Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect Virus (rootkit.zeroaccess) [Solved]


  • This topic is locked This topic is locked

#1
Tj N

Tj N

    New Member

  • Member
  • Pip
  • 7 posts
Hi and thank you in advance for viewing this thread.
I'm having a problem using search engines in that I get redirected when I click on my search results.
I'm running Windows 7 and using Firefox and Google Chrome as browsers.
I've tried all the methods known to me to remove this virus (Malwarebytes, Combofix, Hitman Pro, Even resetting router settings to factory settings) but it is still not gone.

When I ran Combofix it picked up on a file called "Rootkit.ZeroAccess" and said it would be particularly hard to remove and it seemed to remove it alright. Before I ran Combofix my desktop had a black background which I could not change, but it went back to normal after I ran Combofix. However I still have redirecting problems in all browsers.
If anyone could help me it would be much appreciated :)

Here are the OTL logs

OTL logfile created on: 4/14/2012 5:26:22 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\user\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 46.27% Memory free
3.93 Gb Paging File | 2.77 Gb Available in Paging File | 70.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 119.55 Gb Free Space | 25.67% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/14 17:25:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/03/18 19:45:17 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/25 12:28:38 | 001,917,384 | ---- | M] (Symbiotic Technologies Pty Ltd) -- C:\Program Files\TrustDefender\TrustDefender\TrustDefender.exe
PRC - [2011/10/25 12:23:56 | 001,790,408 | ---- | M] (Symbiotic Technologies Pty Ltd) -- C:\Program Files\TrustDefender\TrustDefender\TDWatchdog.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/06/03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 22:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/10/09 16:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/18 19:45:17 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/08 10:52:46 | 000,085,288 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o5dra2xo.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko11.dll
MOD - [2012/02/23 05:39:28 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/25 12:17:36 | 000,463,304 | ---- | M] () -- C:\Program Files\TrustDefender\TrustDefender\SQLite.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/06/03 19:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 19:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/09/16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\uphclean.dll -- (HSFHWALI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\agnwifi.dll -- (cfosspeed)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dmisrv.dll -- (AVWLP_USB)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/25 12:28:38 | 001,917,384 | ---- | M] (Symbiotic Technologies Pty Ltd) [Auto | Running] -- C:\Program Files\TrustDefender\TrustDefender\TrustDefender.exe -- (TrustDefender)
SRV - [2011/01/19 19:27:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/11/28 18:54:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisPT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nlndis.sys -- (NLNdisMP)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\user\AppData\Local\Temp\kxldapob.sys -- (kxldapob)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/01/19 13:48:26 | 000,050,832 | ---- | M] (Symbiotic Technologies Pty Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdtdi.sys -- (tdtdi)
DRV - [2011/10/03 20:42:58 | 000,163,632 | ---- | M] (Paragon Software Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\hfsplus.sys -- (Hfsplus)
DRV - [2011/10/03 20:42:58 | 000,044,464 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gpt_loader.sys -- (gpt_loader)
DRV - [2011/10/03 20:42:58 | 000,042,928 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\apmwin.sys -- (apmwin)
DRV - [2011/10/03 20:42:58 | 000,031,792 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mounthlp.sys -- (mounthlp)
DRV - [2011/10/03 20:42:58 | 000,015,152 | ---- | M] (Paragon Software Group) [File_System | Auto | Running] -- C:\Windows\System32\drivers\hfsplusrec.sys -- (HfsplusRec)
DRV - [2010/12/02 11:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/09/04 15:37:44 | 000,054,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/07/16 13:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/05/11 09:04:34 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D B8 AC 1E D2 8E CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {DD074ED9-D4D9-4314-8118-996F9691D2D0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKCU\..\SearchScopes\{DD074ED9-D4D9-4314-8118-996F9691D2D0}: "URL" = http://search.avg.co...{language}&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\user\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 19:45:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/14 14:14:30 | 000,000,000 | ---D | M]

