Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 antispyware can't boot


  • This topic is locked This topic is locked
101 replies to this topic

#1 5pr46u3

5pr46u3

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 20 December 2011 - 09:47 AM

Ususaully can fix virus problems by reading your site, but no I seem to be up the creek without a paddle.

Ran rkill. Ran mbam removed some stuff. Ran fixNCR. Ran tdssskillthngy, nothing found. Everything seemed to be fine but I couldn't launch firefox without runing as admin. So I ran SNET (not sure if I spelled that right) and it found and quarintined 10 out of 11 threats. It looked like the one it did not quarantine was in active memory. Anyways, after all this my computer randomly started playing these audio commercials... Like a radio... I couldnt find the source so I restarted. Now I can't reboot... The windows startup tool thing couldn't fix it automatically, but mentioned a driver I think. Then hp recovery tool gave me a few options, one was a diag test.... Which said one of my hard drives was failing the test, I am assuming it is my C: but I am not sure, I have a second drive s well.

I went to system restore, and the only restore point was from last night after all the virus removal was done, but before the radio ads virus started.... All other points were missing. Trying to restore failed.

I never ran combo fix... So it is not that.

I was not logged in as an admin when the virus struck... Not sure if that matters at this point.

Booting into safe mode does not work, it also crashes and restarts. My computer is now sitting at the advanced booting options screen and I have no clue what to do. I have not found my win 7 disk yet... I am almost positive that I have it somewhere though.... Might be in my parents attic.... Grrrr.


Any help would be fantastic... I hope my pc's future is not as bleak as it seems.

best,
5pr46us

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:53 AM

Posted 21 December 2011 - 05:06 AM

Hello 5pr46us,

Welcome to Bleeping Computer. I'll assist you with the issue.

FYI: I move this topic to malware removal forum.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 5pr46u3

5pr46u3
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 December 2011 - 11:49 AM

Farbar,

First of all, I am stoked to find your reply this morning... I have been pulling my hair out over this problem for the last two days.

I wanted to add a few things while I get that program.

Not sure if you care about any of this stuff, but too much info isn't a bad thing :)

There are a couple notable errors that the different diagnostic tests gave me. The start up repair gave me a problem signature 07 bad driver. Yesterday I ran a repair from a windows 7 installation disk and it gave me the same error. There was also a diagnostic test in my HP recovery program that I get brought to after Start Up Repair fails, that gives me a BIOHD-8 fail ID code and tells me that my disk drive failed. I cannot access my BIOS, I just get a message that says WAIT... After trying the installation disk I ran an Avira Rescue CD which did a bunch of stuff and made some logs, not sure if you care to see those. That is currently where my infected machine sits now, with the AVIRA software open.

Let me know if you still want me to run that Farbar Recovery or do something else.

best,
5pr46u3

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:53 AM

Posted 21 December 2011 - 11:55 AM

Let me sum it up: I can't do much without the FRST log.

Edited by farbar, 21 December 2011 - 01:22 PM.
typo


#5 5pr46u3

5pr46u3
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 December 2011 - 11:59 AM

ok, on it!

5pr46u3

#6 5pr46u3

5pr46u3
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 December 2011 - 12:17 PM

Can I use a CF card for this? I just tried it and everything seemed to work fine but when I inserted the CF card into this uninfected machine it said I needed to format the card before use?

5pr46u3

#7 5pr46u3

5pr46u3
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 December 2011 - 12:20 PM

oh... nvm... I unplugged it and plugged it back in (a tried and tested method of fixing things in my house!) haha, anyways here it is.

5pr46u3

Attached Files

  • Attached File  FRST.txt   38.22KB   25 downloads


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:53 AM

Posted 21 December 2011 - 12:31 PM

Well done.

Please copy and paste the logs unless it is requested otherwise. Thanks.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
SubSystems: [Windows] ==> ZeroAccess
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Please restart and let it boot normally and tell me how it went.

#9 5pr46u3

5pr46u3
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 December 2011 - 12:52 PM

Dude... I could kiss you, you are an effing genius!

Ok, so I am now typing from my infected machine. It took longer than normal to start up but other than that everything seemed normal.

Then my StartupMonitor popped up a warning that Akamai NetSession Interface was trying to run netsession_win.exe from my local appdata... not sure if this is normal or whatnot, I have not allowed it yet. Also HP Update Client is trying to run. But everything else seems fine... also my firefox opened via my normal user account which it wasn't doing before.

Ok here is the log:

Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.3.0)
Ran by SYSTEM at 2011-12-21 12:41:07 R:1
Running from J:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

==== End of Fixlog ====

5pr46u3

#10 5pr46u3

5pr46u3
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 December 2011 - 01:07 PM

Java Auto Updater just tried to run.

5pr46u3

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:53 AM

Posted 21 December 2011 - 01:26 PM

Great. :thumbup2:

We will take care of any error at startup later on.

In case Java Auto Updater tried to run you may let it do its job. We clean Java cache later on.

Please download Malwarebytes' Anti-Malware from one of these locations:
malwarebytes.org
majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#12 5pr46u3

5pr46u3
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 December 2011 - 02:03 PM

Downloaded fine and ran. Asked to restart so I did. At restart something called "Solution Center" is trying to install, I haven't let it yet.

Here is the log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122105

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/21/2011 1:43:06 PM
mbam-log-2011-12-21 (13-43-06).txt

Scan type: Quick scan
Objects scanned: 218316
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\daniel\AppData\Local\Temp\wzw.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.


5pr46u3

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:53 AM

Posted 21 December 2011 - 03:20 PM

You may let the HP solution center to run.

  • Run Command Prompt as administrator:
    • Click on Start button.
    • Type Cmd in the Start Search text box.
    • Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator.
    • Type the following in the command window and press Enter: netsh winsock reset
    • Restart.
    Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#14 5pr46u3

5pr46u3
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 December 2011 - 06:06 PM

Boom:

OTL logfile created on: 12/21/2011 5:57:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\daniel\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 79.02% Memory free
15.98 Gb Paging File | 14.29 Gb Available in Paging File | 89.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.60 Gb Total Space | 123.30 Gb Free Space | 17.93% Space Free | Partition Type: NTFS
Drive D: | 10.93 Gb Total Space | 1.60 Gb Free Space | 14.60% Space Free | Partition Type: NTFS
Drive G: | 1.91 Gb Total Space | 1.65 Gb Free Space | 86.38% Space Free | Partition Type: FAT
Drive S: | 931.51 Gb Total Space | 537.39 Gb Free Space | 57.69% Space Free | Partition Type: NTFS

Computer Name: IAMAMAC | User Name: daniel aaron sprague | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 17:55:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\daniel\Desktop\OTL.exe
PRC - [2011/10/19 05:25:17 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 11:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/07/08 02:16:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/08/24 21:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/06/04 22:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 12:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2000/05/20 16:23:48 | 000,086,016 | ---- | M] () -- C:\Windows\StartupMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/08 02:16:28 | 001,850,328 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2000/05/20 16:23:48 | 000,086,016 | ---- | M] () -- C:\Windows\StartupMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/12/14 14:39:15 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/08/19 04:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/10/14 20:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/19 04:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2011/08/19 04:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/27 08:11:38 | 000,271,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/04/03 12:06:46 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/07/18 08:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/12 13:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/19 16:48:42 | 000,702,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/02/21 22:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FilmScan.sys -- (OV550I)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4073837501-4013972503-1933356838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-4073837501-4013972503-1933356838-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-4073837501-4013972503-1933356838-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4073837501-4013972503-1933356838-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4073837501-4013972503-1933356838-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4073837501-4013972503-1933356838-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

IE - HKU\S-1-5-21-4073837501-4013972503-1933356838-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-4073837501-4013972503-1933356838-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4073837501-4013972503-1933356838-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/11/09 14:00:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/26 07:54:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/02 19:53:32 | 000,000,000 | ---D | M]

[2010/02/09 11:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daniel aaron sprague\AppData\Roaming\mozilla\Extensions
[2011/12/19 18:13:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daniel aaron sprague\AppData\Roaming\mozilla\Firefox\Profiles\h6ukylmz.default\extensions
[2011/12/19 18:13:42 | 000,000,000 | ---D | M] (ZoneAlarm Community Toolbar) -- C:\Users\daniel aaron sprague\AppData\Roaming\mozilla\Firefox\Profiles\h6ukylmz.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2011/08/11 07:43:02 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\daniel aaron sprague\AppData\Roaming\mozilla\Firefox\Profiles\h6ukylmz.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/06/30 08:05:49 | 000,000,903 | ---- | M] () -- C:\Users\daniel aaron sprague\AppData\Roaming\Mozilla\Firefox\Profiles\h6ukylmz.default\searchplugins\conduit.xml
[2011/09/27 12:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/26 09:10:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/01 18:19:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/23 18:11:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/09/27 12:48:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/07/08 02:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/27 12:48:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.180.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U18 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4073837501-4013972503-1933356838-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-4073837501-4013972503-1933356838-1001\..\Toolbar\WebBrowser: (no name) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - No CLSID value found.
O3 - HKU\S-1-5-21-4073837501-4013972503-1933356838-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Run StartupMonitor] C:\Windows\StartupMonitor.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4073837501-4013972503-1933356838-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-4073837501-4013972503-1933356838-1001..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth File not found
O4 - HKU\S-1-5-21-4073837501-4013972503-1933356838-1001..\Run: [Facebook Update] C:\Users\daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4073837501-4013972503-1933356838-1001..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN File not found
O4 - HKU\S-1-5-21-4073837501-4013972503-1933356838-1001..\Run: [qcJRllLRFlik.exe] C:\ProgramData\qcJRllLRFlik.exe File not found
O4 - HKU\S-1-5-21-4073837501-4013972503-1933356838-1001..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4073837501-4013972503-1933356838-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\daniel aaron sprague\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4073837501-4013972503-1933356838-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B5BB700-0292-4AD5-B53C-D157D9937DAF}: DhcpNameServer = 68.87.71.230 68.87.73.246
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8962EF1-318B-4746-9500-31D44E8EAD32}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/21 15:10:41 | 000,000,000 | ---D | C] -- C:\FRST
[2011/12/19 16:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/19 15:43:18 | 001,577,264 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\daniel aaron sprague\Desktop\TDSSKiller.exe
[2011/12/19 14:02:17 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/14 02:22:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/14 02:21:53 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/14 02:21:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/14 02:21:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/14 02:21:51 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/14 02:21:51 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/14 02:21:51 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/14 02:21:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/14 02:21:51 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/14 02:21:50 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/14 02:21:50 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/14 02:21:50 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/14 02:21:50 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/14 02:21:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/14 02:21:50 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/14 02:21:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/14 02:21:45 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/14 02:21:45 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/08 12:29:06 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/26 09:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/21 18:01:13 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/21 18:01:13 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/21 18:01:13 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/21 17:56:57 | 000,001,243 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/12/21 17:54:33 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/21 17:54:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/21 17:54:12 | 2140,528,639 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/21 17:30:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/21 17:17:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4073837501-4013972503-1933356838-1001UA.job
[2011/12/21 15:38:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4073837501-4013972503-1933356838-1001UA.job
[2011/12/21 14:17:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4073837501-4013972503-1933356838-1001Core.job
[2011/12/21 13:53:57 | 000,015,984 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 13:53:57 | 000,015,984 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 13:37:54 | 000,001,099 | ---- | M] () -- C:\Users\daniel aaron sprague\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/21 13:37:54 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/21 12:43:27 | 004,882,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/19 21:38:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4073837501-4013972503-1933356838-1001Core.job
[2011/12/19 15:05:42 | 000,294,400 | ---- | M] () -- C:\Users\daniel aaron sprague\Desktop\boobs.com
[2011/12/19 15:02:01 | 000,294,400 | ---- | M] () -- C:\Users\daniel aaron sprague\Desktop\exeHelper.com
[2011/12/19 14:02:18 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/13 10:41:02 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\daniel aaron sprague\Desktop\TDSSKiller.exe
[2011/12/06 18:23:56 | 000,007,610 | ---- | M] () -- C:\Users\daniel aaron sprague\AppData\Local\Resmon.ResmonCfg
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/21 17:56:57 | 000,001,243 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/12/21 13:37:54 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/19 15:05:42 | 000,294,400 | ---- | C] () -- C:\Users\daniel aaron sprague\Desktop\boobs.com
[2011/12/19 15:01:55 | 000,294,400 | ---- | C] () -- C:\Users\daniel aaron sprague\Desktop\exeHelper.com
[2011/12/05 06:30:08 | 000,007,610 | ---- | C] () -- C:\Users\daniel aaron sprague\AppData\Local\Resmon.ResmonCfg
[2011/08/19 04:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 04:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 04:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/05/12 19:52:31 | 000,170,373 | ---- | C] () -- C:\Windows\Blinkbid Uninstaller.exe
[2011/05/12 07:55:22 | 000,012,194 | ---- | C] () -- C:\Windows\hpwscr20.dat
[2011/05/12 07:54:11 | 000,177,999 | ---- | C] () -- C:\Windows\hpwins20.dat
[2011/05/12 07:54:11 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2011/05/11 18:15:14 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\JpgLib.dll
[2011/05/11 18:15:13 | 000,098,304 | ---- | C] () -- C:\Windows\FilmScan.exe
[2011/03/14 12:52:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\rgbacodec.dll
[2011/01/26 14:09:32 | 000,695,578 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2011/01/26 14:09:32 | 000,001,083 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2010/12/20 00:53:24 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/12/18 10:19:01 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/10 21:42:40 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe
[2009/08/03 03:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/08/03 03:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/08/03 03:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/08/03 03:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/10/03 16:12:53 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\SDL.dll
[2000/05/20 16:23:48 | 000,086,016 | ---- | C] () -- C:\Windows\StartupMonitor.exe

< End of report >

sorry this took so long, last minute Christmas shopping!

5pr46u3

Attached Files



#15 5pr46u3

5pr46u3
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 December 2011 - 08:16 PM

seriously. can I buy you a beer? or a thousand beers!?

5pr46u3




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users