It seems that yesterday I picked up a stubborn search-redirect virus. The redirects don't have any kind of consistency, and are throwing me at other search engines, the yellow pages, stopzilla... you name it.
Yesterday, I did a system scan with AdAware - the result was "Objects Found: 1" but also "Objects Allowed: 1" ... that object was called MyWebSearch. After a quick search, I saw that this was related, so I manually removed it. Things instantly seemed back to normal. I restarted the computer, and things were still working well. However, this morning I found the redirects were back and AdAware is no longer finding any issues, nor is my antivirus.
I hope someone can help me out here - thanks in advance!
_________________________________________________________________
OTL logfile created on: 8/2/2011 2:34:22 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\cheesewallet\Downloads
64bit-Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.33% Memory free
8.20 Gb Paging File | 6.38 Gb Available in Paging File | 77.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 14.94 Gb Free Space | 10.03% Space Free | Partition Type: NTFS
Drive D: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: CHEESEWALLET-PC | User Name: cheesewallet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\cheesewallet\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
========== Modules (SafeList) ==========
MOD - C:\Users\cheesewallet\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (MRV6X64P) -- C:\Windows\SysNative\DRIVERS\MRVW13C.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F3 AF E7 16 5F 1E 68 44 8C 74 ED A2 AA F9 0B AF [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {0c12a885-30cb-48b8-8536-0d3246944bc4}:1.0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/12 06:16:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/15 01:41:54 | 000,000,000 | ---D | M]
[2009/03/08 22:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cheesewallet\AppData\Roaming\Mozilla\Extensions
[2009/03/08 22:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cheesewallet\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/08/02 06:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cheesewallet\AppData\Roaming\Mozilla\Firefox\Profiles\uw0mdg86.default\extensions
[2011/07/29 12:00:02 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\cheesewallet\AppData\Roaming\Mozilla\Firefox\Profiles\uw0mdg86.default\extensions\{0c12a885-30cb-48b8-8536-0d3246944bc4}
[2011/08/02 06:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/07 10:53:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/07 10:53:05 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {16E7AFF3-1E5F-4468-8C74-EDA2AAF90BAf} - File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [smss32.exe] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries00000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries00000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\winlogon32.exe) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/25 00:56:52 | 000,000,046 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{3c296b44-a3ad-11dd-b2e6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3c296b44-a3ad-11dd-b2e6-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2010/05/25 00:56:52 | 002,505,256 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/02 14:26:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/08/02 05:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/08/02 05:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/07/29 12:38:52 | 000,000,000 | ---D | C] -- C:\Users\cheesewallet\riotsGamesLogs
[2011/07/29 12:28:03 | 000,000,000 | ---D | C] -- C:\Users\cheesewallet\AppData\Roaming\LolClient
[2011/07/29 11:11:15 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/07/29 11:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/07/29 02:00:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LoL
[2011/07/29 01:59:25 | 000,000,000 | ---D | C] -- C:\Users\cheesewallet\AppData\Local\PMB Files
[2011/07/29 01:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/02 13:39:20 | 000,004,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 13:39:20 | 000,004,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/02 05:45:51 | 000,755,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/02 05:45:51 | 000,640,102 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/02 05:45:51 | 000,118,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/02 05:40:12 | 000,035,560 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/08/02 05:40:12 | 000,035,560 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/08/02 05:39:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/02 05:39:16 | 4294,238,208 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/02 05:14:15 | 000,055,384 | ---- | M] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/08/02 05:14:13 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2011/08/02 05:11:38 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/07/29 13:50:39 | 000,100,932 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/29 12:00:04 | 000,000,066 | ---- | M] () -- C:\Windows\SysWow64\1622392591
[2011/07/29 11:17:02 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/07/28 12:09:40 | 000,000,373 | ---- | M] () -- C:\Windows\SysWow64\parser_settings.ini
[2011/07/21 14:59:08 | 000,069,376 | ---- | M] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/07/13 03:23:06 | 000,251,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/07 00:39:57 | 004,458,607 | ---- | M] () -- C:\Windows\SysWow64\RJParser.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/02 05:27:26 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2011/08/02 05:14:25 | 000,055,384 | ---- | C] () -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/08/02 05:11:38 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/08/02 05:11:29 | 000,069,376 | ---- | C] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2011/07/29 13:50:39 | 000,100,932 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/07/29 12:00:02 | 000,000,066 | ---- | C] () -- C:\Windows\SysWow64\1622392591
[2011/07/29 11:17:02 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/07/13 01:51:47 | 001,208,832 | ---- | C] () -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 01:51:43 | 002,762,240 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2011/07/13 01:51:40 | 000,450,048 | ---- | C] () -- C:\Windows\SysNative\winsrv.dll
[2011/07/13 01:51:40 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\csrsrv.dll
[2011/05/25 00:41:59 | 000,000,373 | ---- | C] () -- C:\Windows\SysWow64\parser_settings.ini
[2011/05/24 22:12:55 | 004,458,607 | ---- | C] () -- C:\Windows\SysWow64\RJParser.exe
[2011/04/09 22:34:20 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/01 00:54:12 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/12/28 12:23:18 | 000,743,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/13 15:55:03 | 000,035,560 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/03/13 15:55:03 | 000,035,560 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/03/13 15:37:47 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009/08/31 22:25:47 | 000,007,680 | ---- | C] () -- C:\Users\cheesewallet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/25 00:41:46 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/11/03 04:00:27 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/11/03 04:00:27 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/10/30 00:21:54 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/30 00:21:18 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/10/26 15:34:49 | 000,000,732 | ---- | C] () -- C:\Users\cheesewallet\AppData\Local\d3d9caps64.dat
[2006/11/02 11:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
========== LOP Check ==========
[2010/11/19 12:31:59 | 000,000,000 | ---D | M] -- C:\Users\cheesewallet\AppData\Roaming\.purple
[2008/10/26 16:00:18 | 000,000,000 | ---D | M] -- C:\Users\cheesewallet\AppData\Roaming\acccore
[2011/07/10 11:56:25 | 000,000,000 | ---D | M] -- C:\Users\cheesewallet\AppData\Roaming\BitTorrent
[2011/02/13 20:55:40 | 000,000,000 | ---D | M] -- C:\Users\cheesewallet\AppData\Roaming\EVEMon
[2009/09/27 01:20:05 | 000,000,000 | ---D | M] -- C:\Users\cheesewallet\AppData\Roaming\FileZilla
[2010/10/04 18:08:54 | 000,000,000 | ---D | M] -- C:\Users\cheesewallet\AppData\Roaming\gtk-2.0
[2010/10/25 04:38:40 | 000,000,000 | ---D | M] -- C:\Users\cheesewallet\AppData\Roaming\LimeWire
[2011/07/29 12:28:03 | 000,000,000 | ---D | M] -- C:\Users\cheesewallet\AppData\Roaming\LolClient
[2008/10/26 16:27:58 | 000,000,000 | ---D | M] -- C:\Users\cheesewallet\AppData\Roaming\OpenOffice.org
[2011/04/06 05:43:36 | 000,000,000 | ---D | M] -- C:\Users\cheesewallet\AppData\Roaming\RIFT
[2010/03/13 15:39:22 | 000,000,000 | ---D | M] -- C:\Users\cheesewallet\AppData\Roaming\SystemRequirementsLab
[2011/02/22 23:37:55 | 000,000,000 | ---D | M] -- C:\Users\cheesewallet\AppData\Roaming\TS3Client
[2011/08/02 05:38:12 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
_________________________________________________________________
OTL Extras logfile created on: 8/2/2011 2:34:22 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\cheesewallet\Downloads
64bit-Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 57.33% Memory free
8.20 Gb Paging File | 6.38 Gb Available in Paging File | 77.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 14.94 Gb Free Space | 10.03% Space Free | Partition Type: NTFS
Drive D: | 6.99 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: CHEESEWALLET-PC | User Name: cheesewallet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 5C 16 5D 01 12 3B C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-879222449-37799885-543944721-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4CF77B72-7F3B-4BA2-BA78-16583EA097A5}" = lport=56104 | protocol=6 | dir=in | name=pando media booster |
"{5D413BBE-361D-463D-BA13-72462D876E2B}" = lport=56104 | protocol=17 | dir=in | name=pando media booster |
"{688605D1-D481-43DD-8B28-D8EB7386BE11}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{844EC695-DD4B-488C-81DB-690AAAB93668}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{98E0081D-F9B3-4F9F-8F3F-9F7B4C3F1B14}" = lport=56104 | protocol=6 | dir=in | name=pando media booster |
"{C9B5DB3E-4CC6-4CBC-A550-BFA0E42EC023}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D66CFEB9-7FA0-4D65-99E4-D8404833C4E1}" = lport=56104 | protocol=17 | dir=in | name=pando media booster |
"{E3254620-FC18-4690-9777-9F75A059C313}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028D43DC-1F6C-44DB-A693-1979FA83A1F2}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age origins character creator\daoriginslauncher.exe |
"{0ED575A0-1437-4B94-ADD0-B794FA7EAD05}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{10BC10B7-4C75-43E9-B6A6-B16F09E1F43C}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{147FB821-9DD4-4135-A606-1EFD51B20311}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{15E18AF8-8CEA-4B6F-8287-62F1984CBD8A}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"{1B2E2F30-13B8-4B19-A4C9-7B43C0A7EAAF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{1B3A6E93-D298-4F99-88B4-7CB4DC0F0C95}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{22A678D5-76F5-4FA4-BA8E-0F6FB3FDD40F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{24C24557-9A7D-4278-85AC-722F32B020E2}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{27BFB677-4CC2-4583-B61F-52BE30E52ABE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{2A085A89-AE80-453E-A7FB-783241F74B83}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{34EFAAC3-9DC5-4D59-93DF-9B96C46019E0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{356AC05E-BBC7-4621-BE60-3A2F71B254A3}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{3832C637-0320-4C69-A350-B1EF5C92F1A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{3DAE571C-8A65-4DE5-9699-6CE6DF04002E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{412F01BE-641A-4D79-BBE5-C5AF4EC92225}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{419948CA-BFCE-43A6-8E2E-9F9DD3F99BFE}" = protocol=17 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{4294DAB0-0E96-4211-9867-8D369E3731D2}" = protocol=17 | dir=in | app=c:\program files (x86)\evemon\evemon.exe |
"{4A87654B-E3A9-48FB-BB5C-2D15E1A853B4}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{55744D47-F317-481D-8609-AABDDD8A527C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{596E861A-46E8-4364-9410-65BAC3324DB9}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{61244B07-7163-4365-9944-BC95D7D9C2DD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{6BB8AAE6-08C2-4997-B561-3FF4056FE6E0}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{733594BD-0003-41DA-999B-3C16AE9B3161}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{7667A389-B30D-4EBB-940F-BAF171621D62}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{783ABFFF-05A5-4971-AD42-C3576DEC7FEF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7AE067B0-98A9-4334-ADAD-71AAF21C9EC6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7ED3DE55-55B7-4730-BE36-5B08638F4F6B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7F72A0BC-5B21-4DDD-84B7-61403E670BC3}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe |
"{8369C5AE-B583-4D2E-832A-6E74980A110B}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{868B25AB-5A4A-49B7-9898-4A873877FB56}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{8D59D352-26B7-4096-8F8D-C47972BD9462}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{9123CBC3-82D9-4CB5-8BED-B7328EB62C8D}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe |
"{9A2D342B-357E-4B7E-99B6-997D6A49B8DD}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age origins character creator\daoriginslauncher.exe |
"{9AB5746C-D44F-4AA4-A3DC-C7CFDFE28480}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{9AF13485-96CF-4291-893D-96C12298CC4A}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{9CD7E82E-09D2-4F9B-800D-E66F5587F062}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2.exe |
"{9DD940BF-0129-4804-BF6D-8E8F33E8C27A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A827D574-A4F7-483D-A602-29B112EB3850}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B008BBDC-3DE1-4E74-B3E0-D3A55613EAAA}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{B368F7C2-4DD7-4D6E-929A-5ACC9F2E0CE0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{B85512CE-3E39-45E0-985E-7B5803D18556}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe |
"{C6C263D8-4CD9-458F-983D-DA20A71F25B4}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{D54E3453-A777-45DF-8754-8016785D6090}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{D6ECBB31-CB3D-4C54-BBE3-E027B97BE396}" = protocol=6 | dir=in | app=c:\program files (x86)\evemon\evemon.exe |
"{E1A83F94-AD12-42B2-860A-5CD05D6D0150}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{E43728B5-45D0-46BE-9269-B87F6AADEB81}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EA9E1FCC-23F7-4D98-9961-D1DB32FD2965}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{F0CD7F14-032A-4A6F-95C9-AD7C4DF27D37}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{F1626333-E8CE-4701-8225-53551D38E2DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2.exe |
"{F3878EA0-368D-4ABF-90F6-6AD56E48FA19}" = protocol=6 | dir=in | app=c:\program files (x86)\avira\antivir desktop\avcenter.exe |
"{F67A2A25-733C-426C-B6E1-EA58CFE59741}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{FDB70E74-150E-4E60-9BFB-0C8E3337B1A2}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{FDB81F15-A3BA-4F51-8FFC-9034FDCA5DD2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"TCP Query User{26442BC8-588E-44FB-9C2B-68AF00713F41}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{3271E4EB-48A4-4B04-A870-5BC037EABDB7}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"TCP Query User{41F503B3-8446-4C8F-814E-27F7730CFF71}C:\program files (x86)\starwarsgalaxies\testcenter\swgvoiceservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starwarsgalaxies\testcenter\swgvoiceservice.exe |
"TCP Query User{42E59DEF-F215-49BA-A30A-B556EB6C6A16}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"TCP Query User{58D5DB02-D35B-4F10-9A46-A61CD5B4A5DF}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{675F61A2-1E35-41A3-8974-3674B10CF486}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{683FCDDF-D0CF-406B-A933-F0ED60E3A3ED}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{6A0A851C-E9B6-49EE-9E1A-71C63E7C27B4}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"TCP Query User{73E0D3FE-7F79-4030-AD35-099FD8BAA766}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
"TCP Query User{81D1574B-B7A2-4273-9B06-1B6A4AC3B705}C:\users\cheesewallet\appdata\local\temp\blizzard launcher temporary - 70bffb60\launcher.exe" = protocol=6 | dir=in | app=c:\users\cheesewallet\appdata\local\temp\blizzard launcher temporary - 70bffb60\launcher.exe |
"TCP Query User{8435809A-C16D-4E70-95EB-FBBDA438542A}C:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe |
"TCP Query User{885C6621-9F36-4E73-A973-1DAAFA773D52}C:\program files (x86)\starwarsgalaxies\swgvoiceservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starwarsgalaxies\swgvoiceservice.exe |
"TCP Query User{88E551B4-E360-4B8F-8B85-05D2A7CC64B8}C:\users\cheesewallet\appdata\local\temp\blizzard launcher temporary - 7467a450\launcher.exe" = protocol=6 | dir=in | app=c:\users\cheesewallet\appdata\local\temp\blizzard launcher temporary - 7467a450\launcher.exe |
"TCP Query User{BAB6BBF7-9CE5-409A-92FE-8EEF96E91ECF}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe |
"TCP Query User{BB0DC795-FBF6-429E-B3FA-807D1D4E806C}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"TCP Query User{CB8341F7-2655-4414-9155-0EA7C22DD7FF}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"TCP Query User{D8854ACD-6A20-4577-81BF-0B38ED361B35}C:\program files (x86)\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"TCP Query User{F65D4B20-3ABE-434D-A6FF-42351D23C805}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{FF004ECB-3EB7-47E3-B07B-E436897EEFF1}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe |
"UDP Query User{02278899-4299-46F6-8304-BB208D85F2B8}C:\program files (x86)\starwarsgalaxies\swgvoiceservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starwarsgalaxies\swgvoiceservice.exe |
"UDP Query User{1009591E-55C8-4FA2-BBC3-EF7D7406CAC9}C:\program files (x86)\filezilla ftp client\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla ftp client\filezilla.exe |
"UDP Query User{222F67DB-9B0B-48B2-8C3D-4CD854335CCB}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe |
"UDP Query User{2C454E95-5116-4E84-9A3C-D2A2764806AF}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{53C96A67-539F-48BA-81B5-E487DC9A5767}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |
"UDP Query User{5A61108C-F5B6-44D6-841A-12F5D2E8978F}C:\program files (x86)\ventsrv\ventrilo_srv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ventsrv\ventrilo_srv.exe |
"UDP Query User{5A999D49-5C84-4EB3-8D98-E34264050CB6}C:\program files (x86)\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"UDP Query User{71C30D19-3C7C-4D05-AF88-26370B310CCF}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"UDP Query User{735747A0-E6F1-4246-918F-F79E8DFC48D2}C:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe |
"UDP Query User{88171F58-B892-4049-9C17-E1FE5FDDDBC7}C:\users\cheesewallet\appdata\local\temp\blizzard launcher temporary - 70bffb60\launcher.exe" = protocol=17 | dir=in | app=c:\users\cheesewallet\appdata\local\temp\blizzard launcher temporary - 70bffb60\launcher.exe |
"UDP Query User{8ED4DF49-393B-4239-A2FD-FD11CDF3BB51}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{93FB0538-0249-4C58-8803-BDD2270648CE}C:\users\cheesewallet\appdata\local\temp\blizzard launcher temporary - 7467a450\launcher.exe" = protocol=17 | dir=in | app=c:\users\cheesewallet\appdata\local\temp\blizzard launcher temporary - 7467a450\launcher.exe |
"UDP Query User{A9C567CA-C97E-4D8A-BB02-346D4FF91CD7}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{AB5F2B9F-B129-4E68-807B-45D81E2FDA01}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{AC0E8504-82C3-469E-8A06-3A083C9C11EA}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{BC2ADA77-795E-402A-A271-59BCCD4FF11A}C:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\neverwinter nights 2\nwn2main.exe |
"UDP Query User{D39B9FEC-F111-4676-A5B6-1B05477312D7}C:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\fallout 3\fallout3.exe |
"UDP Query User{D6028E5D-5614-4A9E-96F1-E1FD42EA8612}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"UDP Query User{EED25006-5412-4216-BB97-29C5F88BF72D}C:\program files (x86)\starwarsgalaxies\testcenter\swgvoiceservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starwarsgalaxies\testcenter\swgvoiceservice.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052B4734-CD9B-468F-B25D-D1E136B2C95A}" = Ad-Aware
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59E04C6D-9EE0-4F70-9358-62108888C719}" = 2010 DR PEPPER EA GAMES EVERY BOTTLE/CUP WINS PROMOTION
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"EA Download Manager" = EA Download Manager
"FileZilla Client" = FileZilla Client 3.2.7.1
"Foxit Reader" = Foxit Reader
"Guild Wars" = Guild Wars
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PFPortChecker" = PFPortChecker 1.0.39
"Pidgin" = Pidgin
"StarCraft II" = StarCraft II
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 0.9.4
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR archiver
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/2/2011 1:55:08 AM | Computer Name = cheesewallet-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/2/2011 1:55:08 AM | Computer Name = cheesewallet-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/2/2011 5:13:14 AM | Computer Name = cheesewallet-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/2/2011 5:13:16 AM | Computer Name = cheesewallet-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/2/2011 5:13:16 AM | Computer Name = cheesewallet-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/2/2011 5:13:16 AM | Computer Name = cheesewallet-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/2/2011 5:13:16 AM | Computer Name = cheesewallet-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/2/2011 5:13:16 AM | Computer Name = cheesewallet-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/2/2011 5:15:14 AM | Computer Name = cheesewallet-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 8/2/2011 5:15:15 AM | Computer Name = cheesewallet-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 7/2/2011 1:03:18 PM | Computer Name = cheesewallet-PC | Source = HTTP | ID = 15016
Description =
Error - 7/3/2011 7:35:09 PM | Computer Name = cheesewallet-PC | Source = HTTP | ID = 15016
Description =
Error - 7/6/2011 3:48:07 AM | Computer Name = cheesewallet-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.
Error - 7/13/2011 3:23:14 AM | Computer Name = cheesewallet-PC | Source = HTTP | ID = 15016
Description =
Error - 7/17/2011 2:29:49 PM | Computer Name = cheesewallet-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:10:01 AM on 7/17/2011 was unexpected.
Error - 7/17/2011 2:29:51 PM | Computer Name = cheesewallet-PC | Source = HTTP | ID = 15016
Description =
Error - 7/19/2011 11:25:15 AM | Computer Name = cheesewallet-PC | Source = HTTP | ID = 15016
Description =
Error - 8/2/2011 1:54:35 AM | Computer Name = cheesewallet-PC | Source = HTTP | ID = 15016
Description =
Error - 8/2/2011 3:34:56 AM | Computer Name = cheesewallet-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 8/2/2011 5:39:26 AM | Computer Name = cheesewallet-PC | Source = HTTP | ID = 15016
Description =
< End of report >
Redirect Virus
Started by
BTPatrick
, Aug 02 2011 07:53 PM
-
This topic is locked
4 replies to this topic
#2
CeciliaB
-
- Moderator
-
- 5373 posts
Volunteer
Posted 04 August 2011 - 12:49 AM
Hi BTPatrick,
"BitTorrent" = BitTorrent
File sharing is a major source of malicious files. I suggest that you uninstall BitTorrent.
Do you have redirects both in Internet Explorer and in Firefox?
Please, download GooredFix to the desktop from one of the links:
http://jpshortstuff....m/GooredFix.exe
http://downloads.sec...m/GooredFix.exe
Double-click the program to start it.
Click on 'Yes' to start the scan.
Post the log that is displayed. It is also stored on the desktop with the name GooredFix.txt.
"BitTorrent" = BitTorrent
File sharing is a major source of malicious files. I suggest that you uninstall BitTorrent.
Do you have redirects both in Internet Explorer and in Firefox?
Please, download GooredFix to the desktop from one of the links:
http://jpshortstuff....m/GooredFix.exe
http://downloads.sec...m/GooredFix.exe
Double-click the program to start it.
Click on 'Yes' to start the scan.
Post the log that is displayed. It is also stored on the desktop with the name GooredFix.txt.
#3
BTPatrick
-
- Members
-
- 2 posts
Newbie
Posted 04 August 2011 - 06:10 AM
The redirects were occurring in Firefox, but not Chrome. I did not try IE.
As of right now, I am not receiving the redirects at all. I made no changes to any settings and did not take any actions to address any virus so I find it hard to believe that it has disappeared. This makes it much harder to give you any further information about its nature.
_____________________________________________________
GooredFix by jpshortstuff (03.07.10.1)
Log created at 01:05 on 04/08/2011 (cheesewallet)
Firefox version 5.0.1 (en-US)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:34 04/08/2011]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [14:53 07/09/2010]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:14 06/08/2009]
---------- Old Logs ----------
GooredFix[04.33.28_04-08-2011].txt
-=E.O.F=-
As of right now, I am not receiving the redirects at all. I made no changes to any settings and did not take any actions to address any virus so I find it hard to believe that it has disappeared. This makes it much harder to give you any further information about its nature.
_____________________________________________________
GooredFix by jpshortstuff (03.07.10.1)
Log created at 01:05 on 04/08/2011 (cheesewallet)
Firefox version 5.0.1 (en-US)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:34 04/08/2011]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [14:53 07/09/2010]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:14 06/08/2009]
---------- Old Logs ----------
GooredFix[04.33.28_04-08-2011].txt
-=E.O.F=-
#4
CeciliaB
-
- Moderator
-
- 5373 posts
Volunteer
Posted 04 August 2011 - 11:00 AM
Maybe GooredFix fixed it. I think you ran it twice, please post the first log GooredFix[04.33.28_04-08-2011].txt
#5
CeciliaB
-
- Moderator
-
- 5373 posts
Volunteer
Posted 16 September 2011 - 11:11 AM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
