Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Webhp redirect/privitize.com


  • Please log in to reply
10 replies to this topic

#1 panda411

panda411

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 01 April 2013 - 10:59 PM

When I load my homepage on firefox the classic firefox homepage redicrects to www.google.com/webhp. The google searchbar in the right hand corner has also been changed to a privitize.com search bar. I removed privitize under the control panel but I am still being redirected to google.com/webhp. My antivirus is not finding any problems.

 

I downloaded GMER, ran a quick scan, and have posted the results below. I don't know what they mean or what to do from here.

 

GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-04-01 23:35:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5065GSX rev.GJ002D 465.76GB
Running: ftdwukxe.exe; Driver: C:\Users\Colin\AppData\Local\Temp\agloqpod.sys


---- User code sections - GMER 2.1 ----

.text   c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        0000000077131465 2 bytes [13, 77]
.text   c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe[1672] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000771314bb 2 bytes [13, 77]
.text   ...                                                                                                                                                              * 2
.text   c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1864] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                               0000000077131465 2 bytes [13, 77]
.text   c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1864] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                              00000000771314bb 2 bytes [13, 77]
.text   ...                                                                                                                                                              * 2
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 0000000077131465 2 bytes [13, 77]
.text   C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000771314bb 2 bytes [13, 77]
.text   ...                                                                                                                                                              * 2
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                               0000000077131465 2 bytes [13, 77]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                              00000000771314bb 2 bytes [13, 77]
.text   ...                                                                                                                                                              * 2
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5                             000000007717f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15                            000000007717f99b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5                                          000000007717fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15                                         000000007717fa17 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5                                        000000007717fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15                                       000000007717fb2f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5                                  000000007717fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15                                 000000007717fbdf 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5                                      000000007717fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15                                     000000007717fc0f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5                               000000007717fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15                              000000007717fc27 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5                                 000000007717fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15                                000000007717fc3f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5                               000000007717fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15                              000000007717fc6f 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5                                000000007717fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15                               000000007717fcef 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5                               000000007717fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15                              000000007717fd07 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                                         000000007717fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15                                        000000007717fd53 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5                                      000000007717fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15                                     000000007717fdb7 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5                              000000007717fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15                             000000007717fe4b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5                                    000000007717ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15                                   000000007717ff93 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5                                       0000000077180099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15                                      00000000771800a3 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5                                     0000000077180781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15                                    000000007718078b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5                                        0000000077180ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15                                       0000000077181007 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5                                       000000007718105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15                                      0000000077181067 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5                                 00000000771810a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15                                00000000771810af 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5                                       000000007718111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15                                      0000000077181127 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5                          0000000077181321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15                         000000007718132b 1 byte [90]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\kernel32.dll!CreateProcessW                                      000000007602103d 5 bytes JMP 0000000100010030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\kernel32.dll!CreateProcessA                                      0000000076021072 5 bytes JMP 0000000100010070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW                                      000000007653119f 5 bytes JMP 0000000100020030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW                                        00000000765311cf 5 bytes JMP 0000000100020070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!MapWindowPoints                                       0000000075048c40 5 bytes JMP 0000000100160570
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!RegisterClipboardFormatW                              0000000075049ebd 5 bytes JMP 00000001001602b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!RegisterClipboardFormatA                              0000000075050afa 5 bytes JMP 00000001001602f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!GetClientRect                                         0000000075050c62 7 bytes JMP 00000001001605b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!GetParent                                             0000000075050f68 7 bytes JMP 00000001001606f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!IsWindowVisible                                       000000007505112d 7 bytes JMP 00000001001606b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!PostMessageW                                          00000000750512a5 5 bytes JMP 00000001001605f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!ScreenToClient                                        000000007505227d 7 bytes JMP 0000000100160670
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!MonitorFromWindow                                     0000000075053150 7 bytes JMP 0000000100160630
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!SetCursor                                             00000000750541f6 5 bytes JMP 0000000100160530
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!GetClipboardFormatNameA                               00000000750568ef 5 bytes JMP 0000000100160270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!GetClipboardFormatNameW                               00000000750577fa 5 bytes JMP 0000000100160230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!GetTopWindow                                          0000000075057887 7 bytes JMP 0000000100160730
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!IsClipboardFormatAvailable                            0000000075058676 5 bytes JMP 00000001001600f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!GetClipboardSequenceNumber                            0000000075058696 5 bytes JMP 0000000100160330
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!CloseClipboard                                        0000000075058e8d 5 bytes JMP 00000001001600b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!OpenClipboard                                         0000000075058ecb 5 bytes JMP 0000000100160070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!ChangeClipboardChain                                  000000007505c17b 5 bytes JMP 0000000100160430
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!EnumClipboardFormats                                  000000007505c449 5 bytes JMP 00000001001601b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!GetOpenClipboardWindow                                000000007505c468 5 bytes JMP 00000001001603f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!CountClipboardFormats                                 000000007505c486 5 bytes JMP 00000001001601f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!SetClipboardViewer                                    000000007505c4b6 5 bytes JMP 00000001001604b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!ActivateKeyboardLayout                                000000007505d6c0 5 bytes JMP 00000001001604f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!GetClipboardOwner                                     000000007505e360 5 bytes JMP 0000000100160370
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!SetClipboardData                                      0000000075088e57 5 bytes JMP 0000000100160170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!SetCursorPos                                          0000000075089cfd 5 bytes JMP 0000000100160770
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!GetClipboardData                                      0000000075089f1d 5 bytes JMP 0000000100160030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!EmptyClipboard                                        00000000750a7cb9 5 bytes JMP 0000000100160130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!GetClipboardViewer                                    00000000750a8111 5 bytes JMP 0000000100160470
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\user32.DLL!GetPriorityClipboardFormat                            00000000750a832f 5 bytes JMP 00000001001603b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps                                          0000000074fa4de0 5 bytes JMP 00000001001703b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!SelectObject                                           0000000074fa4f70 5 bytes JMP 00000001001705f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!SetBkMode                                              0000000074fa51a2 5 bytes JMP 00000001001708f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!SetTextColor                                           0000000074fa522d 5 bytes JMP 0000000100170a30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!DeleteObject                                           0000000074fa5689 5 bytes JMP 00000001001701b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!DeleteDC                                               0000000074fa58b3 5 bytes JMP 0000000100170170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!GetCurrentObject                                       0000000074fa6bad 5 bytes JMP 0000000100170370
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!SaveDC                                                 0000000074fa6e05 5 bytes JMP 0000000100170570
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!RestoreDC                                              0000000074fa6ead 5 bytes JMP 0000000100170530
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode                                      0000000074fa7180 5 bytes JMP 00000001001706b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!StretchDIBits                                          0000000074fa7435 5 bytes JMP 0000000100170770
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!CreateDCA                                              0000000074fa7bcc 5 bytes JMP 00000001001700b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!IntersectClipRect                                      0000000074fa7dc4 5 bytes JMP 00000001001703f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!GetTextAlign                                           0000000074fa7fd5 5 bytes JMP 0000000100170d70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW                                        0000000074fa82b2 5 bytes JMP 0000000100170e30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!SetTextAlign                                           0000000074fa8401 5 bytes JMP 00000001001709f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn                                       0000000074fa879f 5 bytes JMP 00000001001702f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!SelectClipRgn                                          0000000074fa8916 5 bytes JMP 00000001001705b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!ExtTextOutW                                            0000000074fa8b7a 5 bytes JMP 0000000100170970
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!MoveToEx                                               0000000074fa8ee6 5 bytes JMP 0000000100170470
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!GetFontData                                            0000000074fa9875 5 bytes JMP 0000000100170c70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!GetTextFaceW                                           0000000074fa9936 5 bytes JMP 0000000100170d30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!Rectangle                                              0000000074faa53a 5 bytes JMP 00000001001709b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!GetClipBox                                             0000000074faaf9f 5 bytes JMP 0000000100170330
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!LineTo                                                 0000000074fab9e5 5 bytes JMP 0000000100170430
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!SetICMMode                                             0000000074fabd55 5 bytes JMP 0000000100170db0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!CreateICW                                              0000000074fac040 5 bytes JMP 0000000100170130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W                                  0000000074fac107 5 bytes JMP 0000000100170670
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!SetWorldTransform                                      0000000074fac269 5 bytes JMP 00000001001706f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA                                        0000000074fad1f1 5 bytes JMP 0000000100170df0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A                                  0000000074fad349 5 bytes JMP 0000000100170630
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!ExtTextOutA                                            0000000074fadce4 5 bytes JMP 0000000100170930
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!CreateDCW                                              0000000074fae743 5 bytes JMP 00000001001700f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!ExtEscape                                              0000000074fb03b7 5 bytes JMP 00000001001702b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!Escape                                                 0000000074fb1bda 5 bytes JMP 0000000100170270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!GetTextFaceA                                           0000000074fb1e89 5 bytes JMP 0000000100170cf0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode                                        0000000074fb4843 5 bytes JMP 0000000100170b30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!SetMiterLimit                                          0000000074fb5690 5 bytes JMP 0000000100170b70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!EndPage                                                0000000074fb6bde 5 bytes JMP 0000000100170230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!ResetDCW                                               0000000074fbe2db 5 bytes JMP 0000000100170ab0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW                                       0000000074fc940d 5 bytes JMP 0000000100170cb0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW                            0000000074fcc621 5 bytes JMP 0000000100170bb0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!AddFontResourceW                                       0000000074fcd2b2 5 bytes JMP 0000000100170bf0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW                                    0000000074fcd919 5 bytes JMP 0000000100170c30
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!AbortDoc                                               0000000074fd3adc 5 bytes JMP 0000000100170030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!EndDoc                                                 0000000074fd3f29 5 bytes JMP 00000001001701f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!StartPage                                              0000000074fd401a 5 bytes JMP 0000000100170730
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!StartDocW                                              0000000074fd4c51 5 bytes JMP 00000001001707f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!BeginPath                                              0000000074fd53fd 5 bytes JMP 0000000100170830
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!SelectClipPath                                         0000000074fd5454 5 bytes JMP 0000000100170af0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!CloseFigure                                            0000000074fd54af 5 bytes JMP 0000000100170070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!EndPath                                                0000000074fd5506 5 bytes JMP 0000000100170a70
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!StrokePath                                             0000000074fd573f 5 bytes JMP 00000001001707b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!FillPath                                               0000000074fd57d2 5 bytes JMP 0000000100170870
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!PolylineTo                                             0000000074fd5c44 5 bytes JMP 00000001001704f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!PolyBezierTo                                           0000000074fd5cd5 5 bytes JMP 00000001001704b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\GDI32.dll!PolyDraw                                               0000000074fd5d87 5 bytes JMP 00000001001708b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer                                    0000000074bd9606 5 bytes JMP 00000001001c00f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle                                0000000074be0581 5 bytes JMP 00000001001c0130
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext                                0000000074be0bb9 5 bytes JMP 00000001001c0270
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken                                    0000000074be0c2e 5 bytes JMP 00000001001c01b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA                              0000000074be0f2e 5 bytes JMP 00000001001c0070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA                          0000000074be1096 5 bytes JMP 00000001001c00b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\SspiCli.dll!EncryptMessage                                       0000000074be124e 5 bytes JMP 00000001001c01f0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\SspiCli.dll!DecryptMessage                                       0000000074be129d 5 bytes JMP 00000001001c0230
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA                            0000000074be1527 5 bytes JMP 00000001001c0030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA                           0000000074be1590 5 bytes JMP 00000001001c0170
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\ole32.dll!OleSetClipboard                                        0000000074e40045 5 bytes JMP 00000001001e0030
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard                                  0000000074e436b2 5 bytes JMP 00000001001e0070
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\ole32.dll!OleGetClipboard                                        0000000074e6fdcd 5 bytes JMP 00000001001e00b0
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000077131465 2 bytes [13, 77]
.text   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe[1628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000771314bb 2 bytes [13, 77]
.text   ...                                                                                                                                                              * 2

---- Threads - GMER 2.1 ----

Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1748]                                                                          00000000771b2e25
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1828]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1832]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1836]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1840]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1844]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1872]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1876]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1916]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1920]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1924]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:2032]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:2036]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:2040]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:2044]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1076]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1104]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1124]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:436]                                                                           00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1116]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1148]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1204]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1232]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1312]                                                                          00000000771b3e45
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1300]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1068]                                                                          0000000073271c2f
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1316]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1328]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1308]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1304]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1256]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1264]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1268]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1252]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1248]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1240]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:1108]                                                                          00000000734929e1
Thread  c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [1720:2288]                                                                          00000000771b3e45

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{47B3EB51-7607-4164-B6F6-0C70EC6F802C}\Connection@Name                      isatap.{60235ADA-C853-4AE5-9315-F86152B0424A}
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                         \Device\{47B3EB51-7607-4164-B6F6-0C70EC6F802C}?\Device\{B8387F9B-E233-4C9C-AFF0-DC15EB37AB7B}?\Device\{A0F21EEF-5B31-4862-84EC-F90591E55098}?\Device\{C3C5C471-DBC0-41D3-AA5A-5A04D0479785}?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                        "{47B3EB51-7607-4164-B6F6-0C70EC6F802C}"?"{B8387F9B-E233-4C9C-AFF0-DC15EB37AB7B}"?"{A0F21EEF-5B31-4862-84EC-F90591E55098}"?"{C3C5C471-DBC0-41D3-AA5A-5A04D0479785}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                       \Device\TCPIP6TUNNEL_{47B3EB51-7607-4164-B6F6-0C70EC6F802C}?\Device\TCPIP6TUNNEL_{B8387F9B-E233-4C9C-AFF0-DC15EB37AB7B}?\Device\TCPIP6TUNNEL_{A0F21EEF-5B31-4862-84EC-F90591E55098}?\Device\TCPIP6TUNNEL_{C3C5C471-DBC0-41D3-AA5A-5A04D0479785}?
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{47B3EB51-7607-4164-B6F6-0C70EC6F802C}@InterfaceName                                           isatap.{60235ADA-C853-4AE5-9315-F86152B0424A}
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{47B3EB51-7607-4164-B6F6-0C70EC6F802C}@ReusableType                                            0
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Colin\AppData\Local\Temp\JREInstall\x3031\x3239.exe  1

---- EOF - GMER 2.1 ----
 


Edited by Orange Blossom, 01 April 2013 - 11:29 PM.
Moved from XP to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:27 AM

Posted 02 April 2013 - 05:52 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu
  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log

 



#3 panda411

panda411
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 02 April 2013 - 09:57 AM

TDS Killer Log:

 

No threats Found

 

RKILL Log:

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/02/2013 09:22:33 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 04/02/2013 09:22:39 AM
Execution time: 0 hours(s), 0 minute(s), and 6 seconds(s)
 

ESET Log:

 

C:\Users\All Users\MaGnaiPic\515a50a67ceb8.dll    a variant of Win32/Adware.MultiPlug.I application    
C:\Program Files (x86)\MagniPic\sprotector.dll    a variant of Win32/SProtector.A application    cleaned by deleting - quarantined
C:\ProgramData\MaGnaiPic\515a50a67ceb8.dll    a variant of Win32/Adware.MultiPlug.I application    cleaned by deleting - quarantined
C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Extensions\glohpglhjedbeifpalcepicmfoinpajl\1\515a50a67cc716.58939168.js    Win32/Adware.MultiPlug.H application    cleaned by deleting - quarantined
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIGWMBWM\prvtzd_dup[1].exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XDYVUFU1\515a50a69551b[1].exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Colin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XDYVUFU1\pvtzd_agent_setup[1].exe    Win32/GenUpdater application    cleaned by deleting - quarantined
C:\Users\Colin\AppData\Local\Temp\APNStub.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\pd4hjq6s.default\extensions\xrpijl@yyoyu.edu\content\bg.js    Win32/Adware.MultiPlug.H application    cleaned by deleting - quarantined
C:\Users\Colin\Downloads\DownloadManager_Setup.exe    Win32/Adware.iBryte application    cleaned by deleting - quarantined
 

Junkware log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.9 (04.01.2013:1)
OS: Windows 7 Home Premium x64
Ran by Colin on Tue 04/02/2013 at  9:25:26.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\startsearch
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\sprotector
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\sp global
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\sprotector
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\clsoft ltd"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Failed to delete: [Folder] "C:\Program Files (x86)\magnipic"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Colin\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] C:\Users\Colin\AppData\Roaming\mozilla\firefox\profiles\pd4hjq6s.default\user.js
Successfully deleted: [File] C:\Users\Colin\AppData\Roaming\mozilla\firefox\profiles\pd4hjq6s.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\Colin\AppData\Roaming\mozilla\firefox\profiles\pd4hjq6s.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\Colin\AppData\Roaming\mozilla\firefox\profiles\pd4hjq6s.default\prefs.js

user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.search.check", false);
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=be48008700000000000064d4da00d9b3");
user_pref("extensions.privitize.hpOld0", "");
user_pref("extensions.privitize.id", "be48008700000000000064d4da00d9b3");
user_pref("extensions.privitize.instlDay", "15797");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=be48008700000000000064d4da00d9b3");
user_pref("extensions.privitize.lastB", "hxxp://searchou.com/?id=be48008700000000000064d4da00d9b3");
user_pref("extensions.privitize.lastVrsnTs", "1.8.16.2222:53:57");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=be48008700000000000064d4da00d9b3");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=be48008700000000000064d4da00d9b3&q=");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.2222:53:57");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");
Emptied folder: C:\Users\Colin\AppData\Roaming\mozilla\firefox\profiles\pd4hjq6s.default\minidumps [103 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/02/2013 at  9:32:39.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:27 AM

Posted 02 April 2013 - 09:22 PM

Malwarebytes

Please download Malwarebytes Anti-Malware and save it to your desktop. If you already have it installed launch the program and update the database.

  • Make sure you are connected to the Internet and double-click on the it to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

Farbar's MiniToolBox
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the MiniToolBox.jpg icon to launch the program
  • Make sure the following options are checked:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply

===================================================

Farbar's Service Scanner

Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===================================================

AdwCleaner by Xplode - Search for Adware
  • Please download AdwCleaner by Xplode onto your desktop.
  • Security softwares may flag it as malicious.This is a false positive and can be ignored.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • Click YES if you receive a warning for reboot
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well

===================================================

Autoruns
 
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply



  • Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Autoruns log


 



#5 panda411

panda411
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 03 April 2013 - 08:41 PM

Malwarebytes

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.03.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
-------- [administrator]

4/3/2013 9:07:14 PM
mbam-log-2013-04-03 (21-07-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212723
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Mini Tool Box

 

MiniToolBox by Farbar  Version:05-03-2013
Ran by ---- (administrator) on 03-04-2013 at 21:18:32
Running from "C:\Users\----\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6250 AGN = Wireless Network Connection (Connected)
Intel® Centrino® WiMAX 6250 = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Colin-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : brandeis.edu

Ethernet adapter Local Area Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6250
   Physical Address. . . . . . . . . : 64-D4-DA-00-D9-B3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 00-23-15-1C-18-E5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-23-15-1C-18-E5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : brandeis.edu
   Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN
   Physical Address. . . . . . . . . : 00-23-15-1C-18-E4
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b030:b08f:30a4:d975%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 129.64.214.90(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, April 03, 2013 8:39:18 PM
   Lease Expires . . . . . . . . . . : Wednesday, April 03, 2013 11:14:26 PM
   Default Gateway . . . . . . . . . : 129.64.214.1
   DHCP Server . . . . . . . . . . . : 129.64.101.105
   DHCPv6 IAID . . . . . . . . . . . : 318776085
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-87-E8-00-A4-BA-DB-C4-34-71
   DNS Servers . . . . . . . . . . . : 129.64.99.205
                                       129.64.100.205
   Primary WINS Server . . . . . . . : 129.64.100.171
   Secondary WINS Server . . . . . . : 129.64.100.58
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{132189FC-1536-49E8-8911-B93A188E7043}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2EEF9B7C-4CC9-4A0D-81A7-B3DC90EC0369}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{60235ADA-C853-4AE5-9315-F86152B0424A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.brandeis.edu:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : brandeis.edu
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Connection-specific DNS Suffix  . : brandeis.edu
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:8140:d65a::8140:d65a(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 129.64.99.205
                                       129.64.100.205
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  ns1.brandeis.edu
Address:  129.64.99.205

Name:    google.com
Addresses:  2607:f8b0:4006:803::1001
      74.125.226.227
      74.125.226.231
      74.125.226.224
      74.125.226.225
      74.125.226.233
      74.125.226.238
      74.125.226.229
      74.125.226.232
      74.125.226.228
      74.125.226.226
      74.125.226.230


Pinging google.com [74.125.226.231] with 32 bytes of data:
Reply from 74.125.226.231: bytes=32 time=15ms TTL=50
Reply from 74.125.226.231: bytes=32 time=15ms TTL=50

Ping statistics for 74.125.226.231:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 15ms, Average = 15ms
Server:  ns1.brandeis.edu
Address:  129.64.99.205

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=447ms TTL=46
Reply from 98.139.183.24: bytes=32 time=682ms TTL=47

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 447ms, Maximum = 682ms, Average = 564ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...64 d4 da 00 d9 b3 ......Intel® Centrino® WiMAX 6250
 14...00 23 15 1c 18 e5 ......Microsoft Virtual WiFi Miniport Adapter #2
 13...00 23 15 1c 18 e5 ......Microsoft Virtual WiFi Miniport Adapter
 12...00 23 15 1c 18 e4 ......Intel® Centrino® Advanced-N 6250 AGN
  1...........................Software Loopback Interface 1
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 19...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     129.64.214.1    129.64.214.90     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     129.64.214.0    255.255.255.0         On-link     129.64.214.90    276
    129.64.214.90  255.255.255.255         On-link     129.64.214.90    276
   129.64.214.255  255.255.255.255         On-link     129.64.214.90    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     129.64.214.90    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     129.64.214.90    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 19   1020 2002::/16                On-link
 19    276 2002:8140:d65a::8140:d65a/128
                                    On-link
 12    276 fe80::/64                On-link
 12    276 fe80::b030:b08f:30a4:d975/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/03/2013 08:46:06 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/03/2013 08:46:06 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/03/2013 08:40:39 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/03/2013 08:40:39 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (04/03/2013 08:38:43 PM) (Source: MSSQL$CSSQL05) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

Error: (04/03/2013 08:38:43 PM) (Source: MSSQL$CSSQL05) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.

Error: (04/03/2013 05:04:27 PM) (Source: MSSQL$CSSQL05) (User: )
Description: Performance counter shared memory setup failed with error -1. Reinstall sqlctr.ini for this instance, and ensure that the instance login account has correct registry permissions.

Error: (04/03/2013 05:04:27 PM) (Source: MSSQL$CSSQL05) (User: )
Description: Error in mapping SQL Server performance object/counter indexes to object/counter names. SQL Server performance counters are disabled.

Error: (04/03/2013 02:21:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (04/03/2013 02:21:29 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.


System errors:
=============
Error: (04/03/2013 08:38:32 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:51:33 PM on ?4/?3/?2013 was unexpected.

Error: (04/03/2013 05:04:02 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:48:36 PM on ?4/?3/?2013 was unexpected.

Error: (04/03/2013 02:13:49 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:44:39 PM on ?4/?3/?2013 was unexpected.

Error: (04/03/2013 00:01:38 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:04:08 AM on ?4/?3/?2013 was unexpected.

Error: (04/02/2013 07:11:38 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:47:08 PM on ?4/?2/?2013 was unexpected.

Error: (04/02/2013 03:25:36 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:22:10 PM on ?4/?2/?2013 was unexpected.


Microsoft Office Sessions:
=========================
Error: (04/03/2013 08:46:06 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/03/2013 08:46:06 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (04/03/2013 08:40:39 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/03/2013 08:40:39 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (04/03/2013 08:38:43 PM) (Source: MSSQL$CSSQL05)(User: )
Description: -1

Error: (04/03/2013 08:38:43 PM) (Source: MSSQL$CSSQL05)(User: )
Description:

Error: (04/03/2013 05:04:27 PM) (Source: MSSQL$CSSQL05)(User: )
Description: -1

Error: (04/03/2013 05:04:27 PM) (Source: MSSQL$CSSQL05)(User: )
Description:

Error: (04/03/2013 02:21:29 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (04/03/2013 02:21:29 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000


=========================== Installed Programs ============================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Ask Toolbar (Version: 1.15.14.0)
Ask Toolbar Updater (Version: 1.2.3.29495)
CambridgeSoft Activation Client (Version: 12.0)
CambridgeSoft BioAssay 12.0 (Version: 12.0)
CambridgeSoft ChemBioOffice Ultra 2010 (Version: 12.0)
CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0 (Version: 12.0)
CambridgeSoft ChemScript 12.0 (Version: 12.0)
CambridgeSoft Desktop Inventory 12.0 (Version: 12.0)
CambridgeSoft ENotebook 12.02 (Version: 12.0.2)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Coupon Printer for Windows (Version: 5.0.0.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
HP Deskjet 1050 J410 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1050 J410 series Help (Version: 140.0.66.66)
HP Deskjet 1050 J410 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.002.006.003)
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software (Version: 13.02.0000)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
JavaFX 2.1.1 (Version: 2.1.1)
MagniPic (Version: 1.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
McAfee Security Scan Plus (Version: 3.0.318.3)
MestReNova LITE 5.2.5-5780 (Version: 5.2.5-5780)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (CSSQL05) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Mozilla Firefox 19.0.2 (x86 en-US) (Version: 19.0.2)
Mozilla Maintenance Service (Version: 19.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Notepad++ (Version: 5.9.8)
Python 2.5 (Version: 2.5.150)
Scratch (Version: 1.4.0.0)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Skype Click to Call (Version: 5.8.8855)
Skype™ 6.1 (Version: 6.1.129)
STATISTICA 8.0.725.0 CS (Version: 8.0.725.0)
STATISTICA CambridgeSoft Integration (Version: 1.00.0000)
STATNOVAPDF (novaPDF Professional Server 5.4  printer)
System Requirements Lab for Intel (Version: 4.5.3.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Web Games Player Plugin
WinRAR 4.20 (32-bit) (Version: 4.20.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 3894.56 MB
Available physical RAM: 2724.07 MB
Total Pagefile: 7787.3 MB
Available Pagefile: 6519.07 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.2 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:414.27 GB) NTFS

========================= Users: ========================================

User accounts for \\------PC

Administrator            ----                    Guest                    


**** End of log ****
 

FSS

 

Farbar Service Scanner Version: 03-03-2013
Ran by ----- (administrator) on 03-04-2013 at 21:23:25
Running from "C:\Users\-----\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

AdwCleaner

 

# AdwCleaner v2.200 - Logfile created 04/03/2013 at 21:26:16
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : --- - ----PC
# Boot Mode : Normal
# Running from : C:\Users\------\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\MagniPic

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\pd4hjq6s.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Colin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2307 octets] - [03/04/2013 21:26:16]

########## EOF - C:\AdwCleaner[S1].txt - [2367 octets] ##########
 

Autoruns

 

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""    "7/14/2009 12:49 AM"
+ "rdpclip"    ""    ""    "File not found: rdpclip"    ""
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "3/16/2013 2:07 AM"
+ "HotKeysCmds"    "hkcmd Module"    "Intel Corporation"    "c:\windows\system32\hkcmd.exe"    "10/21/2011 12:58 PM"
+ "IgfxTray"    "igfxTray Module"    "Intel Corporation"    "c:\windows\system32\igfxtray.exe"    "10/21/2011 12:58 PM"
+ "MSC"    "Microsoft Security Client User Interface"    "Microsoft Corporation"    "c:\program files\microsoft security client\msseces.exe"    "1/25/2013 3:57 AM"
+ "Persistence"    "persistence Module"    "Intel Corporation"    "c:\windows\system32\igfxpers.exe"    "10/21/2011 12:58 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "4/3/2013 9:27 PM"
+ "Adobe ARM"    "Adobe Reader and Acrobat Manager"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"    "12/3/2012 3:34 AM"
+ "HP Software Update"    "hpwuSchd Application"    "Hewlett-Packard"    "c:\program files (x86)\hp\hp software update\hpwuschd2.exe"    "1/12/2010 4:51 AM"
+ "SunJavaUpdateSched"    "Java™ Update Scheduler"    "Sun Microsystems, Inc."    "c:\program files (x86)\common files\java\java update\jusched.exe"    "7/3/2012 12:04 PM"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"    ""    ""    ""    "2/10/2013 4:28 PM"
+ "McAfee Security Scan Plus.lnk"    "McAfee Security Scanner Scheduler"    "McAfee, Inc."    "c:\program files (x86)\mcafee security scan\3.0.318\ssscheduler.exe"    "2/5/2013 11:44 AM"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "12/24/2011 3:58 PM"
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"    "7/13/2009 7:58 PM"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "12/24/2011 3:58 PM"
+ "Internet Explorer"    ""    ""    "File not found: C:\Windows\system32\ie4uinit.exe"    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"    "7/13/2009 7:42 PM"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "2/26/2013 9:25 PM"
+ "Facebook Update"    "Facebook Installer"    "Facebook Inc."    "c:\users\colin\appdata\local\facebook\update\facebookupdate.exe"    "7/6/2012 3:50 PM"
+ "Skype"    "Skype "    "Skype Technologies S.A."    "c:\program files (x86)\skype\phone\skype.exe"    "1/8/2013 8:55 AM"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""    "7/14/2009 12:53 AM"
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"    "2/28/2010 5:24 AM"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/14/2009 12:53 AM"
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"    "1/25/2013 3:57 AM"
+ "Notepad++64"    "ShellHandler for Notepad++ (64 bit)"    ""    "c:\program files (x86)\notepad++\nppshell_04.dll"    "11/8/2010 11:15 AM"
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files (x86)\winrar\rarext64.dll"    "6/9/2012 9:20 AM"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/14/2009 12:53 AM"
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files (x86)\winrar\rarext.dll"    "6/9/2012 9:20 AM"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/14/2009 12:53 AM"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"    "12/14/2012 4:52 PM"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/14/2009 12:53 AM"
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"    "1/25/2013 3:57 AM"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/14/2009 12:53 AM"
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"    "7/13/2009 9:32 PM"
+ "igfxcui"    "igfxpph Module"    "Intel Corporation"    "c:\windows\system32\igfxpph.dll"    "10/21/2011 12:58 PM"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/14/2009 12:53 AM"
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files (x86)\windows sidebar\sbdrop.dll"    "7/13/2009 9:09 PM"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers"    ""    ""    ""    "12/27/2011 4:28 PM"
+ "PDF Shell Extension"    "PDF Shell Extension"    "Adobe Systems, Inc."    "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"    "12/18/2012 9:02 AM"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "12/27/2011 4:28 PM"
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"    "12/14/2012 4:52 PM"
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files (x86)\winrar\rarext64.dll"    "6/9/2012 9:20 AM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "12/27/2011 4:28 PM"
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files (x86)\winrar\rarext.dll"    "6/9/2012 9:20 AM"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""    "12/27/2011 4:28 PM"
+ "WinRAR"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files (x86)\winrar\rarext64.dll"    "6/9/2012 9:20 AM"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""    "12/27/2011 4:28 PM"
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"    "c:\program files (x86)\winrar\rarext.dll"    "6/9/2012 9:20 AM"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "12/29/2011 1:05 PM"
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\urlredir.dll"    "12/20/2010 11:48 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "4/3/2013 9:27 PM"
+ "Adobe PDF Link Helper"    "Adobe PDF Helper for Internet Explorer"    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"    "12/18/2012 8:32 AM"
+ "Java™ Plug-In 2 SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"    "2/15/2013 6:46 PM"
+ "Java™ Plug-In SSV Helper"    "Java™ Platform SE binary"    "Oracle Corporation"    "c:\program files (x86)\java\jre7\bin\ssv.dll"    "2/15/2013 6:46 PM"
+ "MaGnaiPic"    ""    ""    "File not found: C:\ProgramData\MaGnaiPic\515a50a67ceb8.dll"    ""
+ "MSS+ Identifier"    "Quick Browser Identifier for MSS+ Tool"    "McAfee, Inc."    "c:\program files (x86)\mcafee security scan\3.0.318\mcafeemss_ie.dll"    "2/5/2013 11:41 AM"
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office14\urlredir.dll"    "12/20/2010 9:04 PM"
+ "Skype Browser Helper"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"    "11/29/2011 2:22 AM"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""    "3/16/2013 2:09 AM"
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"    "12/21/2010 1:56 AM"
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office\office14\onbttnie.dll"    "1/18/2012 3:52 AM"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""    "4/2/2013 9:31 AM"
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"    "12/20/2010 11:05 PM"
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files (x86)\microsoft office\office14\onbttnie.dll"    "1/18/2012 2:20 AM"
+ "Skype Click to Call"    "Skype Click to Call for Internet Explorer"    "Skype Technologies S.A."    "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"    "11/29/2011 2:22 AM"
"Task Scheduler"    ""    ""    ""    ""
+ "\FacebookUpdateTaskUserS-1-5-21-503735860-4052707797-1285997859-1000Core"    "Facebook Installer"    "Facebook Inc."    "c:\users\colin\appdata\local\facebook\update\facebookupdate.exe"    "7/6/2012 3:50 PM"
+ "\FacebookUpdateTaskUserS-1-5-21-503735860-4052707797-1285997859-1000UA"    "Facebook Installer"    "Facebook Inc."    "c:\users\colin\appdata\local\facebook\update\facebookupdate.exe"    "7/6/2012 3:50 PM"
+ "\HPCustParticipation HP Deskjet 1050 J410 series"    "HP Customer Participation."    "Hewlett-Packard Co."    "c:\program files\hp\hp deskjet 1050 j410 series\bin\hpcustpartic.exe"    "11/17/2010 1:28 AM"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"    "6/10/2009 4:36 PM"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"    "7/13/2009 8:24 PM"
+ "\Scheduled Update for Ask Toolbar"    ""    ""    "File not found: C:\Program Files (x86)\Ask.com\UpdateTask.exe"    ""
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "2/27/2013 4:05 AM"
+ "AdobeARMservice"    "Adobe Acrobat Updater keeps your Adobe software up to date."    "Adobe Systems Incorporated"    "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"    "12/3/2012 3:34 AM"
+ "AdobeFlashPlayerUpdateSvc"    "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."    "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"    "2/28/2013 10:40 PM"
+ "EvtEng"    "Manages the event trace messages for all the Intel® PROSet/Wireless Software components."    "Intel® Corporation"    "c:\program files\intel\wifi\bin\evteng.exe"    "3/5/2010 1:26 PM"
+ "McComponentHostService"    "McAfee Security Scan Component Host Service"    "McAfee, Inc."    "c:\program files (x86)\mcafee security scan\3.0.318\mcchsvc.exe"    "2/5/2013 11:43 AM"
+ "MozillaMaintenance"    "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."    "Mozilla Foundation"    "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"    "3/7/2013 8:32 AM"
+ "msftesql$CSSQL05"    "Quickly creates full-text indexes on content and properties of structured and semi-structured data to allow fast linguistic searches on this data."    "Microsoft Corporation"    "c:\program files (x86)\microsoft sql server\mssql.1\mssql\binn\msftesql.exe"    "3/26/2010 6:03 AM"
+ "MsMpSvc"    "Helps protect users from malware and other potentially unwanted software"    "Microsoft Corporation"    "c:\program files\microsoft security client\msmpeng.exe"    "1/25/2013 3:55 AM"
+ "MSSQL$CSSQL05"    "Provides storage, processing and controlled access of data and rapid transaction processing."    "Microsoft Corporation"    "c:\program files (x86)\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe"    "12/10/2010 6:23 PM"
+ "MyWiFiDHCPDNS"    "Wireless PAN DHCP and DNS Server"    ""    "c:\program files\intel\wifi\bin\pandhcpdns.exe"    "3/5/2010 1:07 PM"
+ "NisSrv"    "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols"    "Microsoft Corporation"    "c:\program files\microsoft security client\nissrv.exe"    "1/25/2013 3:56 AM"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"    "1/10/2010 12:16 AM"
+ "osppsvc"    "Office Software Protection Platform Service (unlocalized description)"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"    "8/11/2009 10:00 PM"
+ "RegSrvc"    "Provides registry access to all Intel® PROSet/Wireless Software components"    "Intel® Corporation"    "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"    "3/5/2010 1:06 PM"
+ "SkypeUpdate"    "Enables the detection, download and installation of updates for Skype."    "Skype Technologies"    "c:\program files (x86)\skype\updater\updater.exe"    "1/8/2013 8:55 AM"
+ "SQLBrowser"    "Provides SQL Server connection information to client computers."    "Microsoft Corporation"    "c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe"    "12/10/2010 3:40 PM"
+ "SQLWriter"    "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure."    "Microsoft Corporation"    "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"    "12/10/2010 3:52 PM"
+ "WinDefend"    "Protection against spyware and potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"    "7/13/2009 9:29 PM"
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"    "11/20/2010 7:18 AM"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "2/27/2013 4:05 AM"
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"    "12/5/2008 7:54 PM"
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"    "5/1/2007 1:30 PM"
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"    "2/27/2007 8:04 PM"
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"    "7/13/2009 7:19 PM"
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"    "3/18/2010 8:45 PM"
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"    "3/20/2009 2:36 PM"
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"    "3/19/2010 12:18 PM"
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"    "5/24/2007 5:27 PM"
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"    "1/14/2009 3:27 PM"
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"    "2/13/2009 6:18 PM"
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"    "4/26/2009 7:14 AM"
+ "bpenum"    "Intel® Centrino® WiMAX Enumerator"    "Intel Corporation"    "c:\windows\system32\drivers\bpenum.sys"    "9/15/2009 3:44 PM"
+ "bpmp"    "Intel® Centrino® WiMAX Driver"    "Intel Corporation"    "c:\windows\system32\drivers\bpmp.sys"    "9/15/2009 3:45 PM"
+ "bpusb"    "Intel® Centrino® WiMAX Function Driver"    "Intel Corporation"    "c:\windows\system32\drivers\bpusb.sys"    "9/15/2009 3:44 PM"
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"    "8/6/2006 9:51 PM"
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltup.sys"    "8/6/2006 9:51 PM"
+ "Brserid"    "Brotehr Serial I/F Driver (WDM)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserid.sys"    "8/6/2006 9:51 PM"
+ "BrSerWdm"    "Brother Serial driver (WDM version)"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brserwdm.sys"    "8/6/2006 9:51 PM"
+ "BrUsbMdm"    "Brother USB MDM Driver "    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbmdm.sys"    "8/6/2006 9:51 PM"
+ "BrUsbSer"    "Brother USB Serial Driver"    "Brother Industries Ltd."    "c:\windows\system32\drivers\brusbser.sys"    "8/9/2006 8:11 AM"
+ "cmdide"    "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."    "c:\windows\system32\drivers\cmdide.sys"    "7/13/2009 7:19 PM"
+ "ebdrv"    "Broadcom NetXtreme II 10 GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\evbda.sys"    "12/31/2008 12:29 PM"
+ "elxstor"    "Storport Miniport Driver for LightPulse HBAs"    "Emulex"    "c:\windows\system32\drivers\elxstor.sys"    "2/3/2009 6:52 PM"
+ "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"    "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"    "5/11/2009 4:26 AM"
+ "HECIx64"    "Intel® Management Engine Interface"    "Intel Corporation"    "c:\windows\system32\drivers\hecix64.sys"    "9/17/2009 3:54 PM"
+ "HpSAMD"    "Smart Array SAS/SATA Controller Media Driver"    "Hewlett-Packard Company"    "c:\windows\system32\drivers\hpsamd.sys"    "4/20/2010 2:32 PM"
+ "iaStorV"    "Intel Matrix Storage Manager driver - x64"    "Intel Corporation"    "c:\windows\system32\drivers\iastorv.sys"    "6/10/2010 8:46 PM"
+ "igfx"    "Intel Graphics Kernel Mode Driver"    "Intel Corporation"    "c:\windows\system32\drivers\igdkmd64.sys"    "10/21/2011 1:29 PM"
+ "iirsp"    "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"    "c:\windows\system32\drivers\iirsp.sys"    "12/13/2005 5:47 PM"
+ "LSI_FC"    "LSI Fusion-MPT FC Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_fc.sys"    "12/9/2008 6:46 PM"
+ "LSI_SAS"    "LSI Fusion-MPT SAS Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas.sys"    "5/18/2009 8:20 PM"
+ "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_sas2.sys"    "5/18/2009 8:31 PM"
+ "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)"    "LSI Corporation"    "c:\windows\system32\drivers\lsi_scsi.sys"    "4/16/2009 6:13 PM"
+ "megasas"    "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"    "LSI Corporation"    "c:\windows\system32\drivers\megasas.sys"    "5/18/2009 9:09 PM"
+ "MegaSR"    "LSI MegaRAID Software RAID Driver"    "LSI Corporation, Inc."    "c:\windows\system32\drivers\megasr.sys"    "5/18/2009 9:25 PM"
+ "NETw5s64"    "Intel® Wireless WiFi Link Driver"    "Intel Corporation"    "c:\windows\system32\drivers\netw5s64.sys"    "3/18/2010 1:21 AM"
+ "nfrd960"    "IBM ServeRAID Controller Driver"    "IBM Corporation"    "c:\windows\system32\drivers\nfrd960.sys"    "6/6/2006 5:11 PM"
+ "nvraid"    "NVIDIA® nForce™ RAID Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"    "3/19/2010 4:59 PM"
+ "nvstor"    "NVIDIA® nForce™ Sata Performance Driver"    "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"    "3/19/2010 4:45 PM"
+ "ql2300"    "QLogic Fibre Channel Stor Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"    "1/22/2009 7:05 PM"
+ "ql40xx"    "QLogic iSCSI Storport Miniport Driver"    "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"    "5/18/2009 9:18 PM"
+ "RTL8167"    "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver                "    "Realtek                                            "    "c:\windows\system32\drivers\rt64win7.sys"    "6/10/2011 2:33 AM"
+ "secdrv"    "Macrovision SECURITY Driver"    "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."    "c:\windows\system32\drivers\secdrv.sys"    "9/13/2006 9:18 AM"
+ "SiSRaid2"    "SiS RAID Stor Miniport Driver"    "Silicon Integrated Systems Corp."    "c:\windows\system32\drivers\sisraid2.sys"    "9/24/2008 2:28 PM"
+ "SiSRaid4"    "SiS AHCI Stor-Miniport Driver"    "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"    "10/1/2008 5:56 PM"
+ "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "    "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"    "2/17/2009 7:03 PM"
+ "viaide"    "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"    "7/13/2009 7:19 PM"
+ "vsmraid"    "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd"    "c:\windows\system32\drivers\vsmraid.sys"    "1/30/2009 9:18 PM"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "2/13/2013 6:16 PM"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"    "7/13/2009 9:28 PM"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""    "4/3/2013 9:27 PM"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\syswow64\l3codeca.acm"    "7/13/2009 9:06 PM"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\syswow64\iccvid.dll"    "11/20/2010 7:59 AM"
+ "vidc.tscc"    "TechSmith Screen Capture Codec"    "TechSmith Corporation"    "c:\windows\syswow64\tsccvid.dll"    "3/5/2001 12:11 PM"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""    "4/3/2013 9:27 PM"
+ "igfxcui"    "igfxdev Module"    "Intel Corporation"    "c:\windows\system32\igfxdev.dll"    "10/21/2011 12:57 PM"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""    "4/3/2013 9:27 PM"
+ "HP 8911 Status Monitor"    "Print Status Language Monitor"    "Hewlett-Packard Co."    "c:\windows\system32\hpinksts8911lm.dll"    "10/7/2010 6:43 AM"
+ "novaPDF Pro Server 5 Monitor"    "novaPDF Port Monitor"    "Softland"    "c:\windows\system32\novamno5.dll"    "3/19/2008 6:58 AM"
 



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:27 AM

Posted 03 April 2013 - 09:24 PM

Current issues?



#7 panda411

panda411
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 03 April 2013 - 09:40 PM

Yes, when I load firefox it still redirects to www.google.com/webhp

 

The privitize.com toolbar has also not been uninstalled



#8 panda411

panda411
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 03 April 2013 - 09:45 PM

http://searchou.com/?id=be48008700000000000064d4da00d9b3

 

I did just notice my homepage was set to the above link. I changed my homepage to www.google.com and it does not redirect to www.google.com/webhp anymore. However I don't know if the issue has actually been resolved or not.



#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:27 AM

Posted 03 April 2013 - 10:03 PM

Restart the PC and test your browsers



#10 panda411

panda411
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 03 April 2013 - 11:20 PM

I restarted and www.google.com is still the homepage! I checked the control panel and nothing from privitize seems to be there, however the privitize toolbar is still an option on firefox, so I don't know if the infection is completely gone.



#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:27 AM

Posted 04 April 2013 - 12:29 AM

Try this

Export your bookmarks from firefox

http://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

After exporting it

Uninstall firefox

Makesure to checkmark Remove my personal data option

Reinstall firefox and import your bookmarks

Let me know if that helps.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users