[2011/05/12 21:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011/12/06 11:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5sbo4bxk.default\extensions
[2012/03/30 19:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o5dra2xo.default\extensions
[2012/03/30 19:49:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o5dra2xo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/09 09:48:05 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o5dra2xo.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/03/06 09:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ohkjvfpd.default\extensions
[2012/01/16 15:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2012/03/18 19:45:17 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
[2010/09/14 22:48:25 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2012/02/14 07:38:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 07:38:23 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: TestGen Plug-in 7.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\user\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/14 17:05:01 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [apmwinapp] C:\Program Files\Paragon Software\HFS+ for Windows 9.0\apmwinsrv.exe ()
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HFS Activator] C:\Program Files\Paragon Software\HFS+ for Windows 9.0\activation\hfsactivator.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TrustDefenderWD] C:\Program Files\TrustDefender\TrustDefender\TDWatchdog.exe (Symbiotic Technologies Pty Ltd)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en (DjVuCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BB1CA17-A190-4EA2-A654-F5331BC49325}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/14 17:25:55 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/04/14 17:04:58 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/04/14 16:45:05 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/14 14:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/14 14:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/04/14 13:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\RegAce
[2012/04/14 13:22:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/14 12:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/04/14 12:56:03 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Antivirus stuff
[2012/04/14 11:26:05 | 004,461,135 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/04/14 10:52:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/04/12 10:41:32 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Game
[2012/04/12 10:30:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\YoYo_Games_Ltd
[2012/04/12 10:30:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\GameMaker8.1
[2012/04/12 10:29:57 | 000,000,000 | ---D | C] -- C:\Users\user\GameMaker 8.1
[2012/04/12 10:29:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameMaker 8.1
[2012/04/12 10:29:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GameMaker
[2012/04/11 16:17:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Temporary Projects
[2012/04/10 19:56:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp
[2012/04/10 19:23:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/10 19:23:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/10 19:23:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/10 19:06:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/10 19:06:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/10 18:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/23 07:12:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Yvzy
[2012/03/23 07:12:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ovzius
[2012/03/20 19:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/03/20 19:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/14 17:25:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/04/14 17:13:34 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/14 17:13:34 | 000,019,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/14 17:06:30 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/14 17:06:30 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Oewyq.job
[2012/04/14 17:06:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/14 17:06:19 | 1583,177,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/14 17:05:01 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/04/14 17:02:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3565015860-2070285025-1218467848-1000UA.job
[2012/04/14 17:01:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/14 15:02:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3565015860-2070285025-1218467848-1000Core.job
[2012/04/14 14:04:09 | 000,664,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/14 14:04:09 | 000,125,056 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/14 13:59:53 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\RegAce Scheduled Scan - user.job
[2012/04/14 12:57:02 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/04/14 11:26:44 | 004,461,135 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/04/14 10:52:36 | 000,002,310 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/04/14 10:45:08 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/04/14 10:45:08 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/04/12 10:30:16 | 000,001,774 | ---- | M] () -- C:\Users\user\Desktop\GameMaker 8.1.lnk
[2012/04/10 18:22:40 | 000,001,262 | ---- | M] () -- C:\Windows\System32\.crusader
[2012/04/10 16:57:40 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/07 15:22:52 | 000,000,032 | ---- | M] () -- C:\Users\user\jagex_cl_runescape_LIVE.dat
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/31 16:53:00 | 000,253,952 | RHS- | M] () -- C:\Windows\System32\tapiperf1.dll
[2012/03/30 20:34:09 | 000,000,129 | ---- | M] () -- C:\Users\user\jagex_runescape_preferences2.dat
[2012/03/30 20:32:33 | 000,000,034 | ---- | M] () -- C:\Users\user\jagex_runescape_preferences.dat
[2012/03/22 19:37:23 | 001,772,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/14 17:13:35 | 000,302,592 | ---- | C] () -- C:\Users\user\Desktop\gmer.exe
[2012/04/14 13:27:45 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\RegAce Scheduled Scan - user.job
[2012/04/14 12:57:02 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/04/14 10:52:36 | 000,002,310 | ---- | C] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/04/12 10:30:16 | 000,001,774 | ---- | C] () -- C:\Users\user\Desktop\GameMaker 8.1.lnk
[2012/04/10 19:23:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/10 19:23:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/10 19:23:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/10 19:23:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/10 18:22:40 | 000,001,262 | ---- | C] () -- C:\Windows\System32\.crusader
[2012/03/31 16:53:01 | 000,000,306 | ---- | C] () -- C:\Windows\tasks\Oewyq.job
[2012/03/31 16:53:00 | 000,253,952 | RHS- | C] () -- C:\Windows\System32\tapiperf1.dll
[2012/03/30 20:32:31 | 000,000,032 | ---- | C] () -- C:\Users\user\jagex_cl_runescape_LIVE.dat
[2012/03/04 10:33:23 | 000,007,598 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2012/03/01 02:21:17 | 000,000,001 | ---- | C] () -- C:\ProgramData\cY1532y3.exe_.b
[2012/03/01 02:21:17 | 000,000,001 | ---- | C] () -- C:\ProgramData\cY1532y3.exe.b
[2012/02/29 08:44:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\p6N6d7.dat
[2012/02/28 19:58:40 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/12/08 06:43:18 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/12/08 06:43:18 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/11/22 09:32:37 | 000,020,480 | ---- | C] () -- C:\Windows\System32\PteVideo.dll
[2011/06/10 09:13:24 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/03/30 07:52:58 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/03/30 07:52:58 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/03/30 07:51:31 | 000,069,632 | ---- | C] () -- C:\Program Files\1033.MST
[2011/03/30 07:51:31 | 000,013,660 | ---- | C] () -- C:\Program Files\0x0409.ini
[2011/03/30 07:51:29 | 104,050,688 | ---- | C] () -- C:\Program Files\Samsung New PC Studio.msi
[2011/02/11 11:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/12/17 14:22:24 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/12/17 14:22:24 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/12/13 14:29:14 | 000,004,608 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/13 14:12:26 | 000,000,059 | ---- | C] () -- C:\Windows\LTDLG13N.INI
[2010/11/28 19:12:58 | 000,026,744 | ---- | C] () -- C:\Users\user\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/11/28 19:10:28 | 000,010,660 | ---- | C] () -- C:\Users\user\AppData\Roaming\Comma Separated Values (Windows).EML
[2010/11/18 16:08:13 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010/11/18 16:00:10 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/11/18 15:58:30 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/11/18 15:56:26 | 000,027,455 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/11/18 15:55:54 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/11/18 15:55:50 | 000,020,804 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/08/25 18:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 18:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 18:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 17:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== LOP Check ==========

[2011/07/03 21:07:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011/10/10 08:05:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\abgx360
[2010/12/17 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\avidemux
[2012/04/14 10:43:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Azureus
[2011/06/13 10:27:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Broderbund
[2012/01/16 10:23:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/14 13:46:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2011/10/26 21:10:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDFab
[2011/10/31 16:04:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Electronic Arts
[2011/04/07 21:28:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EndNote
[2011/11/20 14:02:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EPSON
[2011/08/19 10:41:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FrostWire
[2012/04/12 10:30:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GameMaker
[2011/10/16 16:18:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ImgBurn
[2011/03/04 18:15:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\iWin
[2012/02/20 11:10:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2012/03/23 07:12:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ovzius
[2011/04/22 11:53:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
[2011/12/06 11:15:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PFStaticIP
[2012/02/28 20:16:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PrimoPDF
[2011/03/30 07:52:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2012/02/28 19:28:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Softland
[2010/11/28 19:51:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2012/03/04 10:36:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wireshark
[2012/04/10 17:49:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Yvzy
[2012/04/14 17:06:30 | 000,000,306 | ---- | M] () -- C:\Windows\Tasks\Oewyq.job
[2012/04/14 13:59:53 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\RegAce Scheduled Scan - user.job
[2011/09/16 20:49:40 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


And this is the extras log

OTL Extras logfile created on: 4/14/2012 5:26:22 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\user\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 46.27% Memory free
3.93 Gb Paging File | 2.77 Gb Available in Paging File | 70.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 119.55 Gb Free Space | 25.67% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{12383CA3-0733-4210-00B8-D83642F1192C}" = EA SPORTS™ Cricket 07
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{456534C0-51E7-11DF-B336-005056C00008}" = Paragon HFS+ for Windows™ 9.0
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58F9D852-9443-4955-A1ED-12C9E0504DD0}" = Mavis Beacon Teaches Typing Platinum 20
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7D35FC6F-BEE0-41B7-8627-0B12FD1586A3}_is1" = Bigasoft iPhone Ringtone Maker 1.9.1.4331
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8DE206-BE5C-40AA-A74B-5951FCF05372}_is1" = TrustDefender
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPROR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPROR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPROR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A254D625} PicturesToExe 5.6_is1" = PicturesToExe 5.6
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{b2042d5e-986d-44ec-aee3-afe4108ccc93}" = Python 3.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8C3CF7A-9E8F-4C5D-8EC7-FF5A495E178C}" = VitalSource Bookshelf
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Defraggler" = Defraggler
"DjVu" = Document Express DjVu Plug-in (autoinstall)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.2.9 (20/10/2011) Qt Beta
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HFSExplorer" = HFSExplorer 0.21
"HitmanPro36" = HitmanPro 3.6
"ImgBurn" = ImgBurn
"ImTOO Audio Maker" = ImTOO Audio Maker
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"Jewel Quest 2_is1" = Jewel Quest 2
"Luxor 3_is1" = Luxor 3
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Office14.PRJPROR" = Microsoft Project Professional 2010
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"TVWiz" = Intel® TV Wizard
"VLC media player" = VLC media player 1.1.11
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
"GameMaker81" = GameMaker 8.1
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2011 7:32:56 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003

Error - 10/22/2011 7:32:56 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003

Error - 10/22/2011 7:32:57 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/22/2011 7:32:57 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9017

Error - 10/22/2011 7:32:57 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9017

Error - 10/22/2011 7:32:58 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/22/2011 7:32:58 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10078

Error - 10/22/2011 7:32:58 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10078

Error - 10/22/2011 7:45:37 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/22/2011 7:45:37 AM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014

[ System Events ]
Error - 4/13/2012 11:11:47 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/13/2012 11:16:42 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/13/2012 11:21:23 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/13/2012 11:59:54 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The Ntservice1 service terminated with the following error: %%126

Error - 4/13/2012 11:59:54 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The Sfman service terminated with the following error: %%126

Error - 4/13/2012 11:59:54 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The Mcnasvc service terminated with the following error: %%126

Error - 4/14/2012 3:04:58 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/14/2012 3:06:28 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The Ntservice1 service terminated with the following error: %%126

Error - 4/14/2012 3:06:28 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The Sfman service terminated with the following error: %%126

Error - 4/14/2012 3:06:28 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The Mcnasvc service terminated with the following error: %%126


< End of report >

This is also a log of the last time I ran Combofix

ComboFix 12-04-14.02 - user 04/14/2012 21:03:13.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.2013.1048 [GMT 10:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 11:13 . 2012-04-14 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 10:39 . 2012-04-14 10:39 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-04-14 07:39 . 2012-04-14 07:39 -------- d-----w- c:\program files\ESET
2012-04-14 07:04 . 2012-04-14 07:04 -------- d-----w- C:\_OTM
2012-04-14 04:18 . 2012-04-14 04:18 -------- d-----w- c:\program files\Common Files\Java
2012-04-14 04:17 . 2012-04-14 04:17 -------- d-----w- c:\program files\Oracle
2012-04-14 03:27 . 2012-04-14 03:33 -------- d-----w- c:\programdata\RegAce
2012-04-14 02:57 . 2012-04-14 02:57 -------- d-----w- c:\program files\HitmanPro
2012-04-12 00:30 . 2012-04-12 00:30 -------- d-----w- c:\users\user\AppData\Local\YoYo_Games_Ltd
2012-04-12 00:30 . 2012-04-12 00:30 -------- d-----w- c:\users\user\AppData\Local\GameMaker8.1
2012-04-12 00:29 . 2012-04-12 00:30 -------- d-----w- c:\users\user\AppData\Roaming\GameMaker
2012-04-12 00:29 . 2012-04-12 00:29 -------- d-----w- c:\users\user\GameMaker 8.1
2012-04-11 17:01 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 17:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 17:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 17:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 17:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 17:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 06:17 . 2012-04-11 06:19 -------- d-----w- c:\users\user\AppData\Local\Temporary Projects
2012-04-10 09:56 . 2012-04-14 11:13 -------- d-----w- c:\users\user\AppData\Local\temp
2012-04-10 09:56 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-10 08:14 . 2012-04-10 08:22 -------- d-----w- c:\programdata\HitmanPro
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-03-31 06:53 . 2012-03-31 06:53 253952 --sha-r- c:\windows\system32\tapiperf1.dll
2012-03-22 21:12 . 2012-04-10 07:49 -------- d-----w- c:\users\user\AppData\Roaming\Yvzy
2012-03-22 21:12 . 2012-03-22 21:12 -------- d-----w- c:\users\user\AppData\Roaming\Ovzius
2012-03-20 09:54 . 2012-03-20 09:54 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-03-18 09:45 . 2012-03-18 09:45 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 09:45 . 2012-03-18 09:45 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 05:56 . 2010-11-29 00:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-25 16:09 . 2012-02-24 04:57 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-02-22 19:39 . 2011-05-17 03:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-13 20:37 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 20:37 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 20:37 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 02:09 . 2012-02-14 02:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38 . 2012-03-14 17:57 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-08 06:03 . 2012-02-24 19:12 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33CBE32D-9367-48C9-8A4D-D7A4713AF49A}\mpengine.dll
2012-02-03 03:54 . 2012-03-14 17:57 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-28 18:10 . 2010-11-28 08:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 05:32 . 2012-03-13 20:37 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-13 20:37 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-13 20:37 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-01-19 03:48 . 2012-01-19 03:48 50832 ----a-w- c:\windows\system32\drivers\tdtdi.sys
2011-03-29 21:51 . 2011-03-29 21:51 104050688 ----a-w- c:\program files\Samsung New PC Studio.msi
2012-03-18 09:45 . 2011-11-03 22:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-21 7858720]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"apmwinapp"="c:\program files\Paragon Software\HFS+ for Windows 9.0\apmwinsrv.exe" [2011-10-03 65328]
"HFS Activator"="c:\program files\Paragon Software\HFS+ for Windows 9.0\activation\hfsactivator.exe" [2011-10-03 246064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"TrustDefenderWD"="c:\program files\TrustDefender\TrustDefender\TDWatchdog.exe" [2011-10-25 1790408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1415" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]
R3 Hfsplus;Hfsplus;c:\windows\system32\DRIVERS\hfsplus.sys [2011-10-03 163632]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-28 1343400]
S0 apmwin;apmwin;c:\windows\system32\DRIVERS\apmwin.sys [2011-10-03 42928]
S0 gpt_loader;GUID Partition table support driver;c:\windows\system32\DRIVERS\gpt_loader.sys [2011-10-03 44464]
S0 mounthlp;Mounter helper driver for HFS volumes;c:\windows\system32\DRIVERS\mounthlp.sys [2011-10-03 31792]
S1 tdtdi;tdtdi;c:\windows\system32\drivers\tdtdi.sys [2012-01-19 50832]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HfsplusRec;HfsplusRec;c:\windows\system32\DRIVERS\hfsplusrec.sys [2011-10-03 15152]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 TrustDefender;TrustDefender;c:\program files\TrustDefender\TrustDefender\TrustDefender.exe [2011-10-25 1917384]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
S4 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [2012-04-14 335504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 13675006
*NewlyCreated* - KXLDAPOB
*NewlyCreated* - TRUFOSALT
*Deregistered* - 13675006
*Deregistered* - kxldapob
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
HSFHWALI
AVWLP_USB
cfosspeed
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 07:55]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 07:55]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3565015860-2070285025-1218467848-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 05:01]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3565015860-2070285025-1218467848-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 05:01]
.
2012-04-14 c:\windows\Tasks\Oewyq.job
- c:\windows\system32\tapiperf1.dll [2012-03-31 06:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o5dra2xo.default\
FF - prefs.js: browser.startup.homepage - hxxp://newcastle.edu.au/students/current/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6b,1f,dc,44,6d,f6,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,78,6e,3c,95,15,40,4b,94,9b,d8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,78,6e,3c,95,15,40,4b,94,9b,d8,\
.
[HKEY_USERS\S-1-5-21-3565015860-2070285025-1218467848-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{033577D1-7746-88E4-052B-2CF7610FB7EA}*]
"oalkoglghjiodemhjhaoekbmlfehbk"=hex:6b,61,6e,6e,6d,63,61,6b,69,61,66,64,61,6f,
6b,6e,67,69,66,66,70,64,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-14 21:15:07
ComboFix-quarantined-files.txt 2012-04-14 11:15
ComboFix2.txt 2012-04-14 03:22
.
Pre-Run: 127,838,965,760 bytes free
Post-Run: 127,787,601,920 bytes free
.
- - End Of File - - 8D620BF6582373B73383373AE7773D01

Attached Files


Edited by Tj N, 14 April 2012 - 05:23 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - lets see what I can do

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
    [2012/04/14 17:06:30 | 000,000,306 | ---- | M] () -- C:\Windows\tasks\Oewyq.job
    [2012/03/31 16:53:00 | 000,253,952 | RHS- | C] () -- C:\Windows\System32\tapiperf1.dll
    [2012/03/01 02:21:17 | 000,000,001 | ---- | C] () -- C:\ProgramData\cY1532y3.exe_.b
    [2012/03/01 02:21:17 | 000,000,001 | ---- | C] () -- C:\ProgramData\cY1532y3.exe.b
    [2012/02/29 08:44:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\p6N6d7.dat
    [2012/04/10 17:49:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Yvzy

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Tj N

Tj N

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you Essexboy for responding so quickly, I appreciate your help.
I've finished running OTL and am about an hour in the process of an aswMBR scan.
I will post both logs on here upon completion.
Thank you again for responding.
  • 0

#4
Tj N

Tj N

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here we go Essexboy, these are the logs you requested.

Computer status: Haven't been redirected since running the programs you requested, so it's looking good so far :)

OTL logs:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
C:\Windows\Tasks\Oewyq.job moved successfully.
C:\Windows\System32\tapiperf1.dll moved successfully.
C:\ProgramData\cY1532y3.exe_.b moved successfully.
C:\ProgramData\cY1532y3.exe.b moved successfully.
C:\ProgramData\p6N6d7.dat moved successfully.
C:\Users\user\AppData\Roaming\Yvzy folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 7839823 bytes
->Temporary Internet Files folder emptied: 902830 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 84346461 bytes
->Google Chrome cache emptied: 6608881 bytes
->Flash cache emptied: 2269 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98304 bytes
RecycleBin emptied: 128436 bytes

Total Files Cleaned = 95.00 mb



OTL by OldTimer - Version 3.2.39.2 log created on 04152012_080143

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\~DF2A7BC678D9D7C372.TMP not found!

Registry entries deleted on Reboot...

AND

aswMBR logs:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-15 08:10:40
-----------------------------
08:10:40.900 OS Version: Windows 6.1.7601 Service Pack 1
08:10:40.900 Number of processors: 2 586 0x170A
08:10:40.900 ComputerName: USER-PC UserName: user
08:10:53.820 Initialize success
08:17:59.954 AVAST engine defs: 12041401
08:18:54.478 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
08:18:54.478 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
08:18:54.494 Disk 0 MBR read successfully
08:18:54.494 Disk 0 MBR scan
08:18:54.509 Disk 0 Windows 7 default MBR code
08:18:54.525 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
08:18:54.540 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
08:18:54.540 Disk 0 scanning sectors +976771072
08:18:54.587 Disk 0 scanning C:\Windows\system32\drivers
08:19:05.070 Service scanning
08:19:22.839 Modules scanning
08:19:28.907 Disk 0 trace - called modules:
08:19:28.938 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
08:19:29.438 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a13950]
08:19:29.438 3 CLASSPNP.SYS[88f8359e] -> nt!IofCallDriver -> [0x8592b918]
08:19:29.438 5 ACPI.sys[88a993d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85931908]
08:19:30.514 AVAST engine scan C:\Windows
08:19:32.949 AVAST engine scan C:\Windows\system32
08:22:16.438 AVAST engine scan C:\Windows\system32\drivers
08:22:29.261 AVAST engine scan C:\Users\user
08:28:41.961 File: C:\Users\user\Documents\Azureus Downloads\Download Accelerator Plus 8.7.0.5{DEMONOID}{JOHNCANADUDE}\Crack\DAPTraceCleaner.exe **INFECTED** Win32:Malware-gen
08:41:30.186 AVAST engine scan C:\ProgramData
09:50:32.797 Scan finished successfully
09:52:23.261 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
09:52:23.261 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR log.txt"
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok what are your current problems ?

Part of your problem was generated by this

08:28:41.961 File: C:\Users\user\Documents\Azureus Downloads\Download Accelerator Plus 8.7.0.5{DEMONOID}{JOHNCANADUDE}\Crack\DAPTraceCleaner.exe **INFECTED** Win32:Malware-gen

Cracked software always comes with an added bonus, usually a trojan. There are plenty of free programmes out there that can replace paid for programmes without resorting to illegal cracks


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :Files
    ipconfig /flushdns /c
    C:\Users\user\Documents\Azureus Downloads\Download Accelerator Plus 8.7.0.5{DEMONOID}{JOHNCANADUDE}\Crack

    :Commands
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#6
Tj N

Tj N

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay I did what you said and that file is now gone.
Things were running pretty well so I downloaded some security programs like Avast and ran an additional scan just to be sure.
Avast found 2 files:

tappiper1.dll (C:\_OTL\MovedFiles\04152012_080143\C_Windows\System32)
tdx.sys C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e....)

It moved these files into the virus chest and I haven't touched them.
But now when I start my PC up the desktop background is solid black and I can't change it.
It looks like this:

Desktop background.jpg

and when I try and change the settings it looks like this:

Background change.jpg

Other than this problem the system is running fine and I haven't had any redirects.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you right click the desktop, select personalize
Are you able to reset the background picture from there

One that Avast killed was allready quarantined and the other was an old backup file by the look of it
  • 0

#8
Tj N

Tj N

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Nah I tried that but all the windows themes are just showing up as solid black backgrounds.

Here are the symptoms:
-Cannot change desktop background to anything other than solid colors (themes, windows backgrounds and pictures will not work)
-Thumbnail previews aren't showing


Here is what is happening with previews
Symptoms.png

I've tried looking up answers but all I'm hearing about is:
-A corrupted TranscodedWallpaper.jpg located in "%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg"
I didn't want to touch this though.
-Some settings in the registry
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK good old windows 7 forum has a solution to this

Could you follow the directions on this page and also download the default zip

I will look for the thumbnail solution
  • 0

#10
Tj N

Tj N

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Good news my friend, after running combofix again the problem appears to be resolved :)
Both the desktop wallpaper and thumbnail previews have returned.

Desktop is back! WOO HOO!.jpg

Thumbnails too.jpg

I'll post the log just in case you wanted to see what the problem was.

ComboFix 12-04-17.01 - user 04/18/2012 20:10:14.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.2013.1112 [GMT 10:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 10:23 . 2012-04-18 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 09:58 . 2012-04-18 09:54 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-18 09:27 . 2012-04-18 09:37 -------- d-----w- c:\program files\7 Quick Fix
2012-04-18 09:26 . 2012-04-18 09:26 -------- d-----w- c:\program files\Webroot
2012-04-15 04:55 . 2012-03-07 01:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-15 04:55 . 2012-03-07 01:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-15 04:55 . 2012-03-07 01:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-15 04:55 . 2012-03-07 01:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-15 04:55 . 2012-03-07 01:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-15 04:55 . 2012-03-07 01:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-15 04:54 . 2012-03-07 01:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-15 04:54 . 2012-03-07 01:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-15 04:54 . 2012-04-15 04:54 -------- d-----w- c:\programdata\AVAST Software
2012-04-15 04:54 . 2012-04-15 04:54 -------- d-----w- c:\program files\AVAST Software
2012-04-15 04:52 . 2012-04-15 04:56 -------- d-----w- c:\program files\SpywareGuard
2012-04-15 04:50 . 2012-04-15 04:50 -------- d-----w- c:\program files\SpywareBlaster
2012-04-15 03:12 . 2012-04-15 03:48 -------- d-----w- c:\programdata\OnlineArmor
2012-04-15 03:12 . 2012-04-15 03:12 -------- d-----w- c:\users\user\AppData\Roaming\OnlineArmor
2012-04-15 03:10 . 2012-02-10 04:33 42152 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2012-04-15 03:10 . 2012-02-10 04:33 29312 ----a-w- c:\windows\system32\drivers\OAnet.sys
2012-04-15 03:10 . 2012-02-10 04:33 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2012-04-15 03:10 . 2012-02-10 04:33 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2012-04-15 03:10 . 2012-04-15 13:07 -------- d-----w- c:\program files\Online Armor
2012-04-14 22:01 . 2012-04-14 22:01 -------- d-----w- C:\_OTL
2012-04-14 11:44 . 2012-04-14 11:44 2 --shatr- c:\windows\winstart.bat
2012-04-14 11:44 . 2012-04-14 11:54 -------- d-----w- c:\program files\UnHackMe
2012-04-14 11:29 . 2012-04-14 11:58 -------- d-----w- c:\program files\Common Files\PC Tools
2012-04-14 11:28 . 2012-04-14 11:28 -------- d-----w- c:\users\user\AppData\Roaming\TestApp
2012-04-14 11:28 . 2012-04-14 11:28 -------- d-----w- c:\programdata\PC Tools
2012-04-14 10:39 . 2012-04-14 10:39 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-04-14 07:39 . 2012-04-14 07:39 -------- d-----w- c:\program files\ESET
2012-04-14 07:04 . 2012-04-14 07:04 -------- d-----w- C:\_OTM
2012-04-14 04:18 . 2012-04-14 04:18 -------- d-----w- c:\program files\Common Files\Java
2012-04-14 04:17 . 2012-04-14 04:17 -------- d-----w- c:\program files\Oracle
2012-04-14 03:27 . 2012-04-14 03:33 -------- d-----w- c:\programdata\RegAce
2012-04-14 02:57 . 2012-04-14 02:57 -------- d-----w- c:\program files\HitmanPro
2012-04-12 00:30 . 2012-04-12 00:30 -------- d-----w- c:\users\user\AppData\Local\YoYo_Games_Ltd
2012-04-12 00:30 . 2012-04-12 00:30 -------- d-----w- c:\users\user\AppData\Local\GameMaker8.1
2012-04-12 00:29 . 2012-04-12 00:30 -------- d-----w- c:\users\user\AppData\Roaming\GameMaker
2012-04-12 00:29 . 2012-04-12 00:29 -------- d-----w- c:\users\user\GameMaker 8.1
2012-04-11 17:01 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 17:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 17:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 17:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 17:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 17:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 06:17 . 2012-04-11 06:19 -------- d-----w- c:\users\user\AppData\Local\Temporary Projects
2012-04-10 09:56 . 2012-04-18 10:23 -------- d-----w- c:\users\user\AppData\Local\temp
2012-04-10 08:14 . 2012-04-10 08:22 -------- d-----w- c:\programdata\HitmanPro
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-03-22 21:12 . 2012-03-22 21:12 -------- d-----w- c:\users\user\AppData\Roaming\Ovzius
2012-03-20 09:54 . 2012-03-20 09:54 -------- d-----w- c:\program files\Microsoft Analysis Services
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 05:56 . 2010-11-29 00:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-25 16:09 . 2012-02-24 04:57 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-02-22 19:39 . 2011-05-17 03:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-13 20:37 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 20:37 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 20:37 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 02:09 . 2012-02-14 02:09 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38 . 2012-03-14 17:57 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-08 06:03 . 2012-02-24 19:12 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{33CBE32D-9367-48C9-8A4D-D7A4713AF49A}\mpengine.dll
2012-02-03 03:54 . 2012-03-14 17:57 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-28 18:10 . 2010-11-28 08:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 05:32 . 2012-03-13 20:37 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-13 20:37 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-13 20:37 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2011-03-29 21:51 . 2011-03-29 21:51 104050688 ----a-w- c:\program files\Samsung New PC Studio.msi
2012-03-18 09:45 . 2011-11-03 22:04 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 01:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-21 7858720]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"apmwinapp"="c:\program files\Paragon Software\HFS+ for Windows 9.0\apmwinsrv.exe" [2011-10-03 65328]
"HFS Activator"="c:\program files\Paragon Software\HFS+ for Windows 9.0\activation\hfsactivator.exe" [2011-10-03 246064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"TrustDefenderWD"="c:\program files\TrustDefender\TrustDefender\TDWatchdog.exe" [2011-10-25 1790408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2012-02-10 2645440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1415" [?]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2012-02-10 359352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-02-10 42152]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-02-10 25192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2012-02-10 4369208]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]
R3 Hfsplus;Hfsplus;c:\windows\system32\DRIVERS\hfsplus.sys [2011-10-03 163632]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-28 1343400]
S0 apmwin;apmwin;c:\windows\system32\DRIVERS\apmwin.sys [2011-10-03 42928]
S0 gpt_loader;GUID Partition table support driver;c:\windows\system32\DRIVERS\gpt_loader.sys [2011-10-03 44464]
S0 mounthlp;Mounter helper driver for HFS volumes;c:\windows\system32\DRIVERS\mounthlp.sys [2011-10-03 31792]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-02-10 205864]
S1 tdtdi;tdtdi;c:\windows\system32\drivers\tdtdi.sys [2012-01-19 50832]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 HfsplusRec;HfsplusRec;c:\windows\system32\DRIVERS\hfsplusrec.sys [2011-10-03 15152]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2012-02-10 208472]
S2 TrustDefender;TrustDefender;c:\program files\TrustDefender\TrustDefender\TrustDefender.exe [2011-10-25 1917384]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2012-02-10 29312]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
HSFHWALI
AVWLP_USB
cfosspeed
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 07:55]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 07:55]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3565015860-2070285025-1218467848-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 05:01]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3565015860-2070285025-1218467848-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 05:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o5dra2xo.default\
FF - prefs.js: browser.startup.homepage - hxxp://newcastle.edu.au/students/current/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6b,1f,dc,44,6d,f6,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,78,6e,3c,95,15,40,4b,94,9b,d8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,78,6e,3c,95,15,40,4b,94,9b,d8,\
.
[HKEY_USERS\S-1-5-21-3565015860-2070285025-1218467848-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{033577D1-7746-88E4-052B-2CF7610FB7EA}*]
"oalkoglghjiodemhjhaoekbmlfehbk"=hex:6b,61,6e,6e,6d,63,61,6b,69,61,66,64,61,6f,
6b,6e,67,69,66,66,70,64,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3096)
c:\program files\SpywareGuard\spywareguard.dll
c:\windows\system32\MSVBVM60.DLL
c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll
c:\program files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
c:\program files\WinRAR\rarext.dll
c:\program files\MagicISO\misosh.dll
c:\program files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
c:\program files\Nero\Nero 7\Nero CoverDesigner\CoverEdCtrl.ocx
.
Completion time: 2012-04-18 20:25:02
ComboFix-quarantined-files.txt 2012-04-18 10:25
ComboFix2.txt 2012-04-14 11:15
ComboFix3.txt 2012-04-14 03:22
.
Pre-Run: 123,572,822,016 bytes free
Post-Run: 123,268,890,624 bytes free
.
- - End Of File - - C67CBDB6972EDCDF9D2AB39470C06B76

I want to thank you for taking the time to help me through this problem, I really appreciate it.
Thank you

Attached Files


  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm weird as combofix did not appear to do anything, unless it reset some base permissions on the quiet. Methinks I wil ask sUBs about that

If you are happy then:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP