Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ChinaTV Redirector - Barehare [Closed]


  • This topic is locked This topic is locked

#1
Barehare

Barehare

    New Member

  • Member
  • Pip
  • 1 posts
Have "ChinaOnTV" redirector virus/malware and scan utilities will not detect & clean (tried Symantec, TDS and OTL).

I see that it creates a tmp file on Desktop called: xlfmsdrwpy.tmp

Ran OTL, here's the log-
OTL logfile created on: 12/12/2011 10:43:08 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\edaniels\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 46.46% Memory free
7.49 Gb Paging File | 5.46 Gb Available in Paging File | 72.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.75 Gb Total Space | 83.20 Gb Free Space | 55.93% Space Free | Partition Type: NTFS
Drive S: | 300.00 Mb Total Space | 260.88 Mb Free Space | 86.96% Space Free | Partition Type: NTFS

Computer Name: L7-CND0202CGW | User Name: edaniels | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 1 Day

========== Processes (SafeList) ==========

PRC - [2011/12/12 10:12:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\edaniels\Desktop\OTL.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/20 06:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/07/08 16:04:28 | 005,735,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
PRC - [2010/02/25 15:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/12/17 15:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009/09/24 09:03:05 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/09/24 09:03:05 | 000,108,392 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/09/24 09:03:02 | 002,477,304 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/09/24 09:02:59 | 000,050,544 | ---- | M] (Symantec Corporation) -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/02 13:36:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/12/02 13:35:57 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/12/02 13:35:28 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/12/01 11:03:34 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/25 15:38:55 | 000,972,664 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Outlook\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
MOD - [2011/02/25 15:38:53 | 000,448,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\office\14.0.0.0__71e9bce111e9429c\office.dll
MOD - [2011/02/25 15:37:56 | 000,004,608 | ---- | M] () -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll
MOD - [2010/12/21 00:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/09/29 13:37:45 | 001,589,760 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\enstart64.exe -- (enstart64)
SRV:64bit: - [2009/10/21 17:49:06 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/05 12:00:42 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_cef704cfb86625bf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_cef704cfb86625bf\AESTSr64.exe -- (AESTFilters)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/17 15:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009/10/21 17:30:46 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/09/24 09:03:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/09/24 09:03:05 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/09/24 09:03:04 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/09/24 09:03:03 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/24 09:03:02 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/30 18:50:27 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:57 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:11 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:07:04 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 05:03:43 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 03:57:43 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/09/29 13:37:45 | 000,066,112 | ---- | M] (Guidance Software Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\enstart64_.sys -- (enstart64_)
DRV:64bit: - [2010/05/20 21:14:30 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse)
DRV:64bit: - [2010/05/20 21:10:48 | 000,106,032 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp)
DRV:64bit: - [2010/02/25 15:18:58 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/01/08 10:23:00 | 000,395,776 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/12/17 15:18:52 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009/09/24 09:03:06 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/09/24 09:03:06 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/09/24 09:03:06 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/09/15 15:47:24 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/09/05 19:53:04 | 000,080,384 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/08/21 20:10:00 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/05 12:00:42 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/04 19:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 08:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/12/09 12:40:27 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111211.006\EX64.SYS -- (NAVEX15)
DRV - [2011/12/09 12:40:26 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111211.006\ENG64.SYS -- (NAVENG)
DRV - [2011/11/15 12:39:20 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/11/15 12:39:20 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/24 09:03:06 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/09/24 09:03:06 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/09/24 09:03:06 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/09/18 04:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://amdcentral/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 9B F5 A7 E4 AD CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy/proxy.pac

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ccApp] c:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AppleVerifierTray] C:\ProgramData\AppleVerifierTray.dll (Microsoft Corporation)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKCU..\Run: [Synaptics Update] C:\Users\edaniels\AppData\Local\Temp\TempUpdate\Tempupdt32.DLL (Microsoft Corporation)
O4 - HKCU..\Run: [TempData] C:\Users\edaniels\AppData\Local\Temp\TempData\Tempdata.DLL (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: amd.com ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([amdonline] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([cpg] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([cpgportal] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([cpgproject] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([gcsfm] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([gisportal] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([hcldms] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([mss] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([mssportal] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([myamd] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([myemail] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([MyHR] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([myprojects] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([myprojectteams] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([myteams] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([mywork] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([project] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([sapcitrix] http in Trusted sites)
O15:64bit: - ..Trusted Domains: amd.com ([wrms] https in Local intranet)
O15:64bit: - ..Trusted Domains: amd.com ([wrms] https in Trusted sites)
O15:64bit: - ..Trusted Domains: amdcentral ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: amdonline ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: asiaespec ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: ausb3rmwp01 ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: aus-v-cmp ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: aus-v-cmp ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: cdw ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: cdw.com ([www] http in Trusted sites)
O15:64bit: - ..Trusted Domains: citrixwebqa ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: conrad.de ([www1.business] http in Trusted sites)
O15:64bit: - ..Trusted Domains: corporateexpress.de ([connect] http in Trusted sites)
O15:64bit: - ..Trusted Domains: cpg ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: cpgportal ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: cpgproject ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: csgpweb2 ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: gisportal ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: hagemeyerce.com ([down] http in Trusted sites)
O15:64bit: - ..Trusted Domains: hcldms ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: hoffmann-gmbh.de ([de] http in Trusted sites)
O15:64bit: - ..Trusted Domains: insight.ca ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: insight.ca ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: insight.com ([]https in Trusted sites)
O15:64bit: - ..Trusted Domains: insight.com ([uk] http in Trusted sites)
O15:64bit: - ..Trusted Domains: insight.com ([uk] https in Trusted sites)
O15:64bit: - ..Trusted Domains: insight.com ([www.corp] http in Trusted sites)
O15:64bit: - ..Trusted Domains: insight.com ([www.marketplace.corp] https in Trusted sites)
O15:64bit: - ..Trusted Domains: kroschke.com ([shop] http in Trusted sites)
O15:64bit: - ..Trusted Domains: metafore.ca ([e-buy] http in Trusted sites)
O15:64bit: - ..Trusted Domains: mrose24.de ([www] http in Trusted sites)
O15:64bit: - ..Trusted Domains: mss ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: mssportal ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: mutiaranet ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: myamd ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: myamd-qa ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: MyHR ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: myie6 ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: myithelp ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: myprojects ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: myprojectteams ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: myqs ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: myteams ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: myteamsdrs ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: myteamssgp ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: mywork ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: pngqssts ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: printmedia.de ([vubt001] http in Trusted sites)
O15:64bit: - ..Trusted Domains: project ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: qualitycenter ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: rs-components.com ([order] http in Trusted sites)
O15:64bit: - ..Trusted Domains: sapcitrix ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: schweitzer-online.de ([www] http in Trusted sites)
O15:64bit: - ..Trusted Domains: shi.com ([roundtrip] http in Trusted sites)
O15:64bit: - ..Trusted Domains: spngmes01 ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: spngweb5 ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: ssgpopt13 ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: storesonline ([]http in Trusted sites)
O15:64bit: - ..Trusted Domains: swagelok.com ([b2b-de] http in Trusted sites)
O15:64bit: - ..Trusted Domains: thgeyer.de ([www] https in Trusted sites)
O15:64bit: - ..Trusted Domains: vwr.com ([de] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([amdonline] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([amdvault] * in Local intranet)
O15 - HKCU\..Trusted Domains: amd.com ([ausev1] * in Local intranet)
O15 - HKCU\..Trusted Domains: amd.com ([ausev2] * in Local intranet)
O15 - HKCU\..Trusted Domains: amd.com ([ausev3] * in Local intranet)
O15 - HKCU\..Trusted Domains: amd.com ([ausev4] * in Local intranet)
O15 - HKCU\..Trusted Domains: amd.com ([cpg] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([cpgportal] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([cpgproject] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([gcsfm] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([gisportal] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([hcldms] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([mss] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([mssportal] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([myamd] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([myemail] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([MyHR] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([myprojects] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([myprojectteams] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([myteams] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([mywork] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([project] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([sapcitrix] http in Trusted sites)
O15 - HKCU\..Trusted Domains: amd.com ([sausev1] * in Local intranet)
O15 - HKCU\..Trusted Domains: amd.com ([sausev2] * in Local intranet)
O15 - HKCU\..Trusted Domains: amd.com ([sausev3] * in Local intranet)
O15 - HKCU\..Trusted Domains: amd.com ([sausev4] * in Local intranet)
O15 - HKCU\..Trusted Domains: amd.com ([wrms] https in Local intranet)
O15 - HKCU\..Trusted Domains: amd.com ([wrms] https in Trusted sites)
O15 - HKCU\..Trusted Domains: amdcentral ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: amdonline ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: amdvault ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: asiaespec ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ausb3rmwp01 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ausev1 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ausev2 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ausev3 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ausev4 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: aus-v-cmp ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aus-v-cmp ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: cdw ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cdw.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: citrixwebqa ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: conrad.de ([www1.business] http in Trusted sites)
O15 - HKCU\..Trusted Domains: corporateexpress.de ([connect] http in Trusted sites)
O15 - HKCU\..Trusted Domains: cpg ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cpgportal ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cpgproject ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: csgpweb2 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: gisportal ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hagemeyerce.com ([down] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hcldms ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hoffmann-gmbh.de ([de] http in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.ca ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.ca ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.com ([uk] http in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.com ([uk] https in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.com ([www.corp] http in Trusted sites)
O15 - HKCU\..Trusted Domains: insight.com ([www.marketplace.corp] https in Trusted sites)
O15 - HKCU\..Trusted Domains: kroschke.com ([shop] http in Trusted sites)
O15 - HKCU\..Trusted Domains: metafore.ca ([e-buy] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mrose24.de ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mss ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mssportal ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mutiaranet ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myamd ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myamd-qa ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: MyHR ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myie6 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myithelp ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myprojects ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myprojectteams ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myqs ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myteams ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myteamsdrs ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: myteamssgp ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mywork ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: pngqssts ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: printmedia.de ([vubt001] http in Trusted sites)
O15 - HKCU\..Trusted Domains: project ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: qualitycenter ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: rs-components.com ([order] http in Trusted sites)
O15 - HKCU\..Trusted Domains: sapcitrix ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sausev1 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sausev2 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sausev3 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: sausev4 ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: schweitzer-online.de ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: shi.com ([roundtrip] http in Trusted sites)
O15 - HKCU\..Trusted Domains: spngmes01 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: spngweb5 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: ssgpopt13 ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: storesonline ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: swagelok.com ([b2b-de] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thgeyer.de ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: vwr.com ([de] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 163.181.12.1 163.181.12.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amd.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C44AC16-FB25-4836-9A1D-E4D5A9F7DF96}: DhcpNameServer = 163.181.12.17 163.181.12.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1412FE8-EB4B-4342-B96E-6EF3E977ED79}: DhcpNameServer = 163.181.12.1 163.181.12.17
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\x-owacid - No CLSID value found
O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 1 Day ==========

[2011/12/12 10:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011/12/12 10:12:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\edaniels\Desktop\OTL.exe
[2011/12/12 10:03:46 | 000,000,000 | ---D | C] -- C:\Users\edaniels\Desktop\TDS
[2011/12/12 09:58:56 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\edaniels\Desktop\GooredFix.exe
[2011/12/12 08:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/12/12 08:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/12/11 21:26:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
[2011/12/11 21:26:37 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\AppleVerifierTray.dll
[1 C:\Users\edaniels\Desktop\*.tmp files -> C:\Users\edaniels\Desktop\*.tmp -> ]

========== Files - Modified Within 1 Day ==========

[2011/12/12 10:40:59 | 000,012,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 10:40:59 | 000,012,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/12 10:12:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\edaniels\Desktop\OTL.exe
[2011/12/12 09:58:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\edaniels\Desktop\GooredFix.exe
[2011/12/12 08:49:32 | 000,728,852 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/12 08:49:32 | 000,625,900 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/12 08:49:32 | 000,107,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/12 08:41:45 | 000,000,474 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2011/12/12 08:40:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/11 21:26:37 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\AppleVerifierTray.dll
[1 C:\Users\edaniels\Desktop\*.tmp files -> C:\Users\edaniels\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/08 07:59:10 | 000,048,586 | ---- | C] () -- C:\ProgramData\xpif-v02030a.dtd
[2011/12/02 08:55:00 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2011/12/01 11:14:03 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/01 11:05:34 | 000,000,474 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2011/11/30 18:46:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/30 18:41:09 | 000,020,252 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/07/13 13:55:59 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2010/09/28 16:42:51 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/09/28 16:42:50 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/09/28 16:42:49 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/09/28 16:42:49 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/09/28 16:42:48 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/09/28 12:21:49 | 002,275,888 | ---- | C] () -- C:\Windows\SysWow64\vm3dgl.dll
[2009/10/22 08:56:00 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\vcsAPIShared.dll.hpsign
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/07/13 23:08:49 | 000,016,404 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Oh good a new one, once run can you let me know if it still present

OK lets see what we can do to remove this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
    O4 - HKCU..\Run: [Synaptics Update] C:\Users\edaniels\AppData\Local\Temp\TempUpdate\Tempupdt32.DLL (Microsoft Corporation)
    O4 - HKCU..\Run: [TempData] C:\Users\edaniels\AppData\Local\Temp\TempData\Tempdata.DLL (Microsoft Corporation)
    [2011/12/11 21:26:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srrstr.dll
    [2011/12/11 21:26:37 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\AppleVerifierTray.dll

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

NEXT

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP