• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
chu berry

Firefox address bar redirecting to "Mystart incredibar.com"

18 posts in this topic

Hi everyone,

 

My problem is that when I type anything other than a valid website address/url into the address bar of Firefox, It redirects to Mystart incredibar.com. a quick google search suggested that this is dangerous malware but neither avira free antivirus nor SUPERantispyware nor Malwarebytes anti-malware have detected anything. I have tried disabling and removing the Firefox incredibar plugin but the problem has persisted. I also have rebooted my computer after performing each attempted fix. So far there have not been any popups or noticeable problems on my computer, but the incredibar.com redirect is still happening.

 

also in case it helps I am running Windows 7 on a Dell Inspiron 1545 laptop.

 

I have read the "instructions for posting requested logs" topic so I hope I have done this right.

 

 

Thanks a lot in advance -

 

here are the logs:

 

 

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.02.16.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Michael :: MICHAEL-PC [administrator]

 

2/16/2012 11:33:16 PM

mbam-log-2012-02-16 (23-33-16).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 180558

Time elapsed: 2 minute(s), 51 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

 

 

 

 

 

 

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29

Run by Michael at 23:40:17 on 2012-02-16

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.1905 [GMT -5:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe

C:\Program Files\BellCanada\McciTrayApp.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\PeerBlock\peerblock.exe

C:\Windows\system32\charmap.exe

C:\Windows\notepad.exe

C:\Windows\notepad.exe

C:\Windows\system32\LogonUI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\notepad.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://mystart.incredibar.com/mb119?a=6PQoDgyRgM&i=26

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

mWinlogon: Userinit=userinit.exe,

BHO: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

TB: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File

uRun: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe

uRun: [WeatherEye] C:\Users\Michael\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [bISA.exe] "C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe" /AUTORUN

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-L3PG8.exe" /REG /REGSVRMODE

mRunOnce: [OTL] "D:\Users\Michael\Downloads\OTL.exe"

StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ALERTU~1.LNK - C:\Program Files (x86)\Alertus Technologies\Alertus Desktop Alert\AlertusDesktopAlert.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DD4017D7-63EE-4154-9CDD-B396475BB7D4} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DD4017D7-63EE-4154-9CDD-B396475BB7D4}\35471697F4E6458656359646567716C6B6 : NameServer = 192.168.0.1

TCP: Interfaces\{DD4017D7-63EE-4154-9CDD-B396475BB7D4}\35471697F4E6458656359646567716C6B6 : DhcpNameServer = 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll

BHO-X64: CrossriderApp0000435 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

BHO-X64: Vuze Remote - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

TB-X64: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [bISA.exe] "C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe" /AUTORUN

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce-x64: [innoSetupRegFile.0000000001] "C:\Windows\is-L3PG8.exe" /REG /REGSVRMODE

mRunOnce-x64: [OTL] "D:\Users\Michael\Downloads\OTL.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pnu9htau.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6PQoDgyRgM&&i=26&search=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQoDgyRgM&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 5eddc57a000000000000701a0499726a

FF - user.js: extensions.incredibar_i.hardId - 5eddc57a000000000000701a0499726a

FF - user.js: extensions.incredibar_i.instlDay - 15387

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2719:52:06

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQoDgyRgM

FF - user.js: extensions.incredibar_i.upn2n - 92542387801497588

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10606

FF - user.js: extensions.incredibar_i.ppd - 48

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]

R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-18 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-18 110032]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-1-19 517632]

R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [2012-1-19 689464]

R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-2-16 24176]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynUSB64.sys --> C:\Windows\system32\drivers\SynUSB64.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-17 02:56:09 -------- d-----w- C:\Program Files\PeerBlock

2012-02-17 02:55:27 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80F21DFE-00FC-4850-B80D-59A2AA32033E}\offreg.dll

2012-02-17 02:37:13 709968 ----a-w- C:\Windows\is-L3PG8.exe

2012-02-17 02:34:41 -------- d-----w- C:\Users\Michael\AppData\Roaming\Malwarebytes

2012-02-17 02:34:29 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-17 02:34:28 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-17 02:34:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-17 01:15:03 -------- d-----w- C:\Users\Michael\AppData\Local\DDMSettings

2012-02-17 00:53:04 -------- d-----w- C:\ProgramData\100

2012-02-17 00:52:52 -------- d-----w- C:\Users\Michael\AppData\Local\Premiumplay Codec-C

2012-02-17 00:52:50 -------- d-----w- C:\Program Files (x86)\Premiumplay Codec-C

2012-02-17 00:52:20 -------- d-----w- C:\codec-info

2012-02-17 00:50:54 -------- d-----w- C:\ProgramData\InstallMate

2012-02-14 17:26:16 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80F21DFE-00FC-4850-B80D-59A2AA32033E}\mpengine.dll

2012-02-12 05:06:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-04 01:10:48 -------- d-----w- C:\Users\Michael\AppData\Local\Alertus_Technologies

2012-02-04 01:10:04 -------- d-----w- C:\Users\Michael\AppData\Local\Alertus Technologies

2012-02-04 01:09:14 -------- d-----w- C:\ProgramData\Alertus Technologies

2012-02-04 01:09:14 -------- d-----w- C:\Program Files (x86)\Alertus Technologies

2012-02-02 01:59:20 -------- d-----w- C:\Users\Michael\AppData\Local\LogMeIn Rescue Applet

2012-01-24 16:10:34 -------- d-----w- C:\Program Files (x86)\Common Files\Avid

2012-01-24 16:07:48 -------- d-----w- C:\Users\Michael\AppData\Roaming\Avid

2012-01-24 16:07:48 -------- d-----w- C:\ProgramData\Avid

2012-01-24 16:07:48 -------- d-----w- C:\Program Files\Avid

2012-01-24 16:07:48 -------- d-----w- C:\Program Files (x86)\Avid

2012-01-20 02:11:11 -------- d-----w- C:\Program Files\BellCanada

2012-01-20 02:10:50 -------- d-----w- C:\Program Files (x86)\BellCanada

2012-01-20 02:09:10 -------- d-----w- C:\Program Files (x86)\Common Files\Motive

2012-01-20 02:09:04 -------- d-----w- C:\Program Files\Common Files\Motive

2012-01-20 02:05:49 -------- d-----w- C:\Users\Michael\AppData\Roaming\Bell

2012-01-20 02:05:48 -------- d-----w- C:\ProgramData\Radialpoint

2012-01-20 02:05:45 -------- d-----w- C:\ProgramData\Bell

2012-01-20 02:05:45 -------- d-----w- C:\Program Files (x86)\Bell

.

==================== Find3M ====================

.

2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-12-23 21:45:43 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-12-08 15:56:20 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-12-08 15:56:20 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-12-08 15:56:20 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-12-08 15:56:20 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll

2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll

.

============= FINISH: 23:41:43.10 ===============

 

 

 

 

 

 

Results of screen317's Security Check version 0.99.31

Windows 7 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Auslogics Registry Cleaner

Java 6 Update 29

Java version out of date!

Adobe Reader X (10.1.2)

Mozilla Firefox (10.0.1)

Mozilla Thunderbird 3.1.7 Thunderbird out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

Edited by chu berry

Share this post


Link to post
Share on other sites

I've been having this problem where on any browser I use on my Windows 7 laptop, streaming videos buffer extremely slowly. It's not a network issue since the actual pages load quite quickly, and the problem does not occur on another computer (running linux) connected to the same wireless network. I have updated the latest versions of Firefox, Chrome, Flash player and none of that has had any effect on buffering speed. Could this be a malware or virus problem? my antivirus and antispyware programs have turned up nothing.

 

I hope this is an appropriate place to ask about this type of problem, I couldn't find anyone describing a similar problem when I did a google search.

 

Here are the logs:

 

 

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.02.16.06

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Michael :: MICHAEL-PC [administrator]

 

2/17/2012 3:38:24 PM

mbam-log-2012-02-17 (15-38-24).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 180958

Time elapsed: 3 minute(s), 13 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

 

 

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31

Run by Michael at 15:38:32 on 2012-02-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.1704 [GMT -5:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe

C:\Program Files\BellCanada\McciTrayApp.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\PeerBlock\peerblock.exe

C:\Windows\system32\charmap.exe

C:\Windows\notepad.exe

C:\Windows\notepad.exe

C:\Windows\notepad.exe

C:\Users\Michael\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Windows\system32\msiexec.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://mystart.incredibar.com/mb119?a=6PQoDgyRgM&i=26

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

mWinlogon: Userinit=userinit.exe,

BHO: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

TB: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File

uRun: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe

uRun: [WeatherEye] C:\Users\Michael\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun: [bISA.exe] "C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe" /AUTORUN

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-L3PG8.exe" /REG /REGSVRMODE

mRunOnce: [OTL] "D:\Users\Michael\Downloads\OTL.exe"

StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ALERTU~1.LNK - C:\Program Files (x86)\Alertus Technologies\Alertus Desktop Alert\AlertusDesktopAlert.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DD4017D7-63EE-4154-9CDD-B396475BB7D4} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DD4017D7-63EE-4154-9CDD-B396475BB7D4}\35471697F4E6458656359646567716C6B6 : NameServer = 192.168.0.1

TCP: Interfaces\{DD4017D7-63EE-4154-9CDD-B396475BB7D4}\35471697F4E6458656359646567716C6B6 : DhcpNameServer = 192.168.0.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll

BHO-X64: CrossriderApp0000435 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

BHO-X64: Vuze Remote - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll

TB-X64: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"

mRun-x64: [bISA.exe] "C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe" /AUTORUN

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mRunOnce-x64: [innoSetupRegFile.0000000001] "C:\Windows\is-L3PG8.exe" /REG /REGSVRMODE

mRunOnce-x64: [OTL] "D:\Users\Michael\Downloads\OTL.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pnu9htau.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQoDgyRgM&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 5eddc57a000000000000701a0499726a

FF - user.js: extensions.incredibar_i.hardId - 5eddc57a000000000000701a0499726a

FF - user.js: extensions.incredibar_i.instlDay - 15387

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2719:52:06

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQoDgyRgM

FF - user.js: extensions.incredibar_i.upn2n - 92542387801497588

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10606

FF - user.js: extensions.incredibar_i.ppd - 48

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]

R2 acedrv11;acedrv11;\??\C:\Windows\system32\drivers\acedrv11.sys --> C:\Windows\system32\drivers\acedrv11.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-18 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-18 110032]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-1-19 517632]

R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe [2012-1-19 689464]

R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-2-16 24176]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynUSB64.sys --> C:\Windows\system32\drivers\SynUSB64.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-17 02:56:09 -------- d-----w- C:\Program Files\PeerBlock

2012-02-17 02:55:27 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80F21DFE-00FC-4850-B80D-59A2AA32033E}\offreg.dll

2012-02-17 02:37:13 709968 ----a-w- C:\Windows\is-L3PG8.exe

2012-02-17 02:34:41 -------- d-----w- C:\Users\Michael\AppData\Roaming\Malwarebytes

2012-02-17 02:34:29 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-17 02:34:28 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-17 02:34:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-17 01:15:03 -------- d-----w- C:\Users\Michael\AppData\Local\DDMSettings

2012-02-17 00:53:04 -------- d-----w- C:\ProgramData\100

2012-02-17 00:52:52 -------- d-----w- C:\Users\Michael\AppData\Local\Premiumplay Codec-C

2012-02-17 00:52:50 -------- d-----w- C:\Program Files (x86)\Premiumplay Codec-C

2012-02-17 00:52:20 -------- d-----w- C:\codec-info

2012-02-17 00:50:54 -------- d-----w- C:\ProgramData\InstallMate

2012-02-14 17:26:16 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80F21DFE-00FC-4850-B80D-59A2AA32033E}\mpengine.dll

2012-02-12 05:06:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-04 01:10:48 -------- d-----w- C:\Users\Michael\AppData\Local\Alertus_Technologies

2012-02-04 01:10:04 -------- d-----w- C:\Users\Michael\AppData\Local\Alertus Technologies

2012-02-04 01:09:14 -------- d-----w- C:\ProgramData\Alertus Technologies

2012-02-04 01:09:14 -------- d-----w- C:\Program Files (x86)\Alertus Technologies

2012-02-02 01:59:20 -------- d-----w- C:\Users\Michael\AppData\Local\LogMeIn Rescue Applet

2012-01-24 16:10:34 -------- d-----w- C:\Program Files (x86)\Common Files\Avid

2012-01-24 16:07:48 -------- d-----w- C:\Users\Michael\AppData\Roaming\Avid

2012-01-24 16:07:48 -------- d-----w- C:\ProgramData\Avid

2012-01-24 16:07:48 -------- d-----w- C:\Program Files\Avid

2012-01-24 16:07:48 -------- d-----w- C:\Program Files (x86)\Avid

2012-01-20 02:11:11 -------- d-----w- C:\Program Files\BellCanada

2012-01-20 02:10:50 -------- d-----w- C:\Program Files (x86)\BellCanada

2012-01-20 02:09:10 -------- d-----w- C:\Program Files (x86)\Common Files\Motive

2012-01-20 02:09:04 -------- d-----w- C:\Program Files\Common Files\Motive

2012-01-20 02:05:49 -------- d-----w- C:\Users\Michael\AppData\Roaming\Bell

2012-01-20 02:05:48 -------- d-----w- C:\ProgramData\Radialpoint

2012-01-20 02:05:45 -------- d-----w- C:\ProgramData\Bell

2012-01-20 02:05:45 -------- d-----w- C:\Program Files (x86)\Bell

.

==================== Find3M ====================

.

2012-02-17 20:28:47 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-12-23 21:45:43 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-12-08 15:56:20 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-12-08 15:56:20 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-12-08 15:56:20 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-12-08 15:56:20 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

.

============= FINISH: 15:39:26.33 ===============

 

 

 

 

Results of screen317's Security Check version 0.99.31

Windows 7 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira Free Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Auslogics Registry Cleaner

Java 6 Update 31

Adobe Reader X (10.1.2)

Mozilla Firefox (10.0.1)

Mozilla Thunderbird 3.1.17 Thunderbird out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbam.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

 

EDIT: Topics merged - please have patience and stick to one topic for your problem...

Edited by Budfred

Share this post


Link to post
Share on other sites

Hello chu berry.

 

Please do these updates:

Get IE 9 http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

Update Thunderbird http://www.mozilla.org/en-US/thunderbird/

Updating Java:

  • Go
    here
    and download the latest version of Java:
  • Go to Start -> Control Panel -> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    They should have this icon next to any that are there: javaicon.gif
    Select any found and choose Uninstall.
  • Then install the version you downloaded earlier.

 

After that:

Please download tdsskiller.exe and save it to your Desktop. Go here for information.

 


  • Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

 

After that:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    [*]Check "YES, I accept the Terms of Use."

    [*]Click the Start button.

    [*]Accept any security warnings from your browser.

    [*]Under scan settings, check "Scan Archives" and "Remove found threats"

    [*]Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, click List Threats

    [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report (if any) in your next reply.

    [*]Click the Back button.

    [*]Click the Finish button.

Share this post


Link to post
Share on other sites

Thanks cnm, I did everything you said to in the last post. TDSSkiller didn't turn anything up but the ESETscan deleted "multiple threats."

 

also before you replied I changed my settings on Firefox manually so that the address bar redirects to Google as it's supposed to.

 

Here are the logs from the two scans:

 

 

 

21:02:34.0042 3324 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

21:02:34.0412 3324 ============================================================

21:02:34.0412 3324 Current date / time: 2012/02/18 21:02:34.0412

21:02:34.0412 3324 SystemInfo:

21:02:34.0412 3324

21:02:34.0412 3324 OS Version: 6.1.7601 ServicePack: 1.0

21:02:34.0412 3324 Product type: Workstation

21:02:34.0412 3324 ComputerName: MICHAEL-PC

21:02:34.0413 3324 UserName: Michael

21:02:34.0413 3324 Windows directory: C:\Windows

21:02:34.0413 3324 System windows directory: C:\Windows

21:02:34.0413 3324 Running under WOW64

21:02:34.0413 3324 Processor architecture: Intel x64

21:02:34.0413 3324 Number of processors: 2

21:02:34.0413 3324 Page size: 0x1000

21:02:34.0413 3324 Boot type: Normal boot

21:02:34.0413 3324 ============================================================

21:02:35.0911 3324 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:02:35.0921 3324 \Device\Harddisk0\DR0:

21:02:35.0921 3324 MBR used

21:02:35.0921 3324 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

21:02:35.0921 3324 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9FCE000

21:02:35.0921 3324 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA000800, BlocksNum 0x1B42D800

21:02:36.0002 3324 Initialize success

21:02:36.0002 3324 ============================================================

21:02:50.0948 4840 ============================================================

21:02:50.0948 4840 Scan started

21:02:50.0948 4840 Mode: Manual;

21:02:50.0948 4840 ============================================================

21:02:52.0215 4840 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

21:02:52.0231 4840 1394ohci - ok

21:02:52.0300 4840 acedrv11 (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys

21:02:52.0329 4840 acedrv11 - ok

21:02:52.0374 4840 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

21:02:52.0380 4840 ACPI - ok

21:02:52.0435 4840 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

21:02:52.0440 4840 AcpiPmi - ok

21:02:52.0524 4840 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

21:02:52.0546 4840 adp94xx - ok

21:02:52.0572 4840 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

21:02:52.0589 4840 adpahci - ok

21:02:52.0656 4840 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

21:02:52.0668 4840 adpu320 - ok

21:02:52.0736 4840 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

21:02:52.0745 4840 AFD - ok

21:02:52.0792 4840 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

21:02:52.0805 4840 agp440 - ok

21:02:52.0852 4840 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

21:02:52.0859 4840 aliide - ok

21:02:52.0882 4840 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

21:02:52.0888 4840 amdide - ok

21:02:52.0933 4840 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

21:02:52.0943 4840 AmdK8 - ok

21:02:52.0965 4840 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

21:02:52.0978 4840 AmdPPM - ok

21:02:53.0028 4840 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

21:02:53.0054 4840 amdsata - ok

21:02:53.0086 4840 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

21:02:53.0132 4840 amdsbs - ok

21:02:53.0162 4840 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

21:02:53.0186 4840 amdxata - ok

21:02:53.0238 4840 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys

21:02:53.0259 4840 androidusb - ok

21:02:53.0370 4840 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

21:02:53.0377 4840 AppID - ok

21:02:53.0453 4840 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

21:02:53.0462 4840 arc - ok

21:02:53.0485 4840 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

21:02:53.0494 4840 arcsas - ok

21:02:53.0531 4840 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

21:02:53.0536 4840 AsyncMac - ok

21:02:53.0603 4840 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

21:02:53.0604 4840 atapi - ok

21:02:53.0692 4840 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys

21:02:53.0694 4840 avgntflt - ok

21:02:53.0726 4840 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys

21:02:53.0728 4840 avipbb - ok

21:02:53.0755 4840 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

21:02:53.0756 4840 avkmgr - ok

21:02:53.0815 4840 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

21:02:53.0836 4840 b06bdrv - ok

21:02:53.0880 4840 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

21:02:53.0894 4840 b57nd60a - ok

21:02:54.0020 4840 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys

21:02:54.0060 4840 BCM43XX - ok

21:02:54.0174 4840 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

21:02:54.0179 4840 Beep - ok

21:02:54.0240 4840 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

21:02:54.0250 4840 blbdrive - ok

21:02:54.0341 4840 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

21:02:54.0352 4840 bowser - ok

21:02:54.0379 4840 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:02:54.0385 4840 BrFiltLo - ok

21:02:54.0406 4840 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:02:54.0413 4840 BrFiltUp - ok

21:02:54.0453 4840 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

21:02:54.0472 4840 Brserid - ok

21:02:54.0499 4840 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

21:02:54.0506 4840 BrSerWdm - ok

21:02:54.0533 4840 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:02:54.0540 4840 BrUsbMdm - ok

21:02:54.0550 4840 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

21:02:54.0555 4840 BrUsbSer - ok

21:02:54.0598 4840 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

21:02:54.0606 4840 BTHMODEM - ok

21:02:54.0681 4840 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

21:02:54.0690 4840 cdfs - ok

21:02:54.0764 4840 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

21:02:54.0777 4840 cdrom - ok

21:02:54.0821 4840 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

21:02:54.0831 4840 circlass - ok

21:02:54.0883 4840 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

21:02:54.0889 4840 CLFS - ok

21:02:54.0985 4840 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

21:02:54.0990 4840 CmBatt - ok

21:02:55.0043 4840 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

21:02:55.0049 4840 cmdide - ok

21:02:55.0113 4840 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

21:02:55.0137 4840 CNG - ok

21:02:55.0190 4840 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

21:02:55.0197 4840 Compbatt - ok

21:02:55.0259 4840 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

21:02:55.0268 4840 CompositeBus - ok

21:02:55.0308 4840 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

21:02:55.0316 4840 crcdisk - ok

21:02:55.0441 4840 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

21:02:55.0452 4840 DfsC - ok

21:02:55.0491 4840 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

21:02:55.0493 4840 discache - ok

21:02:55.0537 4840 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

21:02:55.0546 4840 Disk - ok

21:02:55.0602 4840 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

21:02:55.0606 4840 drmkaud - ok

21:02:55.0682 4840 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

21:02:55.0687 4840 dtsoftbus01 - ok

21:02:55.0760 4840 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

21:02:55.0790 4840 DXGKrnl - ok

21:02:55.0907 4840 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

21:02:55.0969 4840 ebdrv - ok

21:02:56.0105 4840 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

21:02:56.0126 4840 elxstor - ok

21:02:56.0163 4840 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

21:02:56.0170 4840 ErrDev - ok

21:02:56.0223 4840 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

21:02:56.0244 4840 exfat - ok

21:02:56.0271 4840 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

21:02:56.0282 4840 fastfat - ok

21:02:56.0317 4840 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

21:02:56.0324 4840 fdc - ok

21:02:56.0368 4840 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

21:02:56.0378 4840 FileInfo - ok

21:02:56.0395 4840 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

21:02:56.0404 4840 Filetrace - ok

21:02:56.0435 4840 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

21:02:56.0441 4840 flpydisk - ok

21:02:56.0488 4840 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

21:02:56.0505 4840 FltMgr - ok

21:02:56.0545 4840 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

21:02:56.0554 4840 FsDepends - ok

21:02:56.0576 4840 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

21:02:56.0586 4840 Fs_Rec - ok

21:02:56.0644 4840 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

21:02:56.0649 4840 fvevol - ok

21:02:56.0706 4840 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

21:02:56.0715 4840 gagp30kx - ok

21:02:56.0755 4840 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:02:56.0762 4840 GEARAspiWDM - ok

21:02:56.0822 4840 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

21:02:56.0830 4840 hcw85cir - ok

21:02:56.0881 4840 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

21:02:56.0899 4840 HdAudAddService - ok

21:02:56.0948 4840 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

21:02:56.0952 4840 HDAudBus - ok

21:02:56.0974 4840 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

21:02:56.0984 4840 HidBatt - ok

21:02:57.0020 4840 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

21:02:57.0029 4840 HidBth - ok

21:02:57.0075 4840 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

21:02:57.0085 4840 HidIr - ok

21:02:57.0124 4840 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

21:02:57.0131 4840 HidUsb - ok

21:02:57.0193 4840 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

21:02:57.0202 4840 HpSAMD - ok

21:02:57.0257 4840 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

21:02:57.0272 4840 HTTP - ok

21:02:57.0317 4840 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

21:02:57.0320 4840 hwpolicy - ok

21:02:57.0348 4840 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

21:02:57.0359 4840 i8042prt - ok

21:02:57.0427 4840 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

21:02:57.0448 4840 iaStorV - ok

21:02:57.0773 4840 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

21:02:58.0076 4840 igfx - ok

21:02:58.0193 4840 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

21:02:58.0201 4840 iirsp - ok

21:02:58.0267 4840 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

21:02:58.0274 4840 intelide - ok

21:02:58.0301 4840 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

21:02:58.0303 4840 intelppm - ok

21:02:58.0355 4840 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:02:58.0364 4840 IpFilterDriver - ok

21:02:58.0389 4840 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

21:02:58.0402 4840 IPMIDRV - ok

21:02:58.0435 4840 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

21:02:58.0446 4840 IPNAT - ok

21:02:58.0497 4840 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

21:02:58.0502 4840 IRENUM - ok

21:02:58.0550 4840 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

21:02:58.0558 4840 isapnp - ok

21:02:58.0592 4840 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

21:02:58.0608 4840 iScsiPrt - ok

21:02:58.0634 4840 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

21:02:58.0644 4840 kbdclass - ok

21:02:58.0702 4840 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

21:02:58.0709 4840 kbdhid - ok

21:02:58.0763 4840 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

21:02:58.0774 4840 KSecDD - ok

21:02:58.0799 4840 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

21:02:58.0813 4840 KSecPkg - ok

21:02:58.0847 4840 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

21:02:58.0854 4840 ksthunk - ok

21:02:58.0914 4840 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

21:02:58.0922 4840 lltdio - ok

21:02:58.0973 4840 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

21:02:58.0984 4840 LSI_FC - ok

21:02:59.0017 4840 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

21:02:59.0027 4840 LSI_SAS - ok

21:02:59.0057 4840 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:02:59.0069 4840 LSI_SAS2 - ok

21:02:59.0095 4840 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:02:59.0107 4840 LSI_SCSI - ok

21:02:59.0139 4840 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

21:02:59.0142 4840 luafv - ok

21:02:59.0203 4840 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

21:02:59.0213 4840 megasas - ok

21:02:59.0245 4840 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

21:02:59.0260 4840 MegaSR - ok

21:02:59.0299 4840 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

21:02:59.0306 4840 Modem - ok

21:02:59.0366 4840 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

21:02:59.0367 4840 monitor - ok

21:02:59.0413 4840 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

21:02:59.0422 4840 mouclass - ok

21:02:59.0451 4840 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

21:02:59.0461 4840 mouhid - ok

21:02:59.0507 4840 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

21:02:59.0510 4840 mountmgr - ok

21:02:59.0557 4840 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

21:02:59.0579 4840 mpio - ok

21:02:59.0619 4840 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

21:02:59.0629 4840 mpsdrv - ok

21:02:59.0752 4840 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

21:02:59.0759 4840 MREMP50 - ok

21:02:59.0814 4840 MREMP50a64 - ok

21:02:59.0824 4840 MREMPR5 - ok

21:02:59.0832 4840 MRENDIS5 - ok

21:02:59.0879 4840 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

21:02:59.0884 4840 MRESP50 - ok

21:02:59.0891 4840 MRESP50a64 - ok

21:03:00.0015 4840 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

21:03:00.0028 4840 MRxDAV - ok

21:03:00.0072 4840 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:03:00.0083 4840 mrxsmb - ok

21:03:00.0140 4840 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:03:00.0154 4840 mrxsmb10 - ok

21:03:00.0180 4840 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:03:00.0190 4840 mrxsmb20 - ok

21:03:00.0233 4840 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

21:03:00.0234 4840 msahci - ok

21:03:00.0297 4840 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

21:03:00.0309 4840 msdsm - ok

21:03:00.0367 4840 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

21:03:00.0375 4840 Msfs - ok

21:03:00.0399 4840 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

21:03:00.0403 4840 mshidkmdf - ok

21:03:00.0428 4840 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

21:03:00.0438 4840 msisadrv - ok

21:03:00.0491 4840 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

21:03:00.0497 4840 MSKSSRV - ok

21:03:00.0521 4840 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

21:03:00.0525 4840 MSPCLOCK - ok

21:03:00.0543 4840 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

21:03:00.0549 4840 MSPQM - ok

21:03:00.0607 4840 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

21:03:00.0626 4840 MsRPC - ok

21:03:00.0678 4840 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

21:03:00.0679 4840 mssmbios - ok

21:03:00.0719 4840 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

21:03:00.0724 4840 MSTEE - ok

21:03:00.0753 4840 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

21:03:00.0760 4840 MTConfig - ok

21:03:00.0788 4840 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

21:03:00.0800 4840 Mup - ok

21:03:00.0847 4840 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

21:03:00.0880 4840 NativeWifiP - ok

21:03:00.0958 4840 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

21:03:00.0974 4840 NDIS - ok

21:03:01.0004 4840 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

21:03:01.0012 4840 NdisCap - ok

21:03:01.0053 4840 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

21:03:01.0059 4840 NdisTapi - ok

21:03:01.0107 4840 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

21:03:01.0115 4840 Ndisuio - ok

21:03:01.0172 4840 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

21:03:01.0185 4840 NdisWan - ok

21:03:01.0230 4840 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

21:03:01.0240 4840 NDProxy - ok

21:03:01.0291 4840 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

21:03:01.0299 4840 NetBIOS - ok

21:03:01.0352 4840 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

21:03:01.0358 4840 NetBT - ok

21:03:01.0434 4840 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

21:03:01.0443 4840 nfrd960 - ok

21:03:01.0491 4840 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

21:03:01.0498 4840 Npfs - ok

21:03:01.0518 4840 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

21:03:01.0520 4840 nsiproxy - ok

21:03:01.0614 4840 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

21:03:01.0657 4840 Ntfs - ok

21:03:01.0683 4840 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

21:03:01.0691 4840 Null - ok

21:03:01.0741 4840 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

21:03:01.0753 4840 nvraid - ok

21:03:01.0776 4840 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

21:03:01.0787 4840 nvstor - ok

21:03:01.0812 4840 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

21:03:01.0827 4840 nv_agp - ok

21:03:01.0853 4840 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

21:03:01.0864 4840 ohci1394 - ok

21:03:01.0896 4840 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

21:03:01.0906 4840 Parport - ok

21:03:01.0955 4840 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

21:03:01.0966 4840 partmgr - ok

21:03:02.0078 4840 pbfilter (7c0582921913d00180ec2b8518ba135c) C:\Program Files\PeerBlock\pbfilter.sys

21:03:02.0086 4840 pbfilter - ok

21:03:02.0139 4840 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

21:03:02.0156 4840 pci - ok

21:03:02.0177 4840 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

21:03:02.0183 4840 pciide - ok

21:03:02.0228 4840 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

21:03:02.0244 4840 pcmcia - ok

21:03:02.0263 4840 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

21:03:02.0276 4840 pcw - ok

21:03:02.0307 4840 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

21:03:02.0361 4840 PEAUTH - ok

21:03:02.0652 4840 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

21:03:02.0656 4840 PptpMiniport - ok

21:03:02.0677 4840 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

21:03:02.0688 4840 Processor - ok

21:03:02.0759 4840 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

21:03:02.0763 4840 Psched - ok

21:03:02.0838 4840 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

21:03:02.0873 4840 ql2300 - ok

21:03:02.0912 4840 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

21:03:02.0925 4840 ql40xx - ok

21:03:02.0951 4840 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

21:03:02.0959 4840 QWAVEdrv - ok

21:03:02.0983 4840 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

21:03:02.0988 4840 RasAcd - ok

21:03:03.0044 4840 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

21:03:03.0065 4840 RasAgileVpn - ok

21:03:03.0117 4840 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:03:03.0120 4840 Rasl2tp - ok

21:03:03.0146 4840 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

21:03:03.0148 4840 RasPppoe - ok

21:03:03.0166 4840 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

21:03:03.0177 4840 RasSstp - ok

21:03:03.0233 4840 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

21:03:03.0257 4840 rdbss - ok

21:03:03.0276 4840 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

21:03:03.0283 4840 rdpbus - ok

21:03:03.0316 4840 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:03:03.0317 4840 RDPCDD - ok

21:03:03.0356 4840 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

21:03:03.0358 4840 RDPENCDD - ok

21:03:03.0373 4840 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

21:03:03.0376 4840 RDPREFMP - ok

21:03:03.0416 4840 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

21:03:03.0428 4840 RDPWD - ok

21:03:03.0488 4840 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

21:03:03.0504 4840 rdyboost - ok

21:03:03.0569 4840 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

21:03:03.0578 4840 rspndr - ok

21:03:03.0690 4840 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

21:03:03.0692 4840 SASDIFSV - ok

21:03:03.0723 4840 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

21:03:03.0724 4840 SASKUTIL - ok

21:03:03.0781 4840 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

21:03:03.0791 4840 sbp2port - ok

21:03:03.0837 4840 SCDEmu (3ac948640421e3891a49aa83c6b77b7a) C:\Windows\system32\drivers\SCDEmu.sys

21:03:03.0848 4840 SCDEmu - ok

21:03:03.0895 4840 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

21:03:03.0903 4840 scfilter - ok

21:03:03.0965 4840 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

21:03:03.0972 4840 secdrv - ok

21:03:04.0021 4840 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

21:03:04.0032 4840 Serenum - ok

21:03:04.0071 4840 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

21:03:04.0081 4840 Serial - ok

21:03:04.0129 4840 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

21:03:04.0136 4840 sermouse - ok

21:03:04.0222 4840 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

21:03:04.0228 4840 sffdisk - ok

21:03:04.0257 4840 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

21:03:04.0263 4840 sffp_mmc - ok

21:03:04.0285 4840 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

21:03:04.0295 4840 sffp_sd - ok

21:03:04.0320 4840 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

21:03:04.0325 4840 sfloppy - ok

21:03:04.0391 4840 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:03:04.0401 4840 SiSRaid2 - ok

21:03:04.0434 4840 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

21:03:04.0443 4840 SiSRaid4 - ok

21:03:04.0492 4840 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

21:03:04.0502 4840 Smb - ok

21:03:04.0551 4840 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

21:03:04.0559 4840 spldr - ok

21:03:04.0634 4840 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

21:03:04.0658 4840 srv - ok

21:03:04.0686 4840 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

21:03:04.0712 4840 srv2 - ok

21:03:04.0737 4840 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

21:03:04.0752 4840 srvnet - ok

21:03:04.0820 4840 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys

21:03:04.0831 4840 ssadbus - ok

21:03:04.0866 4840 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys

21:03:04.0873 4840 ssadmdfl - ok

21:03:04.0912 4840 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys

21:03:04.0929 4840 ssadmdm - ok

21:03:04.0985 4840 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

21:03:04.0993 4840 stexstor - ok

21:03:05.0057 4840 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

21:03:05.0063 4840 swenum - ok

21:03:05.0136 4840 SynasUSB (512231ba47975f3f1a67b11f271bb49d) C:\Windows\system32\drivers\SynUSB64.sys

21:03:05.0144 4840 SynasUSB - ok

21:03:05.0280 4840 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

21:03:05.0335 4840 Tcpip - ok

21:03:05.0400 4840 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

21:03:05.0419 4840 TCPIP6 - ok

21:03:05.0471 4840 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

21:03:05.0479 4840 tcpipreg - ok

21:03:05.0536 4840 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

21:03:05.0542 4840 TDPIPE - ok

21:03:05.0564 4840 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

21:03:05.0570 4840 TDTCP - ok

21:03:05.0625 4840 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

21:03:05.0635 4840 tdx - ok

21:03:05.0679 4840 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

21:03:05.0688 4840 TermDD - ok

21:03:05.0767 4840 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:03:05.0775 4840 tssecsrv - ok

21:03:05.0836 4840 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

21:03:05.0847 4840 TsUsbFlt - ok

21:03:05.0913 4840 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

21:03:05.0916 4840 tunnel - ok

21:03:05.0954 4840 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

21:03:05.0964 4840 uagp35 - ok

21:03:06.0016 4840 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

21:03:06.0034 4840 udfs - ok

21:03:06.0112 4840 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

21:03:06.0121 4840 uliagpkx - ok

21:03:06.0148 4840 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

21:03:06.0159 4840 umbus - ok

21:03:06.0180 4840 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

21:03:06.0186 4840 UmPass - ok

21:03:06.0251 4840 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

21:03:06.0266 4840 usbaudio - ok

21:03:06.0284 4840 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

21:03:06.0295 4840 usbccgp - ok

21:03:06.0368 4840 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

21:03:06.0387 4840 usbcir - ok

21:03:06.0408 4840 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

21:03:06.0418 4840 usbehci - ok

21:03:06.0466 4840 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

21:03:06.0471 4840 usbhub - ok

21:03:06.0495 4840 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

21:03:06.0502 4840 usbohci - ok

21:03:06.0527 4840 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

21:03:06.0536 4840 usbprint - ok

21:03:06.0587 4840 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:03:06.0601 4840 USBSTOR - ok

21:03:06.0615 4840 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

21:03:06.0621 4840 usbuhci - ok

21:03:06.0653 4840 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

21:03:06.0662 4840 vdrvroot - ok

21:03:06.0703 4840 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

21:03:06.0711 4840 vga - ok

21:03:06.0734 4840 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

21:03:06.0740 4840 VgaSave - ok

21:03:06.0791 4840 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

21:03:06.0810 4840 vhdmp - ok

21:03:06.0838 4840 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

21:03:06.0845 4840 viaide - ok

21:03:06.0884 4840 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

21:03:06.0895 4840 volmgr - ok

21:03:06.0954 4840 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

21:03:06.0961 4840 volmgrx - ok

21:03:06.0986 4840 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

21:03:07.0006 4840 volsnap - ok

21:03:07.0046 4840 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

21:03:07.0061 4840 vsmraid - ok

21:03:07.0082 4840 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

21:03:07.0090 4840 vwifibus - ok

21:03:07.0122 4840 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

21:03:07.0131 4840 vwififlt - ok

21:03:07.0226 4840 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys

21:03:07.0272 4840 VX3000 - ok

21:03:07.0337 4840 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

21:03:07.0345 4840 WacomPen - ok

21:03:07.0401 4840 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:03:07.0413 4840 WANARP - ok

21:03:07.0420 4840 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:03:07.0422 4840 Wanarpv6 - ok

21:03:07.0488 4840 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

21:03:07.0495 4840 Wd - ok

21:03:07.0532 4840 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

21:03:07.0556 4840 Wdf01000 - ok

21:03:07.0628 4840 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

21:03:07.0634 4840 WfpLwf - ok

21:03:07.0665 4840 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

21:03:07.0673 4840 WIMMount - ok

21:03:07.0769 4840 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

21:03:07.0779 4840 WinUsb - ok

21:03:07.0836 4840 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

21:03:07.0837 4840 WmiAcpi - ok

21:03:07.0906 4840 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

21:03:07.0913 4840 ws2ifsl - ok

21:03:07.0981 4840 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

21:03:07.0994 4840 WudfPf - ok

21:03:08.0023 4840 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:03:08.0026 4840 WUDFRd - ok

21:03:08.0104 4840 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys

21:03:08.0112 4840 yukonw7 - ok

21:03:08.0135 4840 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

21:03:08.0202 4840 \Device\Harddisk0\DR0 - ok

21:03:08.0213 4840 Boot (0x1200) (b72a1e11af2ee96484ad1b683e714018) \Device\Harddisk0\DR0\Partition0

21:03:08.0215 4840 \Device\Harddisk0\DR0\Partition0 - ok

21:03:08.0234 4840 Boot (0x1200) (ed2f67783ce11bafa0cc8237f1eef91e) \Device\Harddisk0\DR0\Partition1

21:03:08.0235 4840 \Device\Harddisk0\DR0\Partition1 - ok

21:03:08.0257 4840 Boot (0x1200) (2b0b4afb3e6fe21ba494267f2759ce79) \Device\Harddisk0\DR0\Partition2

21:03:08.0259 4840 \Device\Harddisk0\DR0\Partition2 - ok

21:03:08.0260 4840 ============================================================

21:03:08.0260 4840 Scan finished

21:03:08.0260 4840 ============================================================

21:03:08.0287 5100 Detected object count: 0

21:03:08.0287 5100 Actual detected object count: 0

 

 

 

 

 

 

 

 

C:\Program Files (x86)\FastPCTweaker\FastPCTweaker.exe a variant of Win32/Adware.Topckit application cleaned by deleting - quarantined

C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined

D:\Users\Michael\Downloads\FastPCTweaker_Install.exe a variant of Win32/Adware.Topckit application deleted - quarantined

D:\Users\Michael\Downloads\PDFCreator-1_2_1_setup.exe Win32/OpenCandy application deleted - quarantined

D:\Users\Michael\Downloads\PDFCreator-1_2_2_setup.exe Win32/OpenCandy application deleted - quarantined

D:\Users\Michael\Downloads\PDFCreator-1_2_3_setup.exe multiple threats deleted - quarantined

Share this post


Link to post
Share on other sites

Good. Please give me a status report. How does the PC seem now? Any remaining problems or puzzles?

 

It's late - I'll be back to you tomorrow.

Share this post


Link to post
Share on other sites

Well it seems to be running ok, I haven't noticed any really major issues, but I did a quick test comparing page loading and streaming buffer speeds of my computer and my roomate's computer (running Ubuntu) and I'm still having the problem of extremely slow streaming video. Loading a website takes slightly longer on this computer but not really enough to be very concerning, but for some reason when I stream videos it takes a really long time to load them - if they are HD it can an hour or more to load a 40-minute video. also, after all of this I opened Chrome browser for the first time in a few days and the homepage was set to mystart.incredibar.com. I changed the settings back to default which worked, but I'm wondering if there isn't something else going on here.

 

 

Thanks again for your help.

Share this post


Link to post
Share on other sites

Yes, we need to locate and remove the Incredibar and other pests now that we have established that there doesn't seem to be a rootkit. The ESET removals are interesting. FastPCTweaker has a bad reputation, but PDFCreator is fine and your copy must have gotten infected.

 

Are all videos slow, or is it just from one particular site?

 

Please run OTL:

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy the contents of these files, one at a time, and post with your next two replies.

Share this post


Link to post
Share on other sites

It didn't create an Extras.txt but here is the OTL.txt log:

 

OTL logfile created on: 2/19/2012 12:51:37 PM - Run 2

OTL by OldTimer - Version 3.2.33.0 Folder = D:\Users\Michael\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.96 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.90% Memory free

15.96 Gb Paging File | 13.76 Gb Available in Paging File | 86.22% Paging File free

Paging file location(s): c:\pagefile.sys 12288 12288 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 79.90 Gb Total Space | 22.98 Gb Free Space | 28.76% Space Free | Partition Type: NTFS

Drive D: | 218.09 Gb Total Space | 37.84 Gb Free Space | 17.35% Space Free | Partition Type: NTFS

 

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - D:\Users\Michael\Desktop\OTL(1).exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\Alertus Technologies\Alertus Desktop Alert\AlertusDesktopAlert.exe (Alertus Technologies)

PRC - C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe (Radialpoint Inc.)

PRC - C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe (Bell)

PRC - C:\Program Files (x86)\Bell\Internet Service Advisor\BISAComHandler.exe (Radialpoint Inc.)

PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)

PRC - C:\Users\Michael\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)

PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe (Alcatel-Lucent)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Program Files (x86)\Bell\Internet Service Advisor\Windows7Features.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (ServicepointService) -- C:\Program Files (x86)\Bell\Internet Service Advisor\ServicepointService.exe (Radialpoint Inc.)

SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)

DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)

DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)

DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)

DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (SynasUSB) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft)

DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (All) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://go.microsoft.com/fwlink/?linkid=69157 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb119?a=6PQoDgyRgM&i=26

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 61 CB 3C B9 77 CC 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81

FF - prefs.js..extensions.enabledItems: info@bab.la:2.0.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q="

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll File not found

FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll (Bell)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/12 14:24:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/19 00:58:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/16 14:44:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/02/18 20:59:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/01/16 14:44:17 | 000,000,000 | ---D | M]

 

[2011/02/23 18:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions

[2011/02/23 18:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/02/23 18:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2012/02/16 20:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pnu9htau.default\extensions

[2011/02/23 18:53:44 | 000,001,587 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pnu9htau.default\searchplugins\dictionary---referencecom.xml

[2011/02/23 18:54:55 | 000,004,855 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pnu9htau.default\searchplugins\google-images.xml

[2011/03/04 22:48:32 | 000,005,551 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pnu9htau.default\searchplugins\google-maps.xml

[2011/02/23 18:56:08 | 000,001,504 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pnu9htau.default\searchplugins\imdb.xml

[2011/02/27 02:12:19 | 000,004,140 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\pnu9htau.default\searchplugins\youtube.xml

[2012/02/19 00:58:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/11/11 19:40:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/02/19 00:58:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2012/02/12 14:24:54 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNU9HTAU.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI

() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNU9HTAU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/02/19 00:58:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll

[2012/02/17 15:28:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/01/03 08:10:44 | 000,182,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

[2011/08/21 11:44:52 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll

[2011/08/21 11:44:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll

[2011/08/21 11:44:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll

[2011/08/21 11:44:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll

[2011/08/21 11:44:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll

[2011/08/21 11:44:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll

[2011/08/21 11:44:53 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll

[2011/10/04 10:08:45 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2011/10/04 10:08:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/10/04 10:08:45 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/10/04 10:08:45 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/10/04 10:08:45 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2011/10/04 10:08:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml

[2011/10/04 10:08:44 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Bell Internet Service Advisor (Enabled) = C:\Program Files (x86)\Bell\Internet Service Advisor\nprpspa.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Michael\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.4_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Google Search = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\

CHR - Extension: Premiumplay Codec-C = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.14.36_0\

CHR - Extension: Skype Click to Call = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

CHR - Extension: Gmail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Premiumplay Codec-C) - {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll (WebPicks)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found

O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found

O4:64bit: - HKLM..\Run: [bellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe (Alcatel-Lucent)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [bISA.exe] C:\Program Files (x86)\Bell\Internet Service Advisor\BISA.exe (Bell)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe ()

O4 - HKCU..\Run: [Google Update] C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [WeatherEye] C:\Users\Michael\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)

O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD4017D7-63EE-4154-9CDD-B396475BB7D4}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{83c04eed-fde4-11e0-afe7-0025647c8ac7}\Shell - "" = AutoRun

O33 - MountPoints2\{83c04eed-fde4-11e0-afe7-0025647c8ac7}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\I\Shell - "" = AutoRun

O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/19 12:49:12 | 000,583,680 | ---- | C] (OldTimer Tools) -- D:\Users\Michael\Desktop\OTL(1).exe

[2012/02/18 21:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/02/18 21:05:52 | 002,322,184 | ---- | C] (ESET) -- D:\Users\Michael\Desktop\esetsmartinstaller_enu.exe

[2012/02/18 20:48:15 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\Michael\Desktop\randomname.com.exe

[2012/02/18 20:44:11 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2012/02/18 20:44:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/02/18 20:44:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/02/18 20:44:11 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2012/02/18 20:44:11 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2012/02/18 20:44:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/02/18 20:44:11 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2012/02/18 20:44:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/02/18 20:44:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2012/02/18 20:44:11 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2012/02/18 20:44:11 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2012/02/18 20:44:11 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2012/02/18 20:44:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/02/18 20:44:11 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2012/02/18 20:44:11 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2012/02/18 20:44:11 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2012/02/18 20:44:11 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2012/02/18 20:44:11 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2012/02/18 20:44:11 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2012/02/18 20:44:11 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2012/02/18 20:44:11 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2012/02/18 20:44:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2012/02/18 20:44:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2012/02/18 20:44:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2012/02/18 20:44:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/02/18 20:44:11 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2012/02/18 20:44:11 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2012/02/18 20:44:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2012/02/18 20:44:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2012/02/18 20:44:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2012/02/18 20:44:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2012/02/18 20:44:11 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2012/02/18 20:44:10 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2012/02/18 20:44:10 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/02/18 20:44:10 | 001,493,504 | ---- | C]

Share this post


Link to post
Share on other sites

To answer your question, it's not limited to one site. Strangely Youtube and Vimeo now seem to be working OK when they weren't before, but other sites that use for example the DivX player or JWplayer, or any of the hosting sites linked to on Dramacrazy.net, or Dramafever.com are all still very slow.

Share this post


Link to post
Share on other sites

The slow streaming is most likely caused by DivX Plus Web Player.

Please first create a Restore Point.

 

Bring up OTL (don't run it just yet).

 

In the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/12 14:24:54 | 000,000,000 | ---D | M]

[2012/02/12 14:24:54 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incre...6PQoDgyRgM&i=26

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found

O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found

@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:07BF512B

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:6387AA6C

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]

""=""%1" %*"

:Files

C:\Program Files (x86)\Vuze_Remote

C:\Program Files (x86)\Astroburn Toolbar

:Commands

[EMPTYTEMP]

[CREATERESTOREPOINT]

Close other windows.

Then click the red 'Run Fix' button (not the Run Scan).

 

Post the log OTL.TXT in your reply.

Share this post


Link to post
Share on other sites

Here is the log which showed up following the reboot:

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.

C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 not found.

C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome\content\images folder moved successfully.

C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome\content folder moved successfully.

C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome folder moved successfully.

C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 folder moved successfully.

File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\zh_TW folder moved successfully.

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\zh_CN folder moved successfully.

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\pt_BR folder moved successfully.

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\ja folder moved successfully.

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\fr folder moved successfully.

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\es folder moved successfully.

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\en folder moved successfully.

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\de folder moved successfully.

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales folder moved successfully.

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\images folder moved successfully.

C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 folder moved successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.

C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll moved successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.

File C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.

File C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.

File C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.

File C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll not found.

64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}\ not found.

ADS C:\ProgramData\TEMP:07BF512B deleted successfully.

ADS C:\ProgramData\TEMP:6387AA6C deleted successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

========== FILES ==========

C:\Program Files (x86)\Vuze_Remote folder moved successfully.

C:\Program Files (x86)\Astroburn Toolbar folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Michael

->Temp folder emptied: 2108288730 bytes

->Temporary Internet Files folder emptied: 43716935 bytes

->Java cache emptied: 1671706 bytes

->FireFox cache emptied: 280231902 bytes

->Google Chrome cache emptied: 26336814 bytes

->Flash cache emptied: 4273 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 355292 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 4561 bytes

 

Total Files Cleaned = 2,347.00 mb

 

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.33.0 log created on 02192012_162120

 

Files\Folders moved on Reboot...

C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Very good. That should have taken care of IncrediBar. How's the streaming video now? Make sure your DivX is up to date.

Share this post


Link to post
Share on other sites

Ok glad the incredibar thing is taken care of, thanks.

 

The streaming video problem is still there, I downloaded and installed the latest version of DivX web player but the videos are still not loading. I'm now getting messages saying "DivX web player could not download the video, please check your internet connection." Maybe it's not a malware problem? I just doubt it's a problem with my internet connection since web pages are loading at a normal speed. Other web players like JWplayer are loading videos just very slowly, so that I have to pause the video and wait 10-15 minutes for it to load even partially.

Share this post


Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Share this post


Link to post
Share on other sites

Here is the FSS log:

 

 

 

Farbar Service Scanner Version: 14-02-2012

Ran by Michael (administrator) on 19-02-2012 at 22:23:47

Running from "D:\Users\Michael\Downloads"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Security Center:

============

 

Windows Update:

============

 

Windows Defender:

==============

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys

[2012-02-16 00:33] - [2011-12-27 22:59] - 0498688 ____A (Microsoft Corporation) 1C7857B62DE5994A75B054A9FD4C3825

 

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

Share this post


Link to post
Share on other sites

I don't know much about streaming media. What happens if you disable those web players and just use Windows Media Player?

You have all these:

Windows Media Player

DivX Plus Web Player

DivX VOD Helper

Adobe Flash player

PepperFlash

You mention JWPlayer but I do not see it in the logs.

Share this post


Link to post
Share on other sites

I tried disabling the others and just using Windows Media Player but it doesn't seem to have done anything, the videos still load but extremely slowly. I don't know much about JWPlayer - I didn't download it but some streaming sites have videos that play and have "JWPlayer" as an icon in the bottom left of the video.

 

What is PepperFlash? I don't think I've ever heard of that before.

 

at any rate this problem may be totally unrelated to malware and the address bar redirect problem seems to have been completely fixed.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.