Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

webpage error . (DEP) [Closed]


  • This topic is locked This topic is locked

#1
jes1876

jes1876

    Member

  • Member
  • PipPip
  • 12 posts
every so often i open explorer and i get the webpage error .""Windows Data Execution Prevention detected an add-on trying to use system memory incorrectly. This can be caused by a malfunction or a malicious add-on."" then closes its self . says dep error . i have 64 bit win7 having trouble getting "OTL" to finish . hopefully the log will follow :) ..
any help would be great . thanks jesse


OTL log


OTL logfile created on: 7/24/2012 11:18:51 AM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Jesse Behymer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.36 Gb Available Physical Memory | 72.76% Memory free
11.98 Gb Paging File | 9.38 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.50 Gb Total Space | 279.83 Gb Free Space | 61.17% Space Free | Partition Type: NTFS

Computer Name: JESSEBEHYMER-PC | User Name: Jesse Behymer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 11:11:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jesse Behymer\Desktop\OTL.exe
PRC - [2012/07/13 13:13:10 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/07/13 13:12:52 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/07/11 19:28:11 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/05/16 16:44:39 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/05/10 16:29:02 | 000,838,136 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/05/10 16:28:58 | 001,122,296 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/03/22 10:55:02 | 000,166,528 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2009/08/05 12:26:40 | 000,212,480 | ---- | M] () -- C:\Program Files (x86)\Bigfoot Networks\Xeno Suite\GameDetectService.exe
PRC - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/13 13:13:10 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/07/13 13:13:10 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/07/13 13:13:10 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/07/13 13:13:10 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/07/13 13:13:10 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/03 18:49:24 | 000,014,648 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/03 15:56:06 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/07/13 13:13:10 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/11 19:28:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/06/03 13:15:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2012/06/03 13:13:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/05/16 17:08:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/05 12:26:40 | 000,212,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Bigfoot Networks\Xeno Suite\GameDetectService.exe -- (GameDetect)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/15 07:35:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/16 16:36:11 | 000,019,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AWOPFilterDriver.sys -- (AWOPFilterDriver)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 17:24:46 | 000,131,096 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (Xeno7x64)
DRV:64bit: - [2009/06/02 17:24:46 | 000,027,672 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Edge7x64.sys -- (Edge7x64)
DRV:64bit: - [2009/05/06 02:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/04/09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 79 95 26 AE 33 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS484
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/22 18:27:25 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jesse Behymer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: YouTube = C:\Users\Jesse Behymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jesse Behymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jesse Behymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Jesse Behymer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/18 00:30:13 | 000,442,687 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15209 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\bfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\bfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\bfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\bfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\bfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.27.200.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF05D435-170B-4402-903C-B6F7E9CB95C8}: DhcpNameServer = 12.27.200.6
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2cc64d31-9f8d-11e1-ace0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2cc64d31-9f8d-11e1-ace0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 11:11:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jesse Behymer\Desktop\OTL.exe
[2012/07/14 16:11:27 | 000,000,000 | ---D | C] -- C:\Users\Jesse Behymer\AppData\Local\LogMeIn Hamachi
[2012/07/14 16:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/07/14 16:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/07/13 13:21:21 | 000,000,000 | ---D | C] -- C:\Users\Jesse Behymer\Documents\My Games
[2012/07/13 13:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/07/13 13:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/13 13:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/07/13 13:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/07/08 21:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012/07/08 21:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2012/07/08 21:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/07/08 21:37:13 | 000,000,000 | ---D | C] -- C:\Nexon
[2012/07/05 12:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KingsIsle Entertainment
[2012/07/05 12:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2012/07/04 15:14:13 | 000,000,000 | ---D | C] -- C:\Users\Jesse Behymer\AppData\Local\Microsoft Games

========== Files - Modified Within 30 Days ==========

[2012/07/24 11:11:44 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jesse Behymer\Desktop\OTL.exe
[2012/07/24 11:09:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 11:09:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 10:49:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 10:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/24 07:34:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/23 22:49:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/23 13:43:46 | 529,780,735 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/23 13:43:45 | 430,580,118 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/13 13:12:45 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/12 12:52:34 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/12 12:49:15 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/08 22:02:14 | 000,001,611 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/07/05 12:34:49 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2012/06/27 21:22:32 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/27 21:22:32 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/27 21:22:32 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2012/07/21 20:33:21 | 430,580,118 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/13 13:12:45 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/08 21:39:33 | 000,001,611 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms.lnk
[2012/07/05 12:34:49 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Play Wizard101.lnk
[2012/06/03 12:23:25 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/05/24 11:30:58 | 000,007,605 | ---- | C] () -- C:\Users\Jesse Behymer\AppData\Local\Resmon.ResmonCfg
[2012/05/17 19:54:03 | 000,000,166 | ---- | C] () -- C:\ProgramData\menu.bfm
[2012/05/16 16:57:30 | 009,428,492 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/16 16:53:57 | 000,000,166 | ---- | C] () -- C:\ProgramData\menu.new
[2012/05/16 16:52:12 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/05/16 16:52:12 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== LOP Check ==========

[2009/07/14 00:08:49 | 000,025,110 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


thanks again .. jesse
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Please download MiniToolBox and run it.

Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt).
  • 0

#3
jes1876

jes1876

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
MiniToolBox by Farbar Version: 23-07-2012
Ran by Jesse Behymer (administrator) on 31-07-2012 at 19:23:04
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
Hamachi Network Interface = Hamachi (Connected)
Killer Xeno NDIS EDGE Interface = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JesseBehymer-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Killer Xeno NDIS EDGE Interface
Physical Address. . . . . . . . . : 00-19-03-02-D2-CF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-25-64-8C-C6-A3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::399c:963b:72e:82ba%10(Preferred)
IPv4 Address. . . . . . . . . . . : 12.27.200.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 30, 2012 1:52:30 PM
Lease Expires . . . . . . . . . . : Wednesday, August 01, 2012 1:52:30 PM
Default Gateway . . . . . . . . . : 12.27.200.6
DHCP Server . . . . . . . . . . . : 12.27.200.6
DHCPv6 IAID . . . . . . . . . . . : 234890596
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-45-BA-3E-00-25-64-8C-C6-A3
DNS Servers . . . . . . . . . . . : 12.27.200.6
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-94-F2-2C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::594:f22c(Preferred)
Link-local IPv6 Address . . . . . : fe80::a439:9b7a:b371:7a08%18(Preferred)
IPv4 Address. . . . . . . . . . . : 5.148.242.44(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Monday, July 30, 2012 1:52:25 PM
Lease Expires . . . . . . . . . . : Tuesday, July 30, 2013 1:54:32 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 427456935
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-45-BA-3E-00-25-64-8C-C6-A3
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{CF05D435-170B-4402-903C-B6F7E9CB95C8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3c4d:3306:9d21:fec1(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c4d:3306:9d21:fec1%13(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{00383C67-D5CC-4B7A-BAAC-26DA38FECF67}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6B446C99-3059-475E-A459-DAF1DB5332B5}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 12.27.200.6

Name: google.com
Addresses: 2607:f8b0:4009:803::1006
74.125.225.66
74.125.225.69
74.125.225.65
74.125.225.64
74.125.225.68
74.125.225.73
74.125.225.67
74.125.225.72
74.125.225.78
74.125.225.71
74.125.225.70


Pinging google.com [74.125.225.72] with 32 bytes of data:
Reply from 74.125.225.72: bytes=32 time=27ms TTL=55
Reply from 74.125.225.72: bytes=32 time=23ms TTL=55

Ping statistics for 74.125.225.72:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 27ms, Average = 25ms
Server: UnKnown
Address: 12.27.200.6

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=85ms TTL=51
Reply from 72.30.38.140: bytes=32 time=117ms TTL=51

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 85ms, Maximum = 117ms, Average = 101ms
Server: UnKnown
Address: 12.27.200.6

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 19 03 02 d2 cf ......Killer Xeno NDIS EDGE Interface
10...00 25 64 8c c6 a3 ......Broadcom NetLink ™ Gigabit Ethernet
18...7a 79 05 94 f2 2c ......Hamachi Network Interface
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.148.242.44 9256
0.0.0.0 0.0.0.0 12.27.200.6 12.27.200.7 20
5.0.0.0 255.0.0.0 On-link 5.148.242.44 9256
5.148.242.44 255.255.255.255 On-link 5.148.242.44 9256
5.255.255.255 255.255.255.255 On-link 5.148.242.44 9256
12.27.200.0 255.255.255.0 On-link 12.27.200.7 276
12.27.200.7 255.255.255.255 On-link 12.27.200.7 276
12.27.200.255 255.255.255.255 On-link 12.27.200.7 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 12.27.200.7 276
224.0.0.0 240.0.0.0 On-link 5.148.242.44 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 12.27.200.7 276
255.255.255.255 255.255.255.255 On-link 5.148.242.44 9256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:9d38:953c:3c4d:3306:9d21:fec1/128
On-link
18 276 2620:9b::/96 On-link
18 276 2620:9b::594:f22c/128 On-link
10 276 fe80::/64 On-link
18 276 fe80::/64 On-link
13 306 fe80::/64 On-link
10 276 fe80::399c:963b:72e:82ba/128
On-link
13 306 fe80::3c4d:3306:9d21:fec1/128
On-link
18 276 fe80::a439:9b7a:b371:7a08/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
10 276 ff00::/8 On-link
18 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/31/2012 07:19:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x2d24
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/31/2012 04:24:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1c6c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/31/2012 04:09:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x303c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/30/2012 02:45:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xe68
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/30/2012 02:44:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1218
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/30/2012 02:26:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xe08
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/30/2012 02:26:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x183c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/30/2012 02:13:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x6f0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/30/2012 02:13:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x15d8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/30/2012 02:12:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16447, time stamp: 0x4fc9cd53
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1858
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3


System errors:
=============
Error: (07/24/2012 04:04:19 PM) (Source: DCOM) (User: JesseBehymer-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}JesseBehymer-PCJesse BehymerS-1-5-21-1825759054-3855176321-1944685846-1001LocalHost (Using LRPC)

Error: (07/24/2012 04:03:50 PM) (Source: DCOM) (User: JesseBehymer-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}JesseBehymer-PCJesse BehymerS-1-5-21-1825759054-3855176321-1944685846-1001LocalHost (Using LRPC)

Error: (07/24/2012 11:43:07 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/24/2012 11:43:07 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/24/2012 11:43:07 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/23/2012 01:44:26 PM) (Source: Service Control Manager) (User: )
Description: The Alienware Fusion Service service failed to start due to the following error:
%%1053

Error: (07/23/2012 01:44:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Alienware Fusion Service service to connect.

Error: (07/23/2012 01:43:55 PM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000003, 0xfffffa80077d8060, 0xfffff80003fe8518, 0xfffffa800617e010)C:\Windows\MEMORY.DMP072312-12823-01

Error: (07/23/2012 01:43:50 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:24:16 PM on ?7/?23/?2012 was unexpected.

Error: (07/23/2012 08:40:07 AM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (07/31/2012 07:19:21 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53unknown0.0.0.000000000c0000005000000002d2401cd6f7b4bb4d0b4C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown89bef5ec-db6e-11e1-b0ab-0025648cc6a3

Error: (07/31/2012 04:24:31 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53unknown0.0.0.000000000c0000005000000001c6c01cd6f62de7bd7baC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown1d38d4d0-db56-11e1-b0ab-0025648cc6a3

Error: (07/31/2012 04:09:06 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53unknown0.0.0.000000000c000000500000000303c01cd6f60b75cc203C:\Program Files (x86)\Internet Explorer\iexplore.exeunknownf5e20c79-db53-11e1-b0ab-0025648cc6a3

Error: (07/30/2012 02:45:11 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53unknown0.0.0.000000000c000000500000000e6801cd6e8bd477778cC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown128f2058-da7f-11e1-b0ab-0025648cc6a3

Error: (07/30/2012 02:44:12 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53unknown0.0.0.000000000c000000500000000121801cd6e8bb0beda86C:\Program Files (x86)\Internet Explorer\iexplore.exeunknownef3652c3-da7e-11e1-b0ab-0025648cc6a3

Error: (07/30/2012 02:26:04 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53unknown0.0.0.000000000c000000500000000e0801cd6e8928697ffdC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown66ac018f-da7c-11e1-b0ab-0025648cc6a3

Error: (07/30/2012 02:26:01 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53unknown0.0.0.000000000c000000500000000183c01cd6e89262e21d4C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown64ea0993-da7c-11e1-b0ab-0025648cc6a3

Error: (07/30/2012 02:13:55 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53unknown0.0.0.000000000c0000005000000006f001cd6e8775cc0647C:\Program Files (x86)\Internet Explorer\iexplore.exeunknownb4538fc1-da7a-11e1-b0ab-0025648cc6a3

