,000 | ---D | M] -- C:\Users\Natnal\AppData\Roaming\Mozilla\Extensions
[2010/11/14 10:42:10 | 000,000,000 | ---D | M] -- C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions
[2010/11/04 16:20:36 | 000,000,000 | ---D | M] (SmallringFX DARKBlue) -- C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}
[2010/11/04 15:44:14 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/11/04 16:22:42 | 000,000,000 | ---D | M] (BlackX) -- C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66}
[2010/11/08 12:52:40 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/11/12 14:54:01 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/11/04 16:22:21 | 000,000,000 | ---D | M] (Proto_Dust) -- C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions\{8a39fe10-f553-11dd-87af-0800200c9a66}
[2010/11/04 15:46:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/04 16:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/11/04 15:44:51 | 000,000,000 | ---D | M] -- C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions\foxmarks@kei.com
[2010/11/04 16:20:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions\{0471d3b0-a403-11df-981c-0800200c9a66}\chrome\mozapps\extensions
[2010/11/04 16:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Natnal\AppData\Roaming\Mozilla\Firefox\Profiles\6ebtnuuy.default\extensions\{8a39fe10-f553-11dd-87af-0800200c9a66}\chrome\mozapps\extensions
[2010/11/12 14:54:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/13 11:19:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/22 20:33:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/07 11:46:42 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/08/12 17:00:31 | 000,001,306 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3340699187-643359693-1507460131-1000..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-3340699187-643359693-1507460131-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1267289680590 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a996d913-2859-11df-a4f9-001f16e3ede1}\Shell - "" = AutoRun
O33 - MountPoints2\{a996d913-2859-11df-a4f9-001f16e3ede1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 15:13:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Natnal\Desktop\OTL.exe
[2010/11/12 21:52:34 | 000,000,000 | ---D | C] -- C:\Users\Natnal\Desktop\Looney Tunes
[2010/11/12 18:39:18 | 000,000,000 | ---D | C] -- C:\Users\Natnal\Desktop\Roms
[2010/11/10 13:33:26 | 000,000,000 | ---D | C] -- C:\Desktop
[2010/11/10 13:30:14 | 000,000,000 | ---D | C] -- C:\Natnal
[2010/11/09 16:16:37 | 000,000,000 | ---D | C] -- C:\Users\Natnal\AppData\Local\Apple
[2010/11/07 09:23:51 | 000,000,000 | ---D | C] -- C:\Users\Natnal\AppData\Local\VirtualStore
[2010/11/06 21:35:55 | 000,000,000 | ---D | C] -- C:\Users\Natnal\AppData\Roaming\Adobe
[2010/11/05 10:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/11/04 18:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/11/04 15:54:52 | 000,000,000 | ---D | C] -- C:\Users\Natnal\AppData\Roaming\Malwarebytes
[2010/11/04 15:54:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/04 15:54:42 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/04 15:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/04 15:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/03 19:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2010/11/03 17:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/11/03 17:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/11/03 17:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/11/03 17:06:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/11/03 14:09:55 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2010/11/02 15:21:17 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys
[2010/11/02 15:20:33 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys
[2010/11/02 15:19:51 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys
[2010/11/02 15:19:18 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys
[2010/11/02 15:16:56 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\SysWow64\iconv.dll
[2010/11/02 14:58:49 | 000,029,288 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys
[2010/10/30 14:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2010/10/26 04:29:11 | 000,000,000 | ---D | C] -- C:\Users\Natnal\AppData\Local\Conexant
[2010/10/25 14:09:40 | 000,000,000 | R--D | C] -- C:\Users\Natnal\Documents\Scanned Documents
[2010/10/25 14:09:40 | 000,000,000 | ---D | C] -- C:\Users\Natnal\Documents\Fax
[2010/10/23 09:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/10/22 20:34:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/22 20:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/22 11:42:11 | 000,000,000 | R--D | C] -- C:\Users\Natnal\Searches
[2010/10/21 10:32:10 | 000,000,000 | R--D | C] -- C:\Users\Natnal\Favorites
[2010/10/20 16:24:16 | 000,000,000 | ---D | C] -- C:\Users\Natnal\AppData\Roaming\Windows Live Writer
[2010/10/20 16:24:16 | 000,000,000 | ---D | C] -- C:\Users\Natnal\AppData\Local\Windows Live Writer
[2010/10/20 12:51:09 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/20 12:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/20 12:35:22 | 000,000,000 | ---D | C] -- C:\Users\Natnal\AppData\Local\Windows Live
[2010/10/19 20:44:33 | 000,000,000 | ---D | C] -- C:\Users\Natnal\Desktop\Acupuncture
[2010/10/15 16:02:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/10/13 13:08:21 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Natnal\AppData\Roaming\pcouffin.sys
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 15:14:23 | 000,629,057 | ---- | M] () -- C:\Users\Natnal\Desktop\RkU3.8.388.590.rar
[2010/11/14 15:13:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Natnal\Desktop\OTL.exe
[2010/11/14 14:58:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/14 14:58:40 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/14 14:58:40 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/14 14:50:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 14:50:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 14:42:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/14 14:42:36 | 2361,806,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/12 22:13:25 | 733,498,052 | ---- | M] () -- C:\Users\Natnal\Desktop\Paper Man.avi
[2010/11/12 14:59:28 | 1534,063,876 | ---- | M] () -- C:\Users\Natnal\Desktop\Robin Hood.avi
[2010/11/12 14:41:56 | 007,334,168 | ---- | M] () -- C:\Users\Natnal\Desktop\crax4_setup.rar
[2010/11/11 23:25:40 | 005,534,325 | ---- | M] () -- C:\Users\Natnal\Desktop\EBOOT.OLD
[2010/11/10 21:40:31 | 014,530,086 | ---- | M] () -- C:\Users\Natnal\kompozer-0.7.10-win32.zip
[2010/11/08 14:46:50 | 000,014,336 | ---- | M] () -- C:\Users\Natnal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/03 14:08:36 | 000,000,036 | ---- | M] () -- C:\Users\Natnal\AppData\Local\housecall.guid.cache
[2010/10/30 14:26:55 | 000,023,552 | ---- | M] () -- C:\Users\Natnal\Desktop\EFFORT.doc
[2010/10/27 19:46:09 | 000,001,493 | ---- | M] () -- C:\Users\Natnal\Desktop\Internet Explorer.lnk
[2010/10/23 19:23:56 | 000,099,384 | ---- | M] () -- C:\Users\Natnal\AppData\Roaming\inst.exe
[2010/10/23 19:23:55 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Natnal\AppData\Roaming\pcouffin.sys
[2010/10/23 19:23:55 | 000,007,859 | ---- | M] () -- C:\Users\Natnal\AppData\Roaming\pcouffin.cat
[2010/10/23 19:23:55 | 000,001,167 | ---- | M] () -- C:\Users\Natnal\AppData\Roaming\pcouffin.inf
[2010/10/23 14:50:58 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNatnal.job
[2010/10/21 11:24:46 | 000,031,744 | ---- | M] () -- C:\Users\Natnal\Desktop\BP Resume.doc
[2010/10/21 10:35:59 | 000,001,026 | ---- | M] () -- C:\Users\Natnal\Desktop\Teaching.lnk
[2010/10/19 10:52:59 | 000,014,645 | ---- | M] () -- C:\Users\Natnal\Documents\SavingsBonds.htm
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/14 15:14:19 | 000,629,057 | ---- | C] () -- C:\Users\Natnal\Desktop\RkU3.8.388.590.rar
[2010/11/12 14:41:31 | 007,334,168 | ---- | C] () -- C:\Users\Natnal\Desktop\crax4_setup.rar
[2010/11/11 22:25:36 | 005,534,325 | ---- | C] () -- C:\Users\Natnal\Desktop\EBOOT.OLD
[2010/11/10 13:21:20 | 002,149,376 | ---- | C] () -- C:\Users\Natnal\HoboCopy.pdb
[2010/11/10 13:21:18 | 000,168,960 | ---- | C] () -- C:\Users\Natnal\HoboCopy.exe
[2010/11/10 12:42:11 | 014,530,086 | ---- | C] () -- C:\Users\Natnal\kompozer-0.7.10-win32.zip
[2010/11/03 14:08:36 | 000,000,036 | ---- | C] () -- C:\Users\Natnal\AppData\Local\housecall.guid.cache
[2010/11/02 15:17:04 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WSContextMenu.dll
[2010/11/02 15:16:56 | 000,675,840 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.ax
[2010/11/02 15:16:56 | 000,496,640 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/10/30 11:58:45 | 000,023,552 | ---- | C] () -- C:\Users\Natnal\Desktop\EFFORT.doc
[2010/10/21 11:25:22 | 000,052,736 | ---- | C] () -- C:\Users\Natnal\Desktop\NLP Resume.doc
[2010/10/21 11:25:01 | 000,031,744 | ---- | C] () -- C:\Users\Natnal\Desktop\BP Resume.doc
[2010/10/21 10:35:59 | 000,001,026 | ---- | C] () -- C:\Users\Natnal\Desktop\Teaching.lnk
[2010/10/19 10:52:42 | 000,014,645 | ---- | C] () -- C:\Users\Natnal\Documents\SavingsBonds.htm
[2010/10/13 13:09:24 | 000,000,033 | ---- | C] () -- C:\Users\Natnal\AppData\Roaming\pcouffin.log
[2010/10/13 13:08:21 | 000,099,384 | ---- | C] () -- C:\Users\Natnal\AppData\Roaming\inst.exe
[2010/10/13 13:08:21 | 000,007,859 | ---- | C] () -- C:\Users\Natnal\AppData\Roaming\pcouffin.cat
[2010/10/13 13:08:21 | 000,001,167 | ---- | C] () -- C:\Users\Natnal\AppData\Roaming\pcouffin.inf
[2010/10/10 14:35:09 | 000,202,048 | ---- | C] () -- C:\Windows\SysWow64\AVLibrary.dll
[2010/10/09 22:42:08 | 000,031,846 | ---- | C] () -- C:\Windows\SysWow64\Ckldrv.sys
[2010/10/08 21:55:49 | 000,000,145 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/10/08 21:55:37 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010/09/21 12:57:41 | 000,006,518 | ---- | C] () -- C:\Users\Natnal\AppData\Roaming\PrimoPDFSet.xml
[2010/09/21 12:57:39 | 000,000,310 | ---- | C] () -- C:\Users\Natnal\AppData\Roaming\APUSet.xml
[2010/09/21 12:54:12 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\virport.dll
[2010/07/12 19:13:54 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010/06/26 06:37:35 | 000,000,259 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2010/06/23 08:31:05 | 000,007,605 | ---- | C] () -- C:\Users\Natnal\AppData\Local\Resmon.ResmonCfg
[2010/06/21 15:26:07 | 000,014,336 | ---- | C] () -- C:\Users\Natnal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/07 10:30:19 | 000,000,142 | ---- | C] () -- C:\Users\Natnal\AppData\Roaming\hdl_dump.conf
[2010/04/06 16:50:57 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/28 10:02:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/27 12:40:41 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/12/15 01:42:44 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/12/15 01:42:44 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/12/05 19:59:54 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/11/25 00:05:44 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/11/25 00:05:36 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/11/25 00:05:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/11/25 00:04:56 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/11/25 00:04:32 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/11/25 00:04:07 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/11/24 21:44:48 | 000,000,000 | ---- | C] () -- C:\Users\Natnal\AppData\Local\QSwitch.txt
[2009/11/24 21:44:48 | 000,000,000 | ---- | C] () -- C:\Users\Natnal\AppData\Local\DSwitch.txt
[2009/11/24 21:44:48 | 000,000,000 | ---- | C] () -- C:\Users\Natnal\AppData\Local\AtStart.txt
[2009/11/24 21:44:47 | 000,000,417 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/08/18 21:53:46 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/18 21:49:28 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/18 21:47:34 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/18 21:46:51 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/10/22 20:03:57 | 000,000,000 | ---D | M] -- C:\Users\Natnal\AppData\Roaming\Acronis
[2009/12/19 21:35:55 | 000,000,000 | ---D | M] -- C:\Users\Natnal\AppData\Roaming\DAEMON Tools Lite
[2010/10/13 13:26:32 | 000,000,000 | ---D | M] -- C:\Users\Natnal\AppData\Roaming\DVDFab
[2010/10/08 10:13:23 | 000,000,000 | ---D | M] -- C:\Users\Natnal\AppData\Roaming\Leadertech
[2010/03/28 10:55:47 | 000,000,000 | ---D | M] -- C:\Users\Natnal\AppData\Roaming\Movie Label
[2010/10/23 19:23:56 | 000,000,000 | ---D | M] -- C:\Users\Natnal\AppData\Roaming\Vso
[2010/10/20 16:28:15 | 000,000,000 | ---D | M] -- C:\Users\Natnal\AppData\Roaming\Windows Live Writer
[2010/11/10 11:30:04 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


_______________________OTL Extras logfile created on: 11/14/2010 3:15:45 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Natnal\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.58 Gb Total Space | 90.36 Gb Free Space | 31.97% Space Free | Partition Type: NTFS
Drive D: | 15.25 Gb Total Space | 5.34 Gb Free Space | 35.00% Space Free | Partition Type: NTFS

Computer Name: POLAPTOP | User Name: Natnal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = jsfile] -- Reg Error: Key error. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = jsfile] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3340699187-643359693-1507460131-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 22
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis True Image Home
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3340699187-643359693-1507460131-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:41 AM

Posted 14 November 2010 - 04:15 PM

It is possible your router is hijacked.

Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.[list]
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.

==========

Please run the following command on both the computers and post the logs.

Go to start > Run copy/paste the following line in the run box and click OK.

cmd /c (ipconfig /all&nslookup mbam-cdn.malwarebytes.org&ping -n 2 mbam-cdn.malwarebytes.org&route print) >log.txt&start log.txt

A command window opens. Wait until a log.txt file opens. Please post the content to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 puyow18

puyow18
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:41 PM

Posted 14 November 2010 - 10:15 PM

So if this is the case, that infected router will infect any computer/device (iPod, media extender, t.v., etc) that connects through it? How could I confirm/rule out whether or not the other devices (computers at least) are in fact infected?

My laptop (which i'm assuming is the original culprit) has connected to 2 or 3 different networks in this time period. What are the possiblities that all 3 routers/networks are now infected by the zlob? Two out of the three networks have unique network id's and passwords, with one being original (factory) user/password. One network is mine, one my brother's, and the final (default user/paswd) is my parents.

You mentioned for me to run the "cmd /c (ipconfig /all&nslookup. . ." command on both computers and post the logs. Is that assuming more than one computer is infected? So in my case would it be logs for all 4 or 5 computers on each of the 3 networks? (I have two apple laptops on my home network).

Sorry for the list of questions. I just want to be sure what I need to do on which computers/networks before I do anything. I'm sure father dearest won't be happy to learn that his network might be compromised by his son.

Thank you for the prompt response by the way. You guys are great.

I'll await your response before posting anymore (just in case it alters your previous instructions).



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:41 AM

Posted 15 November 2010 - 05:03 AM

Sorry "both the computers" is a typo, I should have removed it.

It is not your computer that is infected most likely, but your router. A reset as explained, will fix that for any computer that is connected to it.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 puyow18

puyow18
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:41 PM

Posted 15 November 2010 - 11:53 AM

Okay Elise, I reset the router and set a unique network id and password. The part where you mentioned the ipv4 and ipv6 settings were for a LAN connection, but i connect wirelessly. So i went ahead and set both LAN and wireless connections to "obtain . . . . automatically". The reason the LAN settings were not set to auto is because I had them set up to ftp to my xbox (in case that was the reason you wanted me to switch it).

I ran the command line prompt and the log follows.

Before we get to that I would like to point out that the redirect happened on two different networks, my home and my parents', but not on any other computers on those networks. Also, my computer's symptoms have changed somewhat for some reason. I don't think I get the redirect when clicking on search engine links, but what does happen is that it will take me to the link i click on (says so in the address bar), but the whole page will be blank (this is in firefox). The only way I can get the page is if I click on my IE tab (an addon from firefox) to switch the engine from firefox to IE. But then, if i were to press the ieTab button again (switching BACK from IE to firefox), the page works now (in firefox). Pretty weird. Oh, and but I still get the random pop ups (got one while typing this message). I wonder if uninstalling Firefox would help at all, since things seem to run better in IE8? Not sure on that, and I wouldn't do it without you first approving (of course).


Windows IP Configuration

Host Name . . . . . . . . . . . . : POlaptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 0A-60-76-09-82-92
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 0C-60-76-09-82-92
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::55c4:6dd:a8b:cb58%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.75(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, November 15, 2010 11:41:57 AM
Lease Expires . . . . . . . . . . : Tuesday, November 16, 2010 11:41:57 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 369909878
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-9E-6C-BA-0C-60-76-09-82-92
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-90-8E-19-15-95
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c71:36ac:3f57:feb4(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c71:36ac:3f57:feb4%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: homeportal
Address: 192.168.1.254

Name: mwbyte.vo.llnwd.net
Addresses: 68.142.101.7
68.142.101.254
Aliases: mbam-cdn.malwarebytes.org


Pinging mwbyte.vo.llnwd.net [68.142.101.254] with 32 bytes of data:
Reply from 68.142.101.254: bytes=32 time=66ms TTL=50
Reply from 68.142.101.254: bytes=32 time=57ms TTL=50

Ping statistics for 68.142.101.254:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 57ms, Maximum = 66ms, Average = 61ms
===========================================================================
Interface List
16...0a 60 76 09 82 92 ......Microsoft Virtual WiFi Miniport Adapter
15...0c 60 76 09 82 92 ......Atheros AR9285 802.11b/g/n WiFi Adapter
11...00 90 8e 19 15 95 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.75 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.75 281
192.168.1.75 255.255.255.255 On-link 192.168.1.75 281
192.168.1.255 255.255.255.255 On-link 192.168.1.75 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.75 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.75 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:4137:9e76:1c71:36ac:3f57:feb4/128
On-link
15 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::1c71:36ac:3f57:feb4/128
On-link
15 281 fe80::55c4:6dd:a8b:cb58/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Edited by puyow18, 15 November 2010 - 11:54 AM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:41 AM

Posted 15 November 2010 - 12:22 PM

Does this problem only occur in Firefox, or also in IE? If only in Firefox, try to start it with the safe mode option (available using the Start menu). This will start FF without Add ons. If running it that way fixes the issue, it means that one of the add-ons is causing this.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 puyow18

puyow18
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:41 PM

Posted 15 November 2010 - 12:48 PM

Using Firefox in safe mode seemed to have resolved the blank page issue, but the redirect from clicking on search engine links still occurs. At one point, the browser window minimized and I got the following message:

Posted Image

Uploaded with ImageShack.us

I figured it was adware, so I just went into the task manager and ended the firefox process, which made the window go away.

I tried IE8 also. Seems that I get redirected less on IE8 vs Firefox, but still happens. No blank pages though.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:41 AM

Posted 15 November 2010 - 01:40 PM

Hi again,

MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 puyow18

puyow18
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:41 PM

Posted 15 November 2010 - 05:29 PM

The Malwarebytes scan is below. I seem to still have the problems though. Thanks for all the help so far.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5121

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/15/2010 5:01:51 PM
mbam-log-2010-11-15 (17-01-51).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 297563
Time elapsed: 1 hour(s), 3 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$Recycle.Bin\S-1-5-21-3340699187-643359693-1507460131-1000\$RMGK6PC.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.




#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:41 AM

Posted 16 November 2010 - 04:29 AM

Hi, for the FF issue, try to disable each add on, one at a time, until you find out which one causes the problem. Then you can uninstall that one.

OTL FIX
------------
We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :commands
    [emptytemp]
    [resethosts]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 puyow18

puyow18
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:41 PM

Posted 16 November 2010 - 11:36 AM

The FF problem still occurs with ALL add-ons disabled, so I'm not sure if it's one of those causing the problem. Can a plug-in be the culprit (e.g. silverlight, quicktime, etc)?

Here's the OTL report (browser problems continued after fix and reboot):

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Natnal
->Temp folder emptied: 884825210 bytes
->Temporary Internet Files folder emptied: 106661358 bytes
->Java cache emptied: 2777485 bytes
->FireFox cache emptied: 68846378 bytes
->Flash cache emptied: 30183 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1017856 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64086260 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 22811 bytes

Total Files Cleaned = 1,076.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 11162010_090011

Files\Folders moved on Reboot...
C:\Users\Natnal\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...




#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:41 AM

Posted 16 November 2010 - 12:02 PM

Please run this:

Please right click on your Internet Connection icon in the System Tray and select Status. In the Status window click the Options button.

Look under "this connection uses the following items" and highlight Internet Protocol (TCP/IP). Click Properties.

On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.
On the Alternate Configuration tab, make sure "Automatic private IP address" is ticked.

Click OK to exit the Properties and OK to exit the other windows as well.

Now, click Start > Run and type cmd in the runbox.

A command window will open. Type ipconfig /flushdns and press enter.


Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:
@echo off
(ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print) >>Log1.txt
start notepad Log1.txt
del %0
Go to the File menu at the top of the Notepad and select Save as.
Select save in: desktop
Fill in File name: test.bat
Save as type: All file types (*.*)
Click save.
Close the Notepad.
Locate and double-click tast.bat on the desktop.
A notepad opens, copy and paste the content it (log1.txt) to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 puyow18

puyow18
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:41 PM

Posted 16 November 2010 - 12:25 PM

Windows IP Configuration

Host Name . . . . . . . . . . . . : POlaptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 0A-60-76-09-82-92
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 0C-60-76-09-82-92
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::55c4:6dd:a8b:cb58%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.75(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, November 16, 2010 9:04:04 AM
Lease Expires . . . . . . . . . . : Wednesday, November 17, 2010 11:08:15 AM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 369909878
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-9E-6C-BA-0C-60-76-09-82-92
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-90-8E-19-15-95
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1caa:3d01:3f57:feb4(Preferred)
Link-local IPv6 Address . . . . . : fe80::1caa:3d01:3f57:feb4%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{949DB9F5-4DAD-4193-96D5-1C59F0375AEC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C24361A3-A9B2-4F51-A70C-B9F83850CDF4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.45.103
74.125.45.105
74.125.45.147
74.125.45.104
74.125.45.99
74.125.45.106

Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65


Pinging google.com [74.125.45.106] with 32 bytes of data:
Reply from 74.125.45.106: bytes=32 time=61ms TTL=43
Reply from 74.125.45.106: bytes=32 time=60ms TTL=47

Ping statistics for 74.125.45.106:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 60ms, Maximum = 61ms, Average = 60ms

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=65ms TTL=44
Reply from 67.195.160.76: bytes=32 time=64ms TTL=44

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 65ms, Average = 64ms
===========================================================================
Interface List
16...0a 60 76 09 82 92 ......Microsoft Virtual WiFi Miniport Adapter
15...0c 60 76 09 82 92 ......Atheros AR9285 802.11b/g/n WiFi Adapter
11...00 90 8e 19 15 95 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
31...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
32...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.75 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.75 281
192.168.1.75 255.255.255.255 On-link 192.168.1.75 281
192.168.1.255 255.255.255.255 On-link 192.168.1.75 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.75 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.75 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:4137:9e76:1caa:3d01:3f57:feb4/128
On-link
15 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::1caa:3d01:3f57:feb4/128
On-link
15 281 fe80::55c4:6dd:a8b:cb58/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users