Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

click.get-answers-fast.com redirect


  • This topic is locked This topic is locked
36 replies to this topic

#1 Tony Nein_

Tony Nein_

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 31 July 2012 - 08:45 PM

Hello, hopefully you guys can help me with my malware issue. Have been dealing with the click.get-answers-fast.com redirect for the past week to no avail. Currently run Windows Firewall, Avast Antivirus, Malware Bytes, Spybot SND. Have tried scans with Avast, Malware and Spybot in normal mode, and two full computer scans with Malware bytes in safe mode. Nothing has been detected as of yet, but am still getting redirects via Google chrome. I ran through your recommended guide, as well as tried to follow along with one of your posted logs. Still no luck. Any help is appreciated!

Thanks in advance, Tony.



DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.3.1
Run by Nein_ at 21:32:32 on 2012-07-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8189.4400 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Nein_\Programs\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Nein_\Programs\Hamachi\hamachi-2.exe
C:\Nein_\Games\Tribes\HiPatchService.exe
C:\Nein_\Programs\Hamachi\hamachi-2-ui.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Nein_\Programs\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Nein_\Local Settings\Apps\F.lux\flux.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Nein_\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Nein_\Programs\Puush\puush.exe
C:\Nein_\Programs\Rainmeter\Rainmeter.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Nein_\Programs\Avast\AvastUI.exe
C:\Nein_\Programs\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Nein_\Programs\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Nein_\Programs\Vent\Ventrilo.exe
C:\Nein_\Programs\Pandora\Pandora\Pandora.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Nein_\Games\Steam\Steam.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Nein_\Games\Steam\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
C:\Nein_\Games\Steam\steamapps\common\Dungeon Defenders\Binaries\Win32\DunDefGame.exe
C:\Nein_\Games\Steam\GameOverlayUI.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Nein_\Programs\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Nein_\Programs\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Nein_\Games\Steam\steam.exe" -silent
uRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
uRun: [Dxtory Update Checker 2.0] C:\Nein_\Programs\Dxtory2.0\UpdateChecker.exe
uRun: [F.lux] "C:\Users\Nein_\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [MusicManager] "C:\Users\Nein_\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [SteelSeries Engine] C:\Nein_\Programs\SteelSeries Engine\SteelSeriesEngine.exe
uRun: [puush] C:\Nein_\Programs\Puush\puush.exe
uRun: [SpybotSD TeaTimer] C:\Nein_\Programs\Spybot - Search & Destroy\TeaTimer.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [avast] "C:\Nein_\Programs\Avast\avastUI.exe" /nogui
mRun: [VirtualCloneDrive] "C:\Nein_\Programs\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Nein_\Programs\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Nein_\Programs\Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Nein_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Nein_\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Nein_\Programs\Rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with Mipony - file://C:\Nein_\Programs\MIP\MiPony\Browser\IEContext.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C6A9C32F-FC55-4A95-A44D-5C7FE00B65FB} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CC0B80D0-81CF-41D6-9502-F5FF5834E5DF} : DhcpNameServer = 7.254.254.254
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Nein_\Programs\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Nein_\Programs\Avast\aswWebRepIE.dll
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [avast] "C:\Nein_\Programs\Avast\avastUI.exe" /nogui
mRun-x64: [VirtualCloneDrive] "C:\Nein_\Programs\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Nein_\Programs\iTunes\iTunesHelper.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Nein_\Programs\Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Nein_\Programs\Avast\AvastSvc.exe [2011-10-15 44768]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Nein_\Programs\Hamachi\hamachi-2.exe -s --> C:\Nein_\Programs\Hamachi\hamachi-2.exe -s [?]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Nein_\Games\Tribes\HiPatchService.exe [2011-11-15 8704]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944]
R2 SBSDWSCService;SBSD Security Center Service;C:\Nein_\Programs\Spybot - Search & Destroy\SDWinSec.exe [2012-7-30 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 busenum;SteelBusSvc;C:\Windows\system32\DRIVERS\SteelBus64.sys --> C:\Windows\system32\DRIVERS\SteelBus64.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\system32\DRIVERS\SAlpham64.sys --> C:\Windows\system32\DRIVERS\SAlpham64.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-15 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-4-2 131912]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TunngleService;TunngleService;C:\Nein_\Programs\Tunngle\TnglCtrl.exe [2012-1-18 751464]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-31 21:42:59 -------- d-----w- C:\$RECYCLE.BIN
2012-07-31 21:35:18 98816 ----a-w- C:\Windows\sed.exe
2012-07-31 21:35:18 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-31 21:35:18 256000 ----a-w- C:\Windows\PEV.exe
2012-07-31 21:35:18 208896 ----a-w- C:\Windows\MBR.exe
2012-07-31 21:35:16 -------- d-----w- C:\ComboFix
2012-07-31 00:17:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-24 03:31:33 -------- d-----w- C:\Windows\SysWow64\xlive
2012-07-24 03:31:29 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-07-24 03:25:28 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2012-07-24 03:25:28 -------- d-----w- C:\Users\Nein_\AppData\Roaming\MotioninJoy
2012-07-24 03:25:27 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
2012-07-24 03:25:27 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-07-24 03:25:27 117520 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2012-07-19 02:31:30 -------- d-----w- C:\Users\Nein_\AppData\Local\The Witcher 2
2012-07-17 16:25:36 -------- d-----w- C:\Users\Nein_\AppData\Local\SniperV2
2012-07-17 03:08:29 -------- d-----w- C:\Users\Nein_\AppData\Local\The Wonderful End of the World
2012-07-15 17:35:03 -------- d-----w- C:\Users\Nein_\AppData\Local\PAYDAY
2012-07-15 17:32:52 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-07-12 17:28:23 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-07-12 17:28:23 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-07-12 17:28:21 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-07-09 23:59:41 -------- d-----w- C:\Users\Nein_\AppData\Roaming\Malwarebytes
2012-07-09 23:59:37 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-09 23:59:36 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-09 23:59:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-02 17:16:53 -------- d-----w- C:\Program Files (x86)\SIX Projects
.
==================== Find3M ====================
.
2012-07-15 19:15:23 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
.
============= FINISH: 21:33:23.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 05 August 2012 - 08:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463332 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Tony Nein_

Tony Nein_
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 06 August 2012 - 06:27 PM

Hello, hopefully you guys can help me with my malware issue. Have been dealing with the click.get-answers-fast.com redirect for the past week to no avail. Currently run Windows Firewall, Avast Antivirus, Malware Bytes, Spybot SND. Have tried scans with Avast, Malware and Spybot in normal mode, and two full computer scans with Malware bytes in safe mode. Nothing has been detected as of yet, but am still getting redirects via Google chrome. I ran through your recommended guide, as well as tried to follow along with one of your posted logs. Still no luck. Any help is appreciated!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.3.1
Run by Nein_ at 19:25:09 on 2012-08-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8189.5579 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Nein_\Programs\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Nein_\Programs\Hamachi\hamachi-2.exe
C:\Nein_\Games\Tribes\HiPatchService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Nein_\Programs\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Users\Nein_\Local Settings\Apps\F.lux\flux.exe
C:\Users\Nein_\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Nein_\Programs\SteelSeries Engine\SteelSeriesEngine.exe
C:\Nein_\Programs\Puush\puush.exe
C:\Nein_\Programs\Spybot - Search & Destroy\TeaTimer.exe
C:\Nein_\Programs\Rainmeter\Rainmeter.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Nein_\Programs\Avast\AvastUI.exe
C:\Nein_\Programs\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Nein_\Programs\iTunes\iTunesHelper.exe
C:\Nein_\Programs\Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Nein_\Programs\Vent\Ventrilo.exe
C:\Users\Nein_\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Users\Nein_\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Nein_\Games\Steam\Steam.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Nein_\Programs\Pandora\Pandora\Pandora.exe
C:\Windows\system32\mspaint.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Nein_\Programs\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Nein_\Programs\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Nein_\Games\Steam\steam.exe" -silent
uRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
uRun: [Dxtory Update Checker 2.0] C:\Nein_\Programs\Dxtory2.0\UpdateChecker.exe
uRun: [F.lux] "C:\Users\Nein_\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [MusicManager] "C:\Users\Nein_\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [SteelSeries Engine] C:\Nein_\Programs\SteelSeries Engine\SteelSeriesEngine.exe
uRun: [puush] C:\Nein_\Programs\Puush\puush.exe
uRun: [SpybotSD TeaTimer] C:\Nein_\Programs\Spybot - Search & Destroy\TeaTimer.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [avast] "C:\Nein_\Programs\Avast\avastUI.exe" /nogui
mRun: [VirtualCloneDrive] "C:\Nein_\Programs\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Nein_\Programs\iTunes\iTunesHelper.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Nein_\Programs\Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Nein_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Nein_\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Nein_\Programs\Rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with Mipony - file://C:\Nein_\Programs\MIP\MiPony\Browser\IEContext.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C6A9C32F-FC55-4A95-A44D-5C7FE00B65FB} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CC0B80D0-81CF-41D6-9502-F5FF5834E5DF} : DhcpNameServer = 7.254.254.254
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Nein_\Programs\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Nein_\Programs\Avast\aswWebRepIE.dll
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [avast] "C:\Nein_\Programs\Avast\avastUI.exe" /nogui
mRun-x64: [VirtualCloneDrive] "C:\Nein_\Programs\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Nein_\Programs\iTunes\iTunesHelper.exe"
mRun-x64: [LogMeIn Hamachi Ui] "C:\Nein_\Programs\Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Nein_\Programs\Avast\AvastSvc.exe [2011-10-15 44768]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Nein_\Programs\Hamachi\hamachi-2.exe -s --> C:\Nein_\Programs\Hamachi\hamachi-2.exe -s [?]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Nein_\Games\Tribes\HiPatchService.exe [2011-11-15 8704]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944]
R2 SBSDWSCService;SBSD Security Center Service;C:\Nein_\Programs\Spybot - Search & Destroy\SDWinSec.exe [2012-7-30 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 busenum;SteelBusSvc;C:\Windows\system32\DRIVERS\SteelBus64.sys --> C:\Windows\system32\DRIVERS\SteelBus64.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 SAlphamHid;SteelHIDSvc;C:\Windows\system32\DRIVERS\SAlpham64.sys --> C:\Windows\system32\DRIVERS\SAlpham64.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-15 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-4-2 131912]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TunngleService;TunngleService;C:\Nein_\Programs\Tunngle\TnglCtrl.exe [2012-1-18 751464]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-06 06:40:48 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2202B86C-4F3C-4FE1-8F4A-DF954BA1C650}\offreg.dll
2012-07-31 21:42:59 -------- d-----w- C:\$RECYCLE.BIN
2012-07-31 21:35:18 98816 ----a-w- C:\Windows\sed.exe
2012-07-31 21:35:18 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-31 21:35:18 256000 ----a-w- C:\Windows\PEV.exe
2012-07-31 21:35:18 208896 ----a-w- C:\Windows\MBR.exe
2012-07-31 21:35:16 -------- d-----w- C:\ComboFix
2012-07-31 00:17:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-24 03:31:33 -------- d-----w- C:\Windows\SysWow64\xlive
2012-07-24 03:31:29 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-07-24 03:25:28 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2012-07-24 03:25:28 -------- d-----w- C:\Users\Nein_\AppData\Roaming\MotioninJoy
2012-07-24 03:25:27 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
2012-07-24 03:25:27 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-07-24 03:25:27 117520 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2012-07-19 02:31:30 -------- d-----w- C:\Users\Nein_\AppData\Local\The Witcher 2
2012-07-17 16:25:36 -------- d-----w- C:\Users\Nein_\AppData\Local\SniperV2
2012-07-17 03:08:29 -------- d-----w- C:\Users\Nein_\AppData\Local\The Wonderful End of the World
2012-07-15 17:35:03 -------- d-----w- C:\Users\Nein_\AppData\Local\PAYDAY
2012-07-15 17:32:52 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-07-12 17:28:23 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-07-12 17:28:23 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-07-12 17:28:21 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-07-09 23:59:41 -------- d-----w- C:\Users\Nein_\AppData\Roaming\Malwarebytes
2012-07-09 23:59:37 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-09 23:59:36 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-09 23:59:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2012-07-15 19:15:23 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
.
============= FINISH: 19:25:57.64 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/15/2011 8:52:00 PM
System Uptime: 8/5/2012 4:26:24 PM (27 hours ago)
.
Motherboard: Dell Inc. | | 0YU822
Processor: Intel® Core™2 Duo CPU E6850 @ 3.00GHz | Microprocessor | 3000/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 105.738 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 132.646 GiB free.
E: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Galaxy
Device ID: USB\VID_04E8&PID_6860&MI_01\6&1F7ECEF1&0&0001
Manufacturer:
Name: Galaxy
PNP Device ID: USB\VID_04E8&PID_6860&MI_01\6&1F7ECEF1&0&0001
Service:
.
==== System Restore Points ===================
.
RP98: 7/31/2012 1:58:08 AM - Scheduled Checkpoint
RP99: 7/31/2012 5:59:39 PM - Removed Java™ 6 Update 29
RP100: 7/31/2012 6:03:39 PM - Removed Java™ 6 Update 29 (64-bit)
.
==== Installed Programs ======================
.
Ace of Spades
Adobe AIR
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 10 Plugin
Amazon Kindle
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
avast! Free Antivirus
BattlEye for OA Uninstall
BattlEye Uninstall
BitLord 2.0
Counter-Strike: Source
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Crusader Kings II
Curse Client
Day of Defeat
Day of Defeat: Source
Desura
Desura: Project Reality: Battlefield 2
Diablo II
Diablo III
Divine Wind version 5.1
DivX Setup
Dota 2
Dungeon Defenders
Dxtory 2.0.108
Europa Universalis III
F.lux
GameSpy Comrade
Gemini Rue
Google Chrome
Google Talk Plugin
Half-Life 2
Hi-Rez Studios Authenticate and Update Service
INsanes HUD and GUI 9
Java Auto Updater
Java™ 7 Update 3
JavaFX 2.0.3
League of Legends
LogMeIn Hamachi
Magicka
Malwarebytes Anti-Malware version 1.62.0.1300
Max Payne 3
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MiPony 1.5.2
Music Manager
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Orcs Must Die!
Origin
osu!
Pando Media Booster
Pandora
PAYDAY: The Heist
PlugY, The Survival Kit
Portal 2
PunkBuster Services
puush
Rainmeter
Real Alternative 2.0.2
Rockstar Games Social Club
Saints Row The Third
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
ShiftWindow 1.02
Six Updater
Smite Closed Beta
Sniper Elite
Sniper Elite V2
Source Filmmaker
Source SDK
Source SDK Base 2007
Spybot - Search & Destroy
StarCraft II
Steam
SteelSeries Xai Laser Mouse
SumatraPDF
Super Street Fighter IV: Arcade Edition
System Requirements Lab CYRI
Team Fortress 2
Terraria
The Walking Dead
The Witcher 2: Assassins of Kings Enhanced Edition
The Wonderful End of the World
thriXXX 3DKink-126.002
Tribes Ascend Closed Beta
Tunngle beta
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VirtualCloneDrive
WinRAR 4.11 (32-bit)
XSplit
Yawcam 0.3.7
.
==== Event Viewer Messages From Past Week ========
.
8/5/2012 9:07:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
8/5/2012 9:07:49 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/31/2012 5:42:49 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
7/31/2012 5:41:04 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/31/2012 5:39:57 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/31/2012 5:35:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
7/31/2012 5:33:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/31/2012 4:21:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
7/31/2012 4:14:07 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/31/2012 4:13:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/31/2012 4:13:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/31/2012 4:13:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache ElbyCDIO spldr Wanarpv6
7/31/2012 4:13:07 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================

**I am running 64-bit Windows 7, thus I am not attaching a GMER log.

Thanks in advance, Tony.

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:49 AM

Posted 06 August 2012 - 07:04 PM

Hi Tony Nein,

:welcome: to BleepingComputer.
We sincerely apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

It looks like you have run Combofix. If it exists, please post the Combofix log, located at C;\Combofix.txt into your reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:49 AM

Posted 10 August 2012 - 09:28 AM

Tony,

It has been four days since my last post. Do you still need help?

If you do, please follow my previous instructions. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#6 Tony Nein_

Tony Nein_
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 11 August 2012 - 09:35 PM

Thanks for the response Jntkwx.

I do indeed still have the problem, I have been out of town for the past few days. Apologies for my delay in getting back to you. I've been trying to self troubleshoot for about two weeks now, and haven't had much luck in resolving this particularly nasty bug. This is my combofix log from a couple of weeks ago, I can run an updated one if needed. Thanks again for the help! ~Tony


ComboFix 12-07-30.03 - Nein_ 07/31/2012 17:36:06.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8189.6666 [GMT -4:00]
Running from: c:\nein_\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nein_\AppData\Roaming\Love
c:\users\Nein_\AppData\Roaming\Love\mari0\options.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 21:43 . 2012-07-31 21:43 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-07-31 21:43 . 2012-07-31 21:43 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-07-31 21:43 . 2012-07-31 21:43 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-07-31 21:43 . 2012-07-31 21:43 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-07-31 21:43 . 2012-07-31 21:43 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-07-31 21:43 . 2012-07-31 21:43 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-07-31 21:40 . 2012-07-31 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 21:40 . 2012-07-31 21:40 -------- d-----w- c:\users\Clay\AppData\Local\temp
2012-07-31 00:17 . 2012-07-31 00:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-24 03:31 . 2012-07-24 03:31 -------- d-----w- c:\windows\SysWow64\xlive
2012-07-24 03:31 . 2012-07-24 03:31 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-07-24 03:25 . 2012-07-24 03:25 -------- d-----w- c:\users\Nein_\AppData\Roaming\MotioninJoy
2012-07-24 03:25 . 2010-05-03 20:12 328712 ----a-w- c:\windows\system32\MijFrc.dll
2012-07-24 03:25 . 2011-08-30 04:54 117520 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-07-24 03:25 . 2010-08-19 23:24 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2012-07-24 03:25 . 2010-08-19 23:24 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-19 02:31 . 2012-07-19 02:31 -------- d-----w- c:\users\Nein_\AppData\Local\The Witcher 2
2012-07-17 16:25 . 2012-07-17 16:26 -------- d-----w- c:\users\Nein_\AppData\Local\SniperV2
2012-07-17 03:08 . 2012-07-17 03:08 -------- d-----w- c:\users\Nein_\AppData\Local\The Wonderful End of the World
2012-07-15 17:35 . 2012-07-15 17:35 -------- d-----w- c:\users\Nein_\AppData\Local\PAYDAY
2012-07-15 17:32 . 2012-07-15 17:32 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-07-12 17:28 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-07-12 17:28 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-07-12 17:28 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-07-09 23:59 . 2012-07-09 23:59 -------- d-----w- c:\users\Nein_\AppData\Roaming\Malwarebytes
2012-07-09 23:59 . 2012-07-09 23:59 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 23:59 . 2012-07-18 22:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-09 23:59 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:16 . 2012-07-02 17:16 -------- d-----w- c:\program files (x86)\SIX Projects
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 03:33 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-07-24 03:33 . 2009-08-18 15:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-15 19:15 . 2011-12-22 05:42 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 04:06 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 04:06 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 04:06 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 04:06 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 04:06 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 04:06 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 04:06 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 04:05 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 04:05 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\nein_\Games\Steam\steam.exe" [2011-10-16 1242448]
"CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"Dxtory Update Checker 2.0"="c:\nein_\Programs\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
"F.lux"="c:\users\Nein_\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"MusicManager"="c:\users\Nein_\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
"SteelSeries Engine"="c:\nein_\Programs\SteelSeries Engine\SteelSeriesEngine.exe" [2012-04-05 231424]
"puush"="c:\nein_\Programs\Puush\puush.exe" [2012-04-16 565480]
"SpybotSD TeaTimer"="c:\nein_\Programs\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"avast"="c:\nein_\Programs\Avast\avastUI.exe" [2011-09-06 3722416]
"VirtualCloneDrive"="c:\nein_\Programs\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\nein_\Programs\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"LogMeIn Hamachi Ui"="c:\nein_\Programs\Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Nein_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-12-14 0]
Rainmeter.lnk - c:\nein_\Programs\Rainmeter\Rainmeter.exe [2012-3-4 98504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-16 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-04-03 131912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;c:\nein_\Programs\Tunngle\TnglCtrl.exe [2011-12-13 751464]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-16 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\nein_\Programs\Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\nein_\Games\Tribes\HiPatchService.exe [2012-07-12 8704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SBSDWSCService;SBSD Security Center Service;c:\nein_\Programs\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 busenum;SteelBusSvc;c:\windows\system32\DRIVERS\SteelBus64.sys [2011-09-16 106496]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-30 117520]
S3 SAlphamHid;SteelHIDSvc;c:\windows\system32\DRIVERS\SAlpham64.sys [2011-09-16 34944]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3147556220-2770450483-2963924412-1001Core.job
- c:\users\Nein_\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 00:55]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3147556220-2770450483-2963924412-1001UA.job
- c:\users\Nein_\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 00:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\nein_\Programs\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with Mipony - file://c:\nein_\Programs\MIP\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BattlEye for A2 - c:\nein_\games\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc (1).exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3147556220-2770450483-2963924412-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8631E706-86CD-BDD3-8C28-3DD3FB890A21}*]
"hafdajpneppahnek"=hex:63,62,61,68,67,68,62,63,66,66,65,65,6e,6a,65,69,63,66,
66,68,63,66,6c,6d,62,6d,70,63,69,62,61,63,66,67,6a,6c,6d,6d,00,00
"ialdgggcaboedcdpon"=hex:63,62,61,68,67,68,62,63,66,66,64,65,69,6a,68,6a,6c,62,
66,69,70,6f,6e,6f,68,6d,6c,62,6b,65,69,62,68,6c,6d,6b,61,6d,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\nein_\Programs\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\windows\SysWOW64\CTXFISPI.EXE
c:\users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\Nein_\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2012-07-31 17:46:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 21:46
.
Pre-Run: 114,819,796,992 bytes free
Post-Run: 114,609,680,384 bytes free
.
- - End Of File - - 7C11E96D2DDD43E51890DADD7B1DBB2A

Edited by Tony Nein_, 11 August 2012 - 09:39 PM.


#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:49 AM

Posted 13 August 2012 - 11:18 AM

Tony,

Can you give me an idea of what kinds of self-troubleshooting steps you've recently tried to do yourself? (I don't want to give you instructions for something you've already tried, and that hasn't worked.)

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 Tony Nein_

Tony Nein_
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 13 August 2012 - 10:19 PM

I've run Spybot SND, Malwarebytes Anti-malware, and Avast Antivirus all three times, once in safemode each and twice normally.

After browsing through some of the threads on this forum, I ran defogger to disable my Daemon Tools, then I ran rkill, rkill64 bit, dds, tdss, and combofix. Still persistent. I've also tried to use the Trend Micro antivirus in the hopes that it would catch something remotely.


OTL logfile created on: 8/13/2012 11:05:44 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Nein_\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.43 Gb Available Physical Memory | 67.95% Memory free
15.99 Gb Paging File | 12.69 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 79.08 Gb Free Space | 16.98% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 132.72 Gb Free Space | 89.07% Space Free | Partition Type: NTFS

Computer Name: NEIN_-PC | User Name: Nein_ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/13 23:05:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Nein_\Downloads\OTL.exe
PRC - [2012/08/05 16:41:31 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Nein_\Games\Steam\Steam.exe
PRC - [2012/08/05 16:40:35 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/07/12 01:03:15 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Users\Nein_\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Nein_\Programs\Hamachi\hamachi-2-ui.exe
PRC - [2012/06/01 19:17:16 | 013,806,592 | ---- | M] (Google Inc.) -- C:\Users\Nein_\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/16 19:36:26 | 000,565,480 | ---- | M] () -- C:\Nein_\Programs\Puush\puush.exe
PRC - [2012/03/25 17:28:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Nein_\Programs\Avast\AvastUI.exe
PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Nein_\Programs\Avast\AvastSvc.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/07 09:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- C:\Nein_\Programs\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe
PRC - [2010/05/05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010/05/05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Nein_\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Nein_\Programs\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Nein_\Programs\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2006/11/17 17:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/09 18:36:27 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/08/07 02:43:40 | 000,442,392 | ---- | M] () -- C:\Users\Nein_\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppgooglenaclpluginchrome.dll
MOD - [2012/08/07 02:43:39 | 012,235,800 | ---- | M] () -- C:\Users\Nein_\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
MOD - [2012/08/07 02:43:37 | 003,997,720 | ---- | M] () -- C:\Users\Nein_\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
MOD - [2012/08/07 02:42:21 | 000,526,872 | ---- | M] () -- C:\Users\Nein_\AppData\Local\Google\Chrome\Application\21.0.1180.75\libglesv2.dll
MOD - [2012/08/07 02:42:20 | 000,104,984 | ---- | M] () -- C:\Users\Nein_\AppData\Local\Google\Chrome\Application\21.0.1180.75\libegl.dll
MOD - [2012/08/07 02:42:09 | 000,144,424 | ---- | M] () -- C:\Users\Nein_\AppData\Local\Google\Chrome\Application\21.0.1180.75\avutil-51.dll
MOD - [2012/08/07 02:42:08 | 000,266,792 | ---- | M] () -- C:\Users\Nein_\AppData\Local\Google\Chrome\Application\21.0.1180.75\avformat-54.dll
MOD - [2012/08/07 02:42:07 | 002,480,680 | ---- | M] () -- C:\Users\Nein_\AppData\Local\Google\Chrome\Application\21.0.1180.75\avcodec-54.dll
MOD - [2012/08/05 16:40:35 | 020,316,496 | ---- | M] () -- C:\Nein_\Games\Steam\bin\libcef.dll
MOD - [2012/08/05 16:40:35 | 001,099,576 | ---- | M] () -- C:\Nein_\Games\Steam\bin\avcodec-53.dll
MOD - [2012/08/05 16:40:35 | 000,900,944 | ---- | M] () -- C:\Nein_\Games\Steam\bin\chromehtml.dll
MOD - [2012/08/05 16:40:35 | 000,190,776 | ---- | M] () -- C:\Nein_\Games\Steam\bin\avformat-53.dll
MOD - [2012/08/05 16:40:35 | 000,123,192 | ---- | M] () -- C:\Nein_\Games\Steam\bin\avutil-51.dll
MOD - [2012/06/01 19:06:02 | 000,344,064 | ---- | M] () -- C:\Users\Nein_\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/06/01 19:05:48 | 000,346,624 | ---- | M] () -- C:\Users\Nein_\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/06/01 19:04:48 | 000,198,656 | ---- | M] () -- C:\Users\Nein_\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/06/01 19:04:46 | 000,364,032 | ---- | M] () -- C:\Users\Nein_\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2012/05/03 09:20:19 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/05/03 09:20:13 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/05/01 18:38:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/05/01 18:37:46 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/05/01 18:37:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/05/01 18:37:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/05/01 01:47:35 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/04/16 19:36:26 | 000,565,480 | ---- | M] () -- C:\Nein_\Programs\Puush\puush.exe
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/05/05 19:56:46 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIRES.DLL
MOD - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Nein_\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/05 16:40:35 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/12 15:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Nein_\Games\Tribes\HiPatchService.exe -- (HiPatchService)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Nein_\Programs\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/02 21:33:38 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/03/25 17:28:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/12/12 22:35:08 | 000,751,464 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Nein_\Programs\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/10/15 21:16:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Nein_\Programs\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 15:00:32 | 000,106,496 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2011/09/16 15:00:28 | 000,034,944 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2011/09/06 16:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/09/06 16:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/09/06 16:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/09/06 16:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/09/06 16:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/09/06 16:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/08/30 00:54:28 | 000,117,520 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/05/05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010/05/05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/05/05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/05/05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/05/05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/05/05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/05/05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010/05/05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010/05/05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010/05/05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 F5 7C 11 56 6F CD 01 [binary data]
IE - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Nein_\Programs\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Nein_\Programs\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Nein_\Programs\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Nein_\Programs\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/SumatraPDF_Browser_Plugin: C:\Nein_\Programs\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Nein_\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Nein_\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nein_\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nein_\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/13 19:32:00 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Nein_\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nein_\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nein_\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nein_\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Users\Nein_\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Users\Nein_\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Nein_\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Nein_\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: SumatraPDF Browser Plugin (Enabled) = C:\Nein_\Programs\SumatraPDF\npPdfViewer.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Nein_\Programs\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Nein_\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Better Music for Google Play Music = C:\Users\Nein_\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdollfdihekkbcgmbpjddfdaeigacmia\1.5.8_0\
CHR - Extension: YouTube = C:\Users\Nein_\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Nein_\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Nein_\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DayZ Sniper = C:\Users\Nein_\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkikekneknohobjfjcfpaabpccfljlpm\1.0_0\
CHR - Extension: avast! WebRep = C:\Users\Nein_\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Nein_\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Nein_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Hover Zoom = C:\Users\Nein_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.5_0\
CHR - Extension: Gmail = C:\Users\Nein_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/31 17:42:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Nein_\Programs\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Nein_\Programs\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Nein_\Programs\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Nein_\Programs\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Nein_\Programs\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Nein_\Programs\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Nein_\Programs\Virtual Clone Drive\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001..\Run: [Dxtory Update Checker 2.0] C:\Nein_\Programs\Dxtory2.0\UpdateChecker.exe (Dxtory Software)
O4 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001..\Run: [F.lux] C:\Users\Nein_\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001..\Run: [MusicManager] C:\Users\Nein_\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001..\Run: [puush] C:\Nein_\Programs\Puush\puush.exe ()
O4 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001..\Run: [SpybotSD TeaTimer] C:\Nein_\Programs\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001..\Run: [Steam] C:\Nein_\Games\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001..\Run: [SteelSeries Engine] C:\Nein_\Programs\SteelSeries Engine\SteelSeriesEngine.exe ()
O4 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Nein_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Nein_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Nein_\Programs\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3147556220-2770450483-2963924412-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Download with Mipony - C:\Nein_\Programs\MIP\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: Download with Mipony - C:\Nein_\Programs\MIP\MiPony\Browser\IEContext.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6A9C32F-FC55-4A95-A44D-5C7FE00B65FB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC0B80D0-81CF-41D6-9502-F5FF5834E5DF}: DhcpNameServer = 7.254.254.254
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 01:09:32 | 000,000,000 | ---D | C] -- C:\Users\Nein_\AppData\Roaming\Mozilla
[2012/08/12 00:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/08/12 00:40:06 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012/08/12 00:39:01 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/08/12 00:39:01 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/08/12 00:39:01 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/08/12 00:39:01 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/08/12 00:39:01 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/08/12 00:39:01 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/08/12 00:39:01 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/08/12 00:39:01 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/08/12 00:39:01 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/08/12 00:39:01 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/08/12 00:39:01 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/08/12 00:39:01 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/08/12 00:29:16 | 000,000,000 | ---D | C] -- C:\Users\Nein_\AppData\Local\Funcom
[2012/08/09 18:36:27 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/05 20:55:59 | 000,000,000 | ---D | C] -- C:\Users\Nein_\Desktop\asdf
[2012/07/31 22:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/07/31 22:37:26 | 000,000,000 | ---D | C] -- C:\Users\Nein_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/07/31 21:32:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Nein_\Desktop\dds.scr
[2012/07/31 17:51:20 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nein_\Desktop\tdsskiller.exe
[2012/07/31 17:42:59 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/31 17:40:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/31 17:35:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/31 17:35:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/31 17:35:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/31 17:35:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/31 17:33:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/31 17:33:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/31 16:13:55 | 000,000,000 | ---D | C] -- C:\Users\Nein_\Desktop\rkill-backup
[2012/07/30 20:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/30 20:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/23 23:42:01 | 000,000,000 | ---D | C] -- C:\Users\Nein_\Documents\Games for Windows - LIVE Demos
[2012/07/23 23:39:05 | 000,000,000 | ---D | C] -- C:\Users\Nein_\Documents\CAPCOM
[2012/07/23 23:31:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2012/07/23 23:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/07/23 23:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2012/07/23 23:25:28 | 000,328,712 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\MijFrc.dll
[2012/07/23 23:25:28 | 000,000,000 | ---D | C] -- C:\Users\Nein_\AppData\Roaming\MotioninJoy
[2012/07/23 23:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2012/07/23 23:25:27 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2012/07/23 23:25:27 | 000,117,520 | ---- | C] (MotioninJoy) -- C:\Windows\SysNative\drivers\MijXfilt.sys
[2012/07/23 23:25:27 | 000,074,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys
[2012/07/18 22:31:30 | 000,000,000 | ---D | C] -- C:\Users\Nein_\Documents\Witcher 2
[2012/07/18 22:31:30 | 000,000,000 | ---D | C] -- C:\Users\Nein_\AppData\Local\The Witcher 2
[2012/07/17 12:25:36 | 000,000,000 | ---D | C] -- C:\Users\Nein_\AppData\Local\SniperV2
[2012/07/16 23:08:29 | 000,000,000 | ---D | C] -- C:\Users\Nein_\AppData\Local\The Wonderful End of the World
[2012/07/15 13:35:03 | 000,000,000 | ---D | C] -- C:\Users\Nein_\AppData\Local\PAYDAY
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/13 23:08:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147556220-2770450483-2963924412-1001UA.job
[2012/08/13 19:10:26 | 000,002,453 | ---- | M] () -- C:\Users\Nein_\Desktop\Google Chrome.lnk
[2012/08/13 01:08:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3147556220-2770450483-2963924412-1001Core.job
[2012/08/12 00:43:50 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/12 00:43:50 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/12 00:43:50 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/11 21:20:05 | 000,002,288 | ---- | M] () -- C:\Users\Nein_\.budgetrc
[2012/08/11 20:08:22 | 000,020,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/11 20:08:22 | 000,020,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/11 20:00:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/11 20:00:38 | 2145,398,783 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/10 08:51:54 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/08/10 08:51:54 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/08/10 08:51:54 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000002-00000000-00000004-00001102-00000005-10031102}.rfx
[2012/08/09 18:36:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/09 18:36:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/31 23:01:27 | 000,000,663 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/07/31 21:32:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Nein_\Desktop\dds.scr
[2012/07/31 19:58:20 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk
[2012/07/31 19:58:20 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk
[2012/07/31 17:51:23 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nein_\Desktop\tdsskiller.exe
[2012/07/31 17:42:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/31 16:39:34 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/31 16:07:04 | 000,000,000 | ---- | M] () -- C:\Users\Nein_\defogger_reenable
[2012/07/31 16:02:04 | 250,981,224 | ---- | M] () -- C:\Users\Nein_\Desktop\Backup.reg
[2012/07/30 20:17:56 | 000,001,118 | ---- | M] () -- C:\Users\Nein_\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/30 20:17:56 | 000,001,094 | ---- | M] () -- C:\Users\Nein_\Desktop\Spybot - Search & Destroy.lnk
[2012/07/23 23:27:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012/07/23 23:27:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2012/07/19 12:07:59 | 000,772,646 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/18 13:05:54 | 000,002,404 | ---- | M] () -- C:\Users\Nein_\Desktop\Second Character.reg
[2012/07/18 13:01:22 | 000,655,632 | ---- | M] () -- C:\Users\Nein_\Desktop\deletethis.jpg
[2012/07/18 12:57:46 | 000,002,404 | ---- | M] () -- C:\Users\Nein_\Desktop\First Character.reg
[2012/07/16 15:39:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/15 14:59:17 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\Smite Closed Beta.lnk
[2012/07/15 14:59:17 | 000,001,577 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/07/15 14:56:09 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/07/15 11:50:31 | 000,000,218 | ---- | M] () -- C:\Users\Nein_\.recently-used.xbel
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/31 22:54:10 | 000,000,663 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/07/31 17:35:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/31 17:35:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/31 17:35:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/31 17:35:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/31 17:35:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/31 16:39:34 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/31 16:07:04 | 000,000,000 | ---- | C] () -- C:\Users\Nein_\defogger_reenable
[2012/07/31 16:01:48 | 250,981,224 | ---- | C] () -- C:\Users\Nein_\Desktop\Backup.reg
[2012/07/30 20:17:56 | 000,001,118 | ---- | C] () -- C:\Users\Nein_\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/30 20:17:56 | 000,001,094 | ---- | C] () -- C:\Users\Nein_\Desktop\Spybot - Search & Destroy.lnk
[2012/07/23 23:31:19 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/07/23 23:27:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2012/07/23 23:27:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_MijXfilt_01009.Wdf
[2012/07/18 13:05:54 | 000,002,404 | ---- | C] () -- C:\Users\Nein_\Desktop\Second Character.reg
[2012/07/18 13:01:22 | 000,655,632 | ---- | C] () -- C:\Users\Nein_\Desktop\deletethis.jpg
[2012/07/18 12:57:46 | 000,002,404 | ---- | C] () -- C:\Users\Nein_\Desktop\First Character.reg
[2012/07/15 14:59:17 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\Smite Closed Beta.lnk
[2012/07/15 14:56:09 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\Tribes Ascend.lnk
[2012/07/15 14:55:22 | 000,001,577 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012/07/15 11:50:31 | 000,000,218 | ---- | C] () -- C:\Users\Nein_\.recently-used.xbel
[2012/07/12 23:17:10 | 000,772,646 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/03/25 17:28:35 | 000,234,536 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/25 17:28:33 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc (1).exe
[2012/03/25 17:28:33 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/03/13 11:49:06 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/02/07 00:09:12 | 000,020,810 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012/01/08 16:59:29 | 000,000,600 | ---- | C] () -- C:\Users\Nein_\AppData\Local\PUTTY.RND
[2011/10/23 16:42:41 | 000,107,520 | ---- | C] () -- C:\Users\Nein_\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/15 21:59:03 | 000,007,608 | ---- | C] () -- C:\Users\Nein_\AppData\Local\Resmon.ResmonCfg
[2011/10/15 21:50:21 | 000,002,288 | ---- | C] () -- C:\Users\Nein_\.budgetrc
[2011/10/15 21:15:20 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/10/15 21:15:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/10/15 21:02:40 | 000,000,259 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

< End of report >

OTL Extras logfile created on: 8/13/2012 11:05:44 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Nein_\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.43 Gb Available Physical Memory | 67.95% Memory free
15.99 Gb Paging File | 12.69 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 79.08 Gb Free Space | 16.98% Space Free | Partition Type: NTFS
Drive D: | 149.01 Gb Total Space | 132.72 Gb Free Space | 89.07% Space Free | Partition Type: NTFS

Computer Name: NEIN_-PC | User Name: Nein_ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02243DF2-A77B-40EE-8B91-2EF74ED91B5E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{024B3879-6065-4E36-9EF1-F7A291993027}" = lport=10243 | protocol=6 | dir=in | app=system |
"{04602945-E1F5-40B7-B30C-63AF6C17B0E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1BFAE123-CEE5-42D2-9428-1B9C1DA26FFC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{23E8C8F5-F714-41F1-9D87-E794C5592371}" = rport=137 | protocol=17 | dir=out | app=system |
"{2A75718A-4521-4CFD-9D5C-F41ECFBB6D7C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3672D42E-19D1-4BEC-8E43-6AD952D87812}" = lport=138 | protocol=17 | dir=in | app=system |
"{4EE51E61-708E-44F3-A66A-F290BF5C1D02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{60E62E5C-1AB2-4A85-BB6A-DDCEDE8BCE0A}" = rport=445 | protocol=6 | dir=out | app=system |
"{6FFB5FB4-044A-47C0-8005-3D405D1EC82C}" = rport=138 | protocol=17 | dir=out | app=system |
"{875503E5-5F93-4666-B5D6-8D39244CF4BA}" = lport=445 | protocol=6 | dir=in | app=system |
"{9D29D5FB-14E3-480F-B799-9A37FE025C69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E557A9A-802B-4A1B-8977-3BCC9FE99D0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E7104A5-22C8-47A3-B1B8-7F8808841581}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4A05C88-0053-483E-93FA-8F780F470C0E}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC161233-5E53-461A-8B48-BE26EF76D7DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C11BEB4F-AFC7-4016-A70A-9542DFB23E01}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2BD2F60-6B53-4835-A844-2EA332E560F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D38C6B74-B362-4701-85A6-FC4EB7915937}" = lport=139 | protocol=6 | dir=in | app=system |
"{D6D13C57-9E85-4C07-8055-58720221EECC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E51D60C7-F6CC-4B46-8DC6-13B856E9E2DC}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00281D05-831E-4C33-977C-5F8E71B24A29}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\bobbert009\day of defeat source\hl2.exe |
"{00598526-EE93-42DD-8059-84FE0EA16B3F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{0088A84C-0BDA-4956-A505-2C66C1A54DBA}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{04373678-15B8-41D6-9CCD-0DE5930C90E0}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{09EA8E6D-BD13-4960-957E-EA233EEF45A5}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\arma 2\arma2.exe |
"{09EAD23E-44D5-4CDF-AC3B-963C60414825}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\bobbert009\day of defeat source\hl2.exe |
"{0B703FB0-B2C3-4355-AE3C-2603FAE44551}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{1A9F2220-81E8-4476-B6DA-68DF2D9D3D0E}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{1C588777-81F8-4DCB-BFB0-FE28DDEECC9F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{1CC823EB-2A3C-4FBC-A4EC-6BBCDA0D69A8}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{1CE7C93C-CFD3-45CE-A671-45873F47A134}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{24A98591-BC17-424D-90ED-91F4E66D3B40}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{25BA8A4E-F7EB-44BF-B946-EF15F24EC735}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{25DD2455-A425-4C9A-BC93-E6B306AD8EB2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{26DE81A7-7FCB-4E8B-BF48-C640F7327BA3}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\dota 2 beta\dota.exe |
"{29064ECC-3569-4B03-87A0-377ED5E82E33}" = protocol=17 | dir=in | app=c:\nein_\games\diablo iii\diablo iii beta\diablo iii.exe |
"{291FF13D-64B0-48BA-9820-8E5FEBA26A9E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A7EF68A-1B72-4575-97B9-97D35D89940C}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{2D95BFED-5BD2-4E9B-A282-24490459C84D}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\portal 2\portal2.exe |
"{2DF11812-6E4A-444F-B2F3-271E11C3CB8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2FF41E91-B495-4F7B-8881-B75CD05D81A5}" = protocol=17 | dir=in | app=c:\nein_\games\world of warcraft\launcher.exe |
"{3194CC58-C8E4-4DB3-9651-45AFE49104C1}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{34CF85FC-AE3F-4038-A9A6-66AD04F9721B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3A757480-42D6-4C82-8007-0D173D26BAB6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{43EF1BEB-2E49-4ED8-A78A-559BD519F7F1}" = protocol=6 | dir=in | app=c:\nein_\games\world of warcraft\launcher.exe |
"{46D193A2-9739-46D2-BCBC-C62AFFF8C054}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4D35D359-655D-42C2-A5CB-931232B19FDD}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{4D5A436A-6E92-4FA8-A227-0D6696BDB04C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4EA927D9-F7B1-460D-AD3C-E2AF19E4255D}" = protocol=6 | dir=in | app=c:\nein_\programs\bitlord 2\bitlord files\bitlord.exe |
"{4ED07D2A-FE54-419D-B941-8365E91B29D4}" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base19679\sc2.exe |
"{5083A4BC-EFE9-4B6A-81F0-DB2890E8A306}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe |
"{50D88B5B-6B6D-43EB-8E5E-D98FB020FB8F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50FCC5E2-A03E-48F0-9BB2-94C5D6BB8B60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{534C5BCC-CDAC-4B75-AF7C-FA3B1DBD3DE7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5512F4FB-35E1-4348-84DA-F236D6917E68}" = protocol=17 | dir=in | app=c:\nein_\programs\tunngle\tnglctrl.exe |
"{5EA06E30-E2D0-4209-9FA9-F2976B32FBC5}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{5F161C11-03B8-4E0A-B956-2A1C2D13229A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F86F1B9-4AF9-4DF9-BF13-88329F5C67A0}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\alan wake\alanwake.exe |
"{5FD3D284-8F9D-4CFE-9981-BF5A005D4A57}" = protocol=17 | dir=in | app=c:\users\nein_\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{609B67C0-50A2-4AAE-A81C-CAD706765431}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60C3D64D-0063-43CF-9F3A-1E5A7E48A67B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{615741A4-1795-48BC-9BDE-749CD849DC0D}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\gemini rue\reslists\gemini rue.exe |
"{61DB049A-A3C2-4233-83AE-772505033391}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.516\agent.exe |
"{6BE15770-BC77-4304-B7CE-0DC27EC452F7}" = protocol=6 | dir=in | app=c:\users\nein_\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6DEC13B7-F5C2-4E78-ACF1-2485FCBB9798}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{71EC4C42-0EEC-475C-B98A-E7FA3C2F054A}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\magicka\magicka.exe |
"{72609726-3736-47D8-B259-8AC6019DF11F}" = protocol=6 | dir=in | app=c:\users\nein_\appdata\local\apps\2.0\gc1zrcax.hyk\72lchke1.l7k\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384d1fffca2c\curseclient.exe |
"{73F56CB8-C8CA-4AFC-B97F-A6CED70E2D83}" = protocol=58 | dir=in | app=system |
"{75DC759F-8ED2-43CA-A756-5C1DD1DAFB0A}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\the secret world\clientpatcher.exe |
"{76AEA0C1-E4FE-4420-A695-8AC8EE0385E8}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\sniper elite v2\bin\sniperelitev2.exe |
"{7D674F38-E494-4CFD-ADE5-8C97F92F757E}" = protocol=6 | dir=in | app=c:\nein_\programs\vent\ventrilo.exe |
"{7DF973FD-5F34-47F3-8E8E-213E7159C5C8}" = protocol=17 | dir=in | app=c:\nein_\programs\vent\ventrilo.exe |
"{7F0F5FAF-9213-466A-828D-2F761CFF7406}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\counter-strike go - intro trailer\smp.exe |
"{83222987-0B70-4848-8D90-B4B2375D4A26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{849D7F8C-7A3C-4BA0-86D2-AF8CA4438C1C}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\bobbert009\day of defeat\hl.exe |
"{853238CF-C68F-491F-9046-7CC86B9393B9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{87743B02-065A-400A-B62D-BC4F372E88B8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{883F3FD1-22F3-4A22-B27A-26A9F3362051}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\payday the heist\payday_win32_release.exe |
"{890F3846-62C1-4D5F-855C-F5AE1F072E4E}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\nein_\day of defeat\hl.exe |
"{8A495132-1483-41A0-AF74-BA7CD0E572E8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8BC989E5-3449-49F1-8EB7-5476F195EE75}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\bobbert009\day of defeat\hl.exe |
"{8BCA8846-D5A7-4431-9463-E8238B95CCF2}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steam.exe |
"{8E24B293-F438-40D9-84FA-7034AF3CCCCD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{90AD94B6-DA6C-4CB0-9A1C-87FFEE0DA4C8}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\nein_\day of defeat\hl.exe |
"{91A2899B-08B4-4446-B5EE-8339BDE3F9A7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{92E24F68-99F8-4762-8D99-3DBD20B173B1}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\super street fighter iv - arcade edition\ssfiv.exe |
"{93BE84B7-897B-4E16-B611-924914ABA130}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\portal 2\portal2.exe |
"{9688AF3A-D82F-49BB-9D0B-5DA93ACEE551}" = protocol=17 | dir=in | app=c:\users\nein_\appdata\local\apps\2.0\gc1zrcax.hyk\72lchke1.l7k\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b1384d1fffca2c\curseclient.exe |
"{9BA95D74-D27A-46D3-99E1-86714428ACE5}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\counter-strike go - intro trailer\smp.exe |
"{9C6DD37A-E1F5-413B-87A0-9011FE3826F3}" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base19679\sc2.exe |
"{A2371765-F7C9-400B-A25B-9FA6EF7107BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A71A6A0A-A3FA-4B1A-BFA6-7387DADD9B01}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{A786796C-BCA7-4416-80F2-999092FB6E74}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AA578A2D-E909-4883-9F2A-5AB79ECCA666}" = protocol=6 | dir=in | app=c:\nein_\programs\tunngle\tunngle.exe |
"{AD6B9CFE-EDA7-41B4-9F5C-4E1155BEC439}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{B18B32F1-06B8-4A75-9035-04B7A12E6ED1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B1C6A623-DA1B-4684-BA96-395EEF3BFD66}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B2C38D9C-63BF-4EBC-B6D6-4F4D65E8F037}" = protocol=17 | dir=in | app=c:\nein_\games\world of warcraft\launcher.patch.exe |
"{B4762933-957B-4ED5-BAB7-4A72BFE4DA4B}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{B500C176-A21C-4858-866D-93B393A4FEB8}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\the witcher 2\launcher.exe |
"{BB6EE34A-A0CB-4417-9352-2B677B3107F7}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\arma 2\arma2.exe |
"{BD1269AF-6162-4FD4-B5D3-DB8A79550725}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steam.exe |
"{BDA3B7F5-B91F-44BF-88EA-7321AA978466}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\dota 2 beta\dota.exe |
"{BFE5728E-3E49-4B25-97C8-010C7B8AE836}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{C352A76E-640A-46D1-9D5B-E0D466F59D02}" = protocol=6 | dir=in | app=c:\nein_\games\world of warcraft\launcher.patch.exe |
"{C3CE92AA-2B55-4F12-96E2-E35EF78A94E8}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{C4089286-EC21-484D-ADF6-B1ACB659A2E3}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{C6115860-C51F-496F-BBBF-D9BA5C86E734}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{C6503FF2-96D9-48AA-8F03-513EA78497F8}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C6EE2128-D054-4F69-B828-4C0C5DB5F30A}" = protocol=17 | dir=in | app=c:\nein_\programs\bitlord 2\bitlord files\bitlord.exe |
"{C8F73F1C-B196-4ADD-9760-2F2A53249D0A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9F54FA6-78F7-4598-867A-FFEAA4ECA97D}" = protocol=6 | dir=in | app=c:\nein_\games\diablo iii\diablo iii beta\diablo iii.exe |
"{CA916DF6-F85C-4C43-9D3A-1A111254980D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF0C0259-105C-4CF3-8637-F433498D4A5E}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{D33DA1D4-69A8-4018-97FE-B2F1FCD8D5AF}" = dir=in | app=c:\nein_\programs\itunes\itunes.exe |
"{D410018C-0480-45D0-B88F-F10638E9F61C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D73899D1-4192-4E78-A95C-6CBBA9E09C34}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA662493-8298-475D-85C0-97505E79C01C}" = protocol=17 | dir=in | app=c:\nein_\programs\tunngle\tunngle.exe |
"{DB39BC90-170E-4930-A903-2137DEC91B17}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\the secret world\clientpatcher.exe |
"{DC0139B2-5182-442E-8967-20D0B538D079}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\magicka\magicka.exe |
"{DCAE6FAF-BF27-4EDB-9601-2D1831D7E448}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\the witcher 2\launcher.exe |
"{DFF091C4-EFFE-4AA6-B9B8-DE1847EE2CF8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DFF1670F-BCE5-4905-BC21-A7A6890D2347}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{E3EBDC0F-2374-44F5-B7FC-0E5B507ABCDD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{E53A0ACE-F9AA-487B-800B-C3F08E386265}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\alan wake\alanwake.exe |
"{E5AF6D1A-65AE-4892-B53A-0B1299BC3148}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E86D5871-546D-4EE0-8392-45883173CCE7}" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{F1137F2B-D63D-4C35-A2B8-92C27214878F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F260E5FA-3047-48E7-8273-3933B36F35ED}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F4622DC0-9B0C-4BB4-A05A-F0D9416FB294}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F47DD31B-5468-4AAD-9486-173219D36944}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\super street fighter iv - arcade edition\ssfiv.exe |
"{F8A287A2-C9E9-48BC-8502-2B8B676E3F92}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.516\agent.exe |
"{FA33866B-C3BD-4410-B07B-1B54113B4345}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\gemini rue\reslists\gemini rue.exe |
"{FA81EB5C-0136-487C-ABFC-38406D7F67D4}" = protocol=6 | dir=in | app=c:\nein_\programs\tunngle\tnglctrl.exe |
"{FB217C61-3EF9-4980-95DF-24DD825155DB}" = protocol=6 | dir=out | app=system |
"{FCAEE1DD-FA5A-458E-93DE-9D69582EC1FA}" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{FEBCA6D0-800E-4EA4-95F5-D319DA1A5114}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{16675082-CB37-4912-BCEA-871FD76A206C}C:\nein_\games\europa\eu3game.exe" = protocol=6 | dir=in | app=c:\nein_\games\europa\eu3game.exe |
"TCP Query User{21439AED-7256-4DBB-B96F-1833DBDF9FBF}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{2F44FEEF-EF27-41CC-B262-88F0F4567D6A}C:\nein_\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{32442C7B-65F8-44AE-8364-D69418563DF5}C:\nein_\games\tribes\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\nein_\games\tribes\games\tribes alpha\binaries\win32\tribesascend.exe |
"TCP Query User{3E22472D-90A7-433E-9750-619F161ABFD9}C:\nein_\games\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\nein_\games\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{66A8DB01-D008-4E41-94DE-289965A0BFD4}C:\nein_\games\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{77EB0393-1836-4F98-90B0-5D26E6CB3DAE}C:\nein_\games\steam\steamapps\bobbert009\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\bobbert009\counter-strike source\hl2.exe |
"TCP Query User{8CEAE833-A03A-43EB-BBCD-A36D05E58743}C:\nein_\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\nein_\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{95D7E646-3A13-4850-A17C-E05694E05F27}C:\nein_\games\diablo ii\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\nein_\games\diablo ii\diablo ii\game.exe |
"TCP Query User{A0DB9012-47DF-4677-AB23-E37A90DDCB7D}C:\nein_\games\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{A46CF418-2F3C-4E50-A7C0-A59EE6211783}C:\nein_\games\steam\steamapps\bobbert009\source sdk base 2007\hl2.exe" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\bobbert009\source sdk base 2007\hl2.exe |
"TCP Query User{B196093A-94FA-4E27-A8CF-2811270F57C4}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{BCCD305C-46E9-4977-91AF-E223CCF3C5FB}C:\nein_\games\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\nein_\games\star wars-the old republic\betatest\retailclient\swtor.exe |
"TCP Query User{BF5C43CD-50D8-4D6F-80E4-7486A50E00A2}C:\nein_\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{C88BF533-30E7-4D8D-9AD7-A56B70479B98}C:\nein_\programs\real alternative\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\nein_\programs\real alternative\media player classic\mplayerc.exe |
"TCP Query User{CC2CDED4-6459-4B51-9DD8-DFB7AF13F1C6}C:\nein_\games\steam\steamapps\bobbert009\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\nein_\games\steam\steamapps\bobbert009\team fortress 2\hl2.exe |
"TCP Query User{DACD2866-ADB8-4D7E-A212-44B08FD08DCD}C:\nein_\programs\budget\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\nein_\programs\budget\jre\bin\javaw.exe |
"TCP Query User{EFAAFA69-F5F4-4EF5-8B7E-A84E7F75F8FB}C:\nein_\programs\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\nein_\programs\bittornado\btdownloadgui.exe |
"TCP Query User{F3CE4357-4FBC-41D9-9C8F-F8849A39F719}D:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe |
"UDP Query User{048EDA1B-52E7-4551-A8F8-487927BAF8DD}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{0BB59693-AB13-44AD-B42C-933F14BD0299}C:\nein_\games\tribes\games\tribes alpha\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\nein_\games\tribes\games\tribes alpha\binaries\win32\tribesascend.exe |
"UDP Query User{2DD024E2-C82F-41F6-9C5B-9472199CB79E}C:\nein_\games\europa\eu3game.exe" = protocol=17 | dir=in | app=c:\nein_\games\europa\eu3game.exe |
"UDP Query User{371723E3-82ED-4966-82F3-7DDB0DAE1468}C:\nein_\programs\budget\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\nein_\programs\budget\jre\bin\javaw.exe |
"UDP Query User{3E47561D-3433-4A9F-8D9C-C29AD178DE94}C:\nein_\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\nein_\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{5B37126B-EBDA-44AF-9BB6-74603A7CCDAE}C:\nein_\programs\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\nein_\programs\bittornado\btdownloadgui.exe |
"UDP Query User{6A088017-307C-4EBA-92F6-2777ECAB78B5}C:\nein_\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{750354AF-A8E8-4612-8F89-A2AE8A9BD631}C:\nein_\games\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{755DA486-A56C-4E52-A3F4-6017F2B389C9}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{780E4FD5-FF25-4F38-82D5-322F6BF6EED4}C:\nein_\games\star wars-the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\nein_\games\star wars-the old republic\betatest\retailclient\swtor.exe |
"UDP Query User{7CC3A633-F756-499F-9AF7-ADE12C24D830}C:\nein_\games\steam\steamapps\bobbert009\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\bobbert009\counter-strike source\hl2.exe |
"UDP Query User{8188A818-5AF3-411F-8801-C106E52064ED}C:\nein_\games\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{89987B9B-77A7-4619-B9EA-701F0A7837F4}C:\nein_\games\diablo ii\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\nein_\games\diablo ii\diablo ii\game.exe |
"UDP Query User{9A6DCFA8-1303-4494-8AE6-B62DA6E33404}C:\nein_\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{9F3F9E7E-4F89-4921-8424-60302849AE48}D:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe |
"UDP Query User{C38CD9A0-78E3-4EA9-A033-001C6DB69793}C:\nein_\games\steam\steamapps\bobbert009\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\bobbert009\team fortress 2\hl2.exe |
"UDP Query User{DA02E80F-E5AC-42EC-B0AE-DF180E7F5A7F}C:\nein_\games\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\nein_\games\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{E52EFBDA-CD23-43B3-858C-5DD2580445A8}C:\nein_\programs\real alternative\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\nein_\programs\real alternative\media player classic\mplayerc.exe |
"UDP Query User{EC8ED360-4D66-48B8-816F-51DC7D13BABD}C:\nein_\games\steam\steamapps\bobbert009\source sdk base 2007\hl2.exe" = protocol=17 | dir=in | app=c:\nein_\games\steam\steamapps\bobbert009\source sdk base 2007\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0004
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.3.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SteelSeries Engine" = SteelSeries Engine

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite Closed Beta
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{47957648-B46A-4211-85E1-01A15B6A1B45}" = Ace of Spades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{77E57197-30EC-444F-B1B8-A99AA2A45794}" = SteelSeries Xai Laser Mouse
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{81F1814D-8658-72CC-D370-A08E1014EF03}" = Pandora
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{894084B6-BC69-43B7-BF06-B93AECFEA520}" = GameSpy Comrade
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.7
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC2F8B30-0236-486D-A549-30BD50086BAB}" = XSplit
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3DKink-126.002" = thriXXX 3DKink-126.002
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"AudioCS" = Creative Audio Control Panel
"avast" = avast! Free Antivirus
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"BitLord" = BitLord 2.0
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Desura" = Desura
"Desura_18631568130064" = Desura: Project Reality: Battlefield 2
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Divine Wind_is1" = Divine Wind version 5.1
"DivX Setup" = DivX Setup
"Dxtory2.0_is1" = Dxtory 2.0.108
"INsanes HUD and GUI" = INsanes HUD and GUI 9
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MiPony" = MiPony 1.5.2
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PlugY, The Survival Kit" = PlugY, The Survival Kit
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"RealAlt_is1" = Real Alternative 2.0.2
"Rockstar Games Social Club" = Rockstar Games Social Club
"Saints Row The Third_is1" = Saints Row The Third
"ShiftWindow_is1" = ShiftWindow 1.02
"StarCraft II" = StarCraft II
"Steam App 203770" = Crusader Kings II
"Steam App 204100" = Max Payne 3
"Steam App 207610" = The Walking Dead
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 211" = Source SDK
"Steam App 215280" = The Secret World
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 24240" = PAYDAY: The Heist
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 33900" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 45760" = Super Street Fighter IV: Arcade Edition
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"Steam App 63380" = Sniper Elite V2
"Steam App 65800" = Dungeon Defenders
"Steam App 80310" = Gemini Rue
"SumatraPDF" = SumatraPDF
"Tunngle beta_is1" = Tunngle beta
"VirtualCloneDrive" = VirtualCloneDrive
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3147556220-2770450483-2963924412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Flux" = F.lux
"Google Chrome" = Google Chrome
"MusicManager" = Music Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2012 11:50:42 PM | Computer Name = Nein_-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/10/2012 2:13:48 AM | Computer Name = Nein_-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".
Dependent
Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not
be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/10/2012 2:16:10 AM | Computer Name = Nein_-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Nein_\Programs\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\Nein_\Programs\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 8/11/2012 8:01:04 PM | Computer Name = Nein_-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/12/2012 3:30:30 AM | Computer Name = Nein_-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".
Dependent
Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not
be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/12/2012 3:33:34 AM | Computer Name = Nein_-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Nein_\Programs\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\Nein_\Programs\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 8/12/2012 9:12:52 PM | Computer Name = Nein_-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TheSecretWorldDX11.exe, version: 1.0.0.0,
time stamp: 0x501ca647 Faulting module name: TheSecretWorldDX11.exe, version: 1.0.0.0,
time stamp: 0x501ca647 Exception code: 0xc0000005 Fault offset: 0x004a1823 Faulting
process id: 0x17e4 Faulting application start time: 0x01cd78d379962cd0 Faulting application
path: C:\Nein_\Games\Steam\steamapps\common\The Secret World\TheSecretWorldDX11.exe
Faulting
module path: C:\Nein_\Games\Steam\steamapps\common\The Secret World\TheSecretWorldDX11.exe
Report
Id: 00fcf600-e4e4-11e1-9a2e-001e4fa1c7be

Error - 8/13/2012 12:51:21 AM | Computer Name = Nein_-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TheSecretWorldDX11.exe, version: 1.0.0.0,
time stamp: 0x501ca647 Faulting module name: Awesomium.dll, version: 1.6.0.4, time
stamp: 0x4ff49ee4 Exception code: 0x80000003 Fault offset: 0x005eaac0 Faulting process
id: 0x1114 Faulting application start time: 0x01cd79011104d530 Faulting application
path: C:\Nein_\Games\Steam\steamapps\common\The Secret World\TheSecretWorldDX11.exe
Faulting
module path: C:\Nein_\Games\Steam\steamapps\common\The Secret World\Awesomium.dll
Report
Id: 862a9b20-e502-11e1-9a2e-001e4fa1c7be

Error - 8/13/2012 2:17:30 AM | Computer Name = Nein_-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".
Dependent
Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not
be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/13/2012 2:20:07 AM | Computer Name = Nein_-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Nein_\Programs\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\Nein_\Programs\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 7/31/2012 5:38:39 PM | Computer Name = Nein_-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/31/2012 5:39:57 PM | Computer Name = Nein_-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 7/31/2012 5:41:04 PM | Computer Name = Nein_-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/31/2012 5:42:49 PM | Computer Name = Nein_-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 8/5/2012 9:07:49 PM | Computer Name = Nein_-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 8/5/2012 9:07:49 PM | Computer Name = Nein_-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 8/9/2012 11:49:50 PM | Computer Name = Nein_-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:48:21 PM on ?8/?9/?2012 was unexpected.

Error - 8/9/2012 11:50:59 PM | Computer Name = Nein_-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 8/13/2012 12:32:42 PM | Computer Name = Nein_-PC | Source = bowser | ID = 8003
Description =

Error - 8/13/2012 1:20:39 PM | Computer Name = Nein_-PC | Source = bowser | ID = 8003
Description =


< End of report >

#9 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:49 AM

Posted 14 August 2012 - 08:47 AM

Are you redirected in only one browser, or multiple browsers?

Please do the following:
  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

Edited by jntkwx, 14 August 2012 - 08:51 AM.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#10 Tony Nein_

Tony Nein_
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 14 August 2012 - 10:19 AM

When attempting to run that program, I got a BSOD twice. Currently trying to run in Safe Mode. I normally use Google Chrome for my browser, but when I loaded up IE I get the redirect problem in that browser as well.

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:49 AM

Posted 14 August 2012 - 10:26 AM

Ok, if Safe Mode doesn't work, there're a couple other options we can try.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 Tony Nein_

Tony Nein_
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 14 August 2012 - 10:29 AM

Got a BSOD in safe mode as well. Image included.

http://puu.sh/Vf6z

#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:49 AM

Posted 15 August 2012 - 08:12 PM

Please create this bootable CD.

  • Save these files to your Desktop
  • Open BurnCDCC and Extract All files to to it's own folder
  • Double Click BurnCDCC
  • Click Browse and navigate to the Puppy Linux ISO file you just downloaded
  • click on it and click Open
  • IMPORTANT: Adjust the speed bar to CD: 4x DVD: 1x
  • Click Start
  • Your CD Burner Tray will open automatically
  • Insert a blank CD and close the tray
  • Click OK
The CD should eject when finished.

Download and save pldumpit.exe to your USB device.

To use the CD

  • Insert the CD and restart the computer
  • When the computer first starts please press the key indicated on the screen to enter the bios or setup.
  • Make the necessary changes to make the CD first in the boot order
  • Save the changes and exit the bios/setup
  • Your computer will restart and boot from the Puppy Linux Live CD
You can save these instructions to a notepad on your usb device. Once you have mounted the drives you should be able view them by clicking on them.

  • Set your language, time. etc preferences and continue
  • Click the Mount Icon located at the top left of your desktop (should be 3rd from the left top row)
  • A Window will open, click mount for each drive listed
  • if you have a USB Flash Drive connected it's usually automatically mounted upon boot, but click the "usbdrv" tab and make sure it is mounted.

In the lower left you will see some icons with a green light on them. Click on the one that represents your usb device.
  • locate pldumpit.exe
  • right click it and select rename
  • please remove only the .exe from the file path
  • click rename
  • click on pldumpit
  • a window will open please hit enter when told to to close the window
  • there should now be a file named mbr.zip in the list of files
  • close all windows
  • click menu
  • highlight shutdown
  • click reboot
  • use the arrow key to select Do not save
  • hit enter
  • remove the CD before the computer restarts and allow the computer to boot


Please attach MBR.zip to your next reply.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 Tony Nein_

Tony Nein_
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 16 August 2012 - 07:09 PM

Am away from my desktop until tomorrow afternoon, will attempt then.

#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:10:49 AM

Posted 16 August 2012 - 07:10 PM

Sounds good, thanks for letting me know. :thumbup2:
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users