Error: (07/30/2012 02:13:51 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53unknown0.0.0.000000000c00000050000000015d801cd6e87743e1ed1C:\Program Files (x86)\Internet Explorer\iexplore.exeunknownb2216958-da7a-11e1-b0ab-0025648cc6a3

Error: (07/30/2012 02:12:31 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.164474fc9cd53unknown0.0.0.000000000c000000500000000185801cd6e8742582e76C:\Program Files (x86)\Internet Explorer\iexplore.exeunknown8289ce40-da7a-11e1-b0ab-0025648cc6a3


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 6134.99 MB
Available physical RAM: 3817.12 MB
Total Pagefile: 12268.17 MB
Available Pagefile: 9609.36 MB
Total Virtual: 4095.88 MB
Available Virtual: 3957.9 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:457.5 GB) (Free:282.82 GB) NTFS

========================= Users: ========================================

User accounts for \\JESSEBEHYMER-PC

Administrator Guest Jesse Behymer


**** End of log ****
  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please do the following:

Restore Internet Explorer default settings.
  • Click on Start and then on Control Panel
  • In Control Panel window click on Network and Internet and then on Internet Options
  • In Internet Properties window click on Advanced tab
  • Under "Reset Internet Explorer setting", click the Reset... button.
  • Put a check mark on Delete Personal Settings.
  • Click Apply > OK.

Note: Putting a check mark on Delete Personal Settings will reset your "Home page, Search providers and Accelerators" to default setting.

NEXT...

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that. Please attach it here.

How to add an attachment to a new topic or reply
  • 0

#5
jes1876

jes1876

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
hello thanks for the help , i hope this is what you were after . and the way you wanted it :)
:whistling:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-01 12:13:48
-----------------------------
12:13:48.264 OS Version: Windows x64 6.1.7601 Service Pack 1
12:13:48.264 Number of processors: 8 586 0x1A05
12:13:48.265 ComputerName: JESSEBEHYMER-PC UserName: Jesse Behymer
12:13:51.545 Initialize success
12:13:55.399 AVAST engine defs: 12080100
12:14:00.479 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:14:00.482 Disk 0 Vendor: ST3500418AS CC45 Size: 476940MB BusType: 11
12:14:00.495 Disk 0 MBR read successfully
12:14:00.498 Disk 0 MBR scan
12:14:00.553 Disk 0 Windows 7 default MBR code
12:14:00.555 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:14:00.569 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8418 MB offset 81920
12:14:00.577 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 468481 MB offset 17321984
12:14:00.614 Disk 0 scanning C:\Windows\system32\drivers
12:14:18.307 Service scanning
12:14:47.736 Modules scanning
12:14:47.744 Disk 0 trace - called modules:
12:14:47.762 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:14:48.092 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80071b7790]
12:14:48.098 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8006f0a1e0]
12:14:48.103 5 ACPI.sys[fffff88000f787a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006f24060]
12:14:51.564 AVAST engine scan C:\Windows
12:14:55.943 AVAST engine scan C:\Windows\system32
12:19:27.888 AVAST engine scan C:\Windows\system32\drivers
12:19:48.816 AVAST engine scan C:\Users\Jesse Behymer
12:22:01.026 AVAST engine scan C:\ProgramData
12:22:34.991 Scan finished successfully
12:23:42.810 Disk 0 MBR has been saved successfully to "C:\Users\Jesse Behymer\Desktop\MBR.dat"
12:23:42.815 The log file has been saved successfully to "C:\Users\Jesse Behymer\Desktop\aswMBR.txt"


thanks again for the help :)
you guys are great

Attached Files

  • Attached File  MBR.dat   512bytes   31 downloads

  • 0

#6
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

MBR looks clean. From provided logs I don't see nothing malicious. So we will try to resolve DEP issue as follows:

As it is very clear from the error message that one of the add-on is causing the issue, use the Manage Add-ons tool to determine which add-on is causing the issue. However, before that let's check if the issue persists in No add-ons mode. Step 1:


Run Internet Explorer in "No Add-Ons" mode
a. Click Start, and then type Internet Explorer in the Start Search box.
b. Click Internet Explorer (No Add-Ons). Internet Explorer opens without add-ons, toolbars, or plug-ins.
c. Test Internet Explorer to verify that it works correctly. If it works then you can disable add-ons (follow step 2).


Step 2:


Use the Manage Add-ons tool to determine which add-on is causing the issue
a. Open Internet Explorer.
b. Click Tools, and then click Manage Add-ons.
c. On the Show drop-down menu, select All add-ons to display all add-ons that are installed on the computer.
d. For each item in this list, select the add-on, and then click Disable in the Information window.
e. When you have disabled all the items in this list, click OK.
f. Exit and then restart Internet Explorer.
g. If issues do not reoccur, repeat steps a through c.
h. Click Enable for a single add-on.
i. Repeat steps f through h until you determine which add-on causes errors to occur.


Internet Explorer add-ons: frequently asked questions:
http://windowshelp.m...df9b7e1033.mspx

For more information on Data Execution Prevention [DEP], refer:
Data Execution Prevention: frequently asked questions:

Change Data Execution Prevention settings:
  • 0

#7
jes1876

jes1876

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
thanks . i tried the Internet Explorer (No Add-Ons) ..i still get "
Windows Data Execution Prevention detected an add-on trying to use system memory incorrectly. This can be caused by a malfunction or a malicious add-on "


grrr sorry and thank you again for the help
jesse
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#9
jes1876

jes1876

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
heres the combo fix text log :)



ComboFix 12-07-31.03 - Jesse Behymer 08/01/2012 13:48:28.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.3933 [GMT -5:00]
Running from: c:\users\Jesse Behymer\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jesse Behymer\AppData\Local\Temp\{DA397603-5728-40F2-9A2C-C763D761A374}\fpb.tmp
c:\users\Jesse Behymer\Documents\R226476.zip
c:\users\JESSEB~1\AppData\Local\Temp\{DA397603-5728-40F2-9A2C-C763D761A374}\fpb.tmp
c:\users\Public\AlexaNSISPlugin.6080.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 17:05 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E44B364D-F26F-4DE4-B3A9-64D40A1EF245}\mpengine.dll
2012-08-01 16:29 . 2012-08-01 16:29 -------- d-----w- c:\windows\system32\drivers\NSSx64
2012-08-01 16:29 . 2012-08-01 16:29 -------- d-----w- c:\programdata\Norton
2012-08-01 16:29 . 2012-08-01 16:29 -------- d-----w- c:\program files (x86)\Norton Security Scan
2012-08-01 16:24 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-01 12:54 . 2012-08-01 12:54 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-07-30 21:17 . 2012-08-01 16:29 -------- d-----w- c:\programdata\Symantec
2012-07-30 21:17 . 2012-07-30 21:17 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-07-30 19:18 . 2012-07-30 19:18 -------- d-----w- c:\users\Jesse Behymer\AppData\Local\MPlayer
2012-07-30 19:18 . 2012-07-30 19:18 -------- d-----w- c:\programdata\OEM Links
2012-07-30 19:18 . 2012-07-30 19:18 -------- d-----w- C:\MININT
2012-07-30 19:18 . 2012-08-01 16:22 -------- d-----w- c:\users\Jesse Behymer\.umplayer
2012-07-30 19:18 . 2012-08-01 16:22 -------- d-----w- c:\program files (x86)\UMPlayer
2012-07-30 19:17 . 2012-08-01 16:22 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-07-30 19:17 . 2012-07-30 19:17 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-07-30 19:17 . 2012-07-30 19:17 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-30 19:17 . 2012-07-30 19:17 -------- d-----w- c:\users\Jesse Behymer\AppData\Local\Real
2012-07-30 19:15 . 2012-07-30 19:15 -------- d-----w- c:\program files (x86)\Amazon
2012-07-30 19:15 . 2012-08-01 16:22 -------- d-----w- c:\program files (x86)\Amazon Browser Bar
2012-07-24 21:48 . 2012-07-24 21:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-07-24 21:46 . 2012-07-24 21:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-07-24 21:46 . 2012-07-30 19:43 -------- d-----w- c:\users\Jesse Behymer\AppData\Local\Adobe
2012-07-24 21:45 . 2012-07-24 21:45 -------- d-----w- c:\windows\SysWow64\Adobe
2012-07-24 16:44 . 2012-02-09 19:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D4ACB817-FC54-4FD1-AFCE-039309529F47}\gapaengine.dll
2012-07-24 16:40 . 2012-07-24 16:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-24 16:40 . 2012-07-24 16:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-24 16:33 . 2012-07-24 16:33 -------- d-----w- c:\program files (x86)\HD Tune
2012-07-24 16:30 . 2012-07-24 16:30 -------- d-----w- c:\program files (x86)\SpeedFan
2012-07-24 12:45 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A830D790-A488-43B2-8B21-5571F0A63B6E}\mpengine.dll
2012-07-14 21:11 . 2012-07-27 20:38 -------- d-----w- c:\users\Jesse Behymer\AppData\Local\LogMeIn Hamachi
2012-07-14 21:09 . 2012-07-14 21:09 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-07-13 18:21 . 2010-02-04 15:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-07-13 18:21 . 2010-02-04 15:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-07-13 18:21 . 2010-02-04 15:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-07-13 18:21 . 2010-02-04 15:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-07-13 18:21 . 2009-03-09 20:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-07-13 18:21 . 2007-04-04 23:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-07-13 18:21 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-07-13 18:20 . 2012-07-13 18:20 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-07-13 18:12 . 2012-07-27 20:38 -------- d-----w- c:\program files (x86)\Steam
2012-07-13 18:12 . 2012-07-14 07:36 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-07-12 08:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 08:00 . 2012-06-02 12:12 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-07-12 00:28 . 2012-07-12 00:28 9226440 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-09 02:43 . 2012-07-09 02:43 -------- d-----w- c:\programdata\Nexon
2012-07-09 02:37 . 2012-07-09 02:37 -------- d-----w- C:\Nexon
2012-07-04 20:14 . 2012-07-04 20:16 -------- d-----w- c:\users\Jesse Behymer\AppData\Local\Microsoft Games
2012-07-03 00:02 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-03 00:02 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 19:43 . 2012-05-16 21:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-30 19:43 . 2012-05-16 21:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 08:01 . 2012-05-16 21:25 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 18:46 . 2012-05-24 16:12 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-19 14:11 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 14:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:11 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:11 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 14:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 14:11 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 14:11 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-19 14:11 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-18 00:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-05-18 00:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-16 22:09 . 2012-05-16 22:09 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-16 22:09 . 2012-05-16 22:09 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-05-16 22:09 . 2012-05-16 22:09 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-16 22:09 . 2012-05-16 22:09 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-05-16 21:36 . 2012-05-16 21:39 19464 ----a-w- c:\windows\system32\drivers\AWOPFilterDriver.sys
2012-05-16 20:45 . 2012-05-16 20:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-16 20:45 . 2012-05-16 20:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-16 20:45 . 2012-05-16 20:45 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-05-16 20:45 . 2012-05-16 20:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-16 20:45 . 2012-05-16 20:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-16 20:45 . 2012-05-16 20:45 82432 ----a-w- c:\windows\system32\icardie.dll
2012-05-16 20:45 . 2012-05-16 20:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-16 20:45 . 2012-05-16 20:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-16 20:45 . 2012-05-16 20:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-16 20:45 . 2012-05-16 20:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-16 20:45 . 2012-05-16 20:45 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-05-16 20:45 . 2012-05-16 20:45 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-05-16 20:45 . 2012-05-16 20:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-16 20:45 . 2012-05-16 20:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-16 20:45 . 2012-05-16 20:45 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-05-16 20:45 . 2012-05-16 20:45 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-05-16 20:45 . 2012-05-16 20:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-16 20:45 . 2012-05-16 20:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-16 20:45 . 2012-05-16 20:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-16 20:45 . 2012-05-16 20:45 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-05-16 20:45 . 2012-05-16 20:45 448512 ----a-w- c:\windows\system32\html.iec
2012-05-16 20:45 . 2012-05-16 20:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-16 20:45 . 2012-05-16 20:45 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-05-16 20:45 . 2012-05-16 20:45 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-05-16 20:45 . 2012-05-16 20:45 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-05-16 20:45 . 2012-05-16 20:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-16 20:45 . 2012-05-16 20:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-16 20:45 . 2012-05-16 20:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-16 20:45 . 2012-05-16 20:45 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-05-16 20:45 . 2012-05-16 20:45 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-05-16 20:45 . 2012-05-16 20:45 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-05-16 20:45 . 2012-05-16 20:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-16 20:45 . 2012-05-16 20:45 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-16 20:45 . 2012-05-16 20:45 197120 ----a-w- c:\windows\system32\msrating.dll
2012-05-16 20:45 . 2012-05-16 20:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-16 20:45 . 2012-05-16 20:45 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-05-16 20:45 . 2012-05-16 20:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-16 20:45 . 2012-05-16 20:45 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-16 20:45 . 2012-05-16 20:45 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-05-16 20:45 . 2012-05-16 20:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-16 20:45 . 2012-05-16 20:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-16 20:45 . 2012-05-16 20:45 149504 ----a-w- c:\windows\system32\occache.dll
2012-05-16 20:45 . 2012-05-16 20:45 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-05-16 20:45 . 2012-05-16 20:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-16 20:45 . 2012-05-16 20:45 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-16 20:45 . 2012-05-16 20:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-16 20:45 . 2012-05-16 20:45 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-16 20:45 . 2012-05-16 20:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-16 20:45 . 2012-05-16 20:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-16 20:45 . 2012-05-16 20:45 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-05-16 20:45 . 2012-05-16 20:45 103936 ----a-w- c:\windows\system32\inseng.dll
2012-05-16 20:45 . 2012-05-16 20:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-04 11:06 . 2012-06-12 23:31 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 23:31 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 23:31 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
2012-05-10 00:05 1607472 ----a-w- c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll" [2012-05-10 1607472]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-16 39408]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-05-10 2959336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-07-30 296096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Xeno Tray.lnk - c:\program files (x86)\Bigfoot Networks\Xeno Suite\XenoTray.exe [2012-5-16 696320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2012-01-10 14664]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-16 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 250056]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-06-03 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-05-16 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-06-03 79360]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-16 136176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-16 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-06-03 92160]
S2 GameDetect;GameDetect;c:\program files (x86)\Bigfoot Networks\Xeno Suite\GameDetectService.exe [2009-08-05 212480]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-05-10 1122296]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-05-10 838136]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-03-22 166528]
S3 Edge7x64;Killer Xeno NDIS-Edge Service;c:\windows\system32\DRIVERS\Edge7x64.sys [2009-06-02 27672]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-06 639512]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
S3 Xeno7x64;Killer Xeno Gaming Adapter Service;c:\windows\system32\DRIVERS\Xeno7x64.sys [2009-06-02 131096]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 19:43]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-16 21:25]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-16 21:25]
.
2012-08-01 c:\windows\Tasks\Norton Security Scan for Jesse Behymer.job
- c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-08-01 09:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-01-10 12616]
"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2012-01-10 69448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SYSTEMROOT%\system32\BfLLR.dll
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM-Run-(Default) - (no file)
AddRemove-{7FC07A07-0345-4B08-BBFE-43885A58253C} - c:\program files (x86) (x86)\InstallShield Installation Information\{7FC07A07-0345-4B08-BBFE-43885A58253C}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Completion time: 2012-08-01 13:56:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-01 18:56
.
Pre-Run: 302,402,965,504 bytes free
Post-Run: 302,072,442,880 bytes free
.
- - End Of File - - 5C6DD4A9864264CECE92330678F07443
  • 0

#10
jes1876

jes1876

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
and now im getting a C:\program files (x86)\internet explorer\iexplorer.exe
illegal operation on a registry key that has been marked for deletion,, error when i click explorer to open it
  • 0

Advertisements


#11
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
This DEP issue is evident only in IE or also in FF and Chrome?

Please go here and download Internet Explorer 9 setup file to your Desktop.
Then install it. Let me know results.
  • 0

#12
jes1876

jes1876

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok . ive never used fire fox , i get the dep eror in chrome also .
aas for the link you left in the last reply i go there and get the "" set up cant continue because a more recent version of explorer is installed .

willing to buy a bat ..
  • 0

#13
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
To uninstall IE please try this:
  • Click the Start button Posted Image, type Programs and Features in the search box, then click on it, and then click View installed updates in the left pane.
  • Under Uninstall an update, scroll down to the Microsoft Windows section.
  • Right-click Windows Internet Explorer 9, click Uninstall, and then, when prompted, click Yes.
  • Click one of the following:
  • Restart now (to finish the process of uninstalling Internet Explorer 9 and restore the previous version of Internet Explorer).
Then try to install it again.
  • 0

#14
jes1876

jes1876

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok i uninstalled explorer restarted and cant get 9 to take im getting error code 3715
anyideas now ?
  • 0

#15
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Try with this version here.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP