Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Other User Virus

Started by deebouss , Aug 13 2012 07:46 PM

  • Please log in to reply

#1
deebouss
Posted 13 August 2012 - 07:46 PM

deebouss

    Member

  • Member
  • PipPip
  • 15 posts
I downloaded League of Legends a couple days ago, once it completed downloading it asked where I would like to save the contents and I changed the file path so it would save on my desktop. I clicked OK and I look at my desktop and there all of the files and sub folder files needed for installing the game are on my desktop(basically I wasnt paying attention and thought I had installed LoL and was saving the shortcut on my desktop). The problem is when I saved the contents required for installing the game onto my desktop a few folders disappeared and I have no idea where they went. Furthermore, I selected a restore point (using the start menu) which was a few days prior to this incident and it did nothing, the LoL icons were still on my desktop and my folders were still missing. So I decided to restart, F8 and system restore that way and that's when I get the Other User log on screen. My goal is to get the folders back that were on my desktop prior to saving the LoL contents on my desktop.

deebouss

Edited by deebouss, 14 August 2012 - 12:21 PM.

  • 0

Advertisements

#2
Gammo
Posted 17 August 2012 - 12:23 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi deebouss and welcome at Geeks to Go! :thumbsup:

May I ask why you've posted your question in the malware removal forum? Do you think malware is involved?
  • 0

#3
deebouss
Posted 17 August 2012 - 04:55 PM

deebouss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello good Sir,

Thank you for welcoming me!

I didn't really know where else post, and yes I do believe some sort of malware is involved. I can perform a system restore by clicking the 'windows orb', then typing system restore, and following the directions from there. The other way I am able to successfully restore my PC to an ealrier point is by inserting my Windows Vista OS CD and while my PC is booting I press the F12 key and select boot from CD.

Now, when I restart my PC and repeatedly hit the F8 key, I select repair my computer and it takes me directly to a log in screen. There it displays the username "Other User". There is no way for me to get past this log in screen. Furthermore, I've gone to the 'Windows Orb', typed in 'folder options' and on the 'view' tab selected 'show hidden files and folders' and had no success in locating the few folders I had on my desktop prior to installing LoL on my desktop.

I don't know how to find these folders and they are extremely important. I do know it is a bad idea to save items, files, etc. to your desktop but I stil had these important folders saved on my desktop. Any suggestions are greatly appreciated!

Thank you!

deebouss
  • 0

#4
deebouss
Posted 17 August 2012 - 05:28 PM

deebouss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I ran 'Malwarebytes Anti-Malware and it detected some sort of malware. I have attached the log for your review...

Thanks,


Attached File  mbam-log-2012-08-17 (19-25-55).txt   1.95KB   96 downloads
  • 0

#5
Gammo
Posted 17 August 2012 - 06:02 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
I don't think your problem has anything to do with malware, but I can take a look if you want. :thumbsup:

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

  • 0

#6
deebouss
Posted 17 August 2012 - 08:13 PM

deebouss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's what you've asked for:

1.) OTL.txt
2.)Extras.txt


OTL logfile created on: 8/17/2012 9:42:46 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Anthony\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 61.61% Memory free
8.09 Gb Paging File | 6.46 Gb Available in Paging File | 79.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.68 Gb Total Space | 263.69 Gb Free Space | 58.51% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 6.10 Gb Free Space | 40.69% Space Free | Partition Type: NTFS

Computer Name: ANTHONY-PC | User Name: Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 21:41:04 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony\Desktop\OTL.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/18 14:01:01 | 000,619,352 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2011/12/18 14:01:01 | 000,494,424 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/08/12 18:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/06/09 13:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/21 17:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 17:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 17:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\maddisAsm_.bpl


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/03/30 08:25:18 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/30 08:24:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/23 00:55:34 | 002,479,864 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\ATService.exe -- (ATService)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/03 23:12:21 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/18 14:01:01 | 000,494,424 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/10/26 23:37:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/12 18:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/17 11:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/09 13:47:36 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/29 00:14:17 | 000,019,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV:64bit: - [2010/11/26 18:02:26 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/06/25 17:08:56 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009/10/08 15:37:50 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/10 13:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/04/27 03:05:56 | 000,230,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/30 08:25:34 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/01/19 08:38:16 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2009/01/19 08:38:14 | 000,318,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2008/12/30 22:00:22 | 000,172,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/12/23 01:54:58 | 000,548,864 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2008/12/22 05:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/08/25 06:35:36 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2008/07/17 06:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 06:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 06:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 07:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008/06/16 05:25:20 | 000,019,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2008/06/16 05:25:14 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/06/16 05:25:12 | 000,120,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2008/06/16 05:25:10 | 000,092,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2005/09/23 23:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys -- (MarvinBus)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://tuportal3.te...me/displaylogin
IE - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\..\SearchScopes\{054F307F-4B41-4F92-BA03-CD76A6512AB1}: "URL" = http://www.technewsw...erms}&source=IE
IE - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\..\SearchScopes\{3B5CC86E-C1AD-4FD3-B964-01221ABDAD3A}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111253,6902,0,24,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://us.mc1260.mai...jsrand=3676420"
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com...94&searchterm="
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Anthony\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/04/12 03:18:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/16 00:30:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/16 00:30:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2011/04/12 03:18:13 | 000,000,000 | ---D | M]

[2011/01/27 23:48:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions
[2011/01/27 23:48:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/08/15 18:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\j8013ptu.default\extensions
[2012/08/16 00:30:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\j8013ptu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/28 11:32:38 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\j8013ptu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}(57)
[2012/08/16 00:30:07 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\j8013ptu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/13 18:39:29 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\j8013ptu.default\extensions\[email protected]
[2012/08/13 18:39:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\khdbnbd7.default\extensions
[2010/06/16 00:16:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\khdbnbd7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 23:07:59 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\khdbnbd7.default\extensions\[email protected]
[2012/08/13 18:39:29 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\khdbnbd7.default\extensions\[email protected]
[2012/08/16 00:30:07 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\khdbnbd7.default\extensions\vshareus@toolbar
[2010/10/19 17:20:24 | 000,001,919 | ---- | M] () -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\j8013ptu.default\searchplugins\bing-zugo.xml
[2012/08/17 17:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/25 17:56:41 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\ANTHONY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J8013PTU.DEFAULT\EXTENSIONS\[email protected]
[2011/12/07 19:20:09 | 000,048,077 | ---- | M] () (No name found) -- C:\USERS\ANTHONY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J8013PTU.DEFAULT\EXTENSIONS\[email protected]
[2012/05/03 23:12:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/17 01:05:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/17 01:05:18 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Anthony\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4061898741-860443810-2977409800-1000..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4061898741-860443810-2977409800-1000..\Run: [Facebook Update] C:\Users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CDD98AF-E56C-4679-9D0D-46EB3D5FF1A8}: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF92C5BE-D70B-4F3F-BDA7-E7957295DA2B}: DhcpNameServer = 192.168.1.1 71.242.0.12
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 18:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{4616c490-84f0-11e1-9508-002219f1eaad}\Shell - "" = AutoRun
O33 - MountPoints2\{4616c490-84f0-11e1-9508-002219f1eaad}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{e668b69d-be25-11e0-8e86-002219f1eaad}\Shell - "" = AutoRun
O33 - MountPoints2\{e668b69d-be25-11e0-8e86-002219f1eaad}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{e668b774-be25-11e0-8e86-002219f1eaad}\Shell - "" = AutoRun
O33 - MountPoints2\{e668b774-be25-11e0-8e86-002219f1eaad}\Shell\AutoRun\command - "" = H:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 21:41:04 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Anthony\Desktop\OTL.exe
[2012/08/17 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Desktop\OTL
[2012/08/15 22:20:21 | 003,866,832 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Users\Anthony\Documents\file-recovery-setup.exe
[2012/08/15 22:06:51 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Desktop\League of legends
[2012/08/15 21:57:48 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Documents\Dtop items
[2012/08/15 01:43:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/13 19:58:33 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Frozen Throne
[2012/08/13 18:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/08/13 18:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/08/12 12:31:09 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Documents\StarCraft II
[2012/08/12 11:19:18 | 000,000,000 | ---D | C] -- C:\StarCraft II
[2012/08/12 11:17:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2012/08/11 15:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/08/11 15:30:26 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Desktop\Temp
[2012/08/11 15:29:49 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Desktop\Updates
[2012/08/11 14:53:14 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Desktop\Versions
[2012/08/11 14:53:14 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Desktop\Logs
[2012/08/11 14:53:14 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Desktop\Campaigns
[2012/08/11 14:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/08/11 14:53:14 | 000,000,000 | ---D | C] -- C:\Users\Anthony\Desktop\Battle.net
[2012/08/10 23:45:40 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\PokerStars.NET
[2012/08/10 23:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2012/08/09 20:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/09 20:37:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/08/08 21:41:11 | 000,000,000 | ---D | C] -- C:\Users\Anthony\AppData\Local\PMB Files
[2012/08/08 21:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010/03/22 19:04:35 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Anthony\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/17 21:48:06 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/17 21:41:04 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Anthony\Desktop\OTL.exe
[2012/08/17 21:33:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 21:33:31 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 21:28:23 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/08/17 21:28:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/17 21:28:14 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2012/08/17 21:27:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 21:25:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/17 21:17:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/17 20:27:05 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4061898741-860443810-2977409800-1000UA.job
[2012/08/17 20:27:05 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4061898741-860443810-2977409800-1000Core.job
[2012/08/17 17:33:25 | 058,366,524 | ---- | M] () -- C:\Users\Anthony\Documents\-.rar
[2012/08/15 22:20:21 | 003,866,832 | ---- | M] (Auslogics Software Pty Ltd ) -- C:\Users\Anthony\Documents\file-recovery-setup.exe
[2012/08/11 15:30:23 | 003,986,081 | ---- | M] () -- C:\Users\Anthony\Desktop\sc2-x.x.x.x-1.5.0.22342-enUS-Win-Migration-dl
[2012/08/11 15:29:50 | 000,001,209 | ---- | M] () -- C:\Users\Anthony\Desktop\sc2-2.x.x.x-2748-x86-Win-enUS-tools.torrent
[2012/08/11 15:29:49 | 002,129,793 | ---- | M] () -- C:\Users\Anthony\Desktop\sc2-2.x.x.x-2748-x86-Win-enUS-tools-component-dl
[2012/08/08 19:17:34 | 002,353,512 | ---- | M] () -- C:\Users\Anthony\Desktop\LeagueofLegends.exe
[2012/08/03 18:59:45 | 000,003,960 | ---- | M] () -- C:\Users\Anthony\.recently-used.xbel
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/17 21:28:19 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/08/11 15:30:22 | 003,986,081 | ---- | C] () -- C:\Users\Anthony\Desktop\sc2-x.x.x.x-1.5.0.22342-enUS-Win-Migration-dl
[2012/08/11 15:29:50 | 000,001,209 | ---- | C] () -- C:\Users\Anthony\Desktop\sc2-2.x.x.x-2748-x86-Win-enUS-tools.torrent
[2012/08/11 15:29:48 | 002,129,793 | ---- | C] () -- C:\Users\Anthony\Desktop\sc2-2.x.x.x-2748-x86-Win-enUS-tools-component-dl
[2012/08/09 20:38:04 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 20:38:00 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 19:17:34 | 002,353,512 | ---- | C] () -- C:\Users\Anthony\Desktop\LeagueofLegends.exe
[2012/08/03 18:59:45 | 000,003,960 | ---- | C] () -- C:\Users\Anthony\.recently-used.xbel
[2011/09/23 00:04:28 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/29 00:10:57 | 000,000,732 | ---- | C] () -- C:\Users\Anthony\AppData\Local\d3d9caps64.dat
[2011/04/29 00:00:33 | 000,982,224 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/04/29 00:00:33 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/04/29 00:00:33 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/04/29 00:00:32 | 000,092,280 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/04/29 00:00:31 | 000,439,336 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/04/28 22:07:34 | 000,103,784 | ---- | C] () -- C:\Users\Anthony\GoToAssistDownloadHelper.exe
[2011/04/11 00:19:58 | 000,000,136 | ---- | C] () -- C:\ProgramData\~47832840r
[2011/04/11 00:19:58 | 000,000,104 | ---- | C] () -- C:\ProgramData\~47832840
[2011/04/11 00:19:54 | 000,000,336 | ---- | C] () -- C:\ProgramData\47832840
[2011/04/05 17:31:04 | 000,007,168 | ---- | C] () -- C:\Users\Anthony\fbchathistory.dat
[2010/11/04 13:46:00 | 000,000,071 | ---- | C] () -- C:\Users\Anthony\.gtk-bookmarks
[2010/09/22 16:11:13 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/09/20 18:59:12 | 001,822,720 | ---- | C] () -- C:\Users\Anthony\s-1-5-21-4061898741-860443810-2977409800-1000.rrr
[2010/06/06 21:03:36 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/12 09:03:55 | 000,008,122 | -HS- | C] () -- C:\Users\Anthony\AppData\Local\2208174817
[2010/04/12 02:13:14 | 000,008,126 | -HS- | C] () -- C:\Users\Anthony\AppData\Local\1nsO3pTQCOnL
[2010/04/12 02:13:14 | 000,008,126 | -HS- | C] () -- C:\ProgramData\1nsO3pTQCOnL
[2010/04/07 15:57:59 | 000,012,814 | -HS- | C] () -- C:\Users\Anthony\AppData\Local\4g70472qn256v
[2010/04/07 15:57:59 | 000,012,814 | -HS- | C] () -- C:\ProgramData\4g70472qn256v
[2010/03/23 06:31:14 | 000,015,360 | ---- | C] () -- C:\Users\Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/22 22:11:28 | 000,000,000 | ---- | C] () -- C:\Users\Anthony\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2010/03/23 08:08:42 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\acccore
[2012/06/02 03:25:55 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/22 04:54:03 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\DigitalPersona
[2011/02/12 22:58:02 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\GARMIN
[2012/08/16 00:30:05 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\gtk-2.0
[2012/03/17 01:20:26 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\HTC
[2012/08/16 00:30:05 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\IObit
[2011/02/01 21:27:16 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Leawo
[2011/04/16 22:14:44 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\LolClient
[2011/02/01 21:27:17 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Moyea
[2011/03/13 00:11:26 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\ooVoo Details
[2010/09/16 19:22:55 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Opera
[2011/12/23 20:30:39 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Participatory Culture Foundation
[2011/01/27 23:50:29 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Philips
[2012/08/16 00:30:07 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Philips-Songbird
[2010/09/20 18:48:54 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Registry Mechanic
[2010/03/22 22:11:30 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Template
[2010/06/02 01:11:25 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Uniblue
[2012/03/11 21:07:39 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Unifiedroot
[2012/06/12 21:11:36 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\uTorrent
[2010/03/22 05:21:57 | 000,000,000 | ---D | M] -- C:\Users\Anthony\AppData\Roaming\Windows Live Writer
[2012/08/17 20:27:05 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061898741-860443810-2977409800-1000Core.job
[2012/08/17 20:27:05 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061898741-860443810-2977409800-1000UA.job
[2012/08/17 21:28:14 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro64 startups.job
[2012/08/17 21:17:05 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >



OTL Extras logfile created on: 8/17/2012 9:42:46 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Anthony\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 61.61% Memory free
8.09 Gb Paging File | 6.46 Gb Available in Paging File | 79.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.68 Gb Total Space | 263.69 Gb Free Space | 58.51% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 6.10 Gb Free Space | 40.69% Space Free | Partition Type: NTFS

Computer Name: ANTHONY-PC | User Name: Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4061898741-860443810-2977409800-1000\SOFTWARE\Classes\<extension>]
.html [@ = sundialHTML] -- C:\Program Files (x86)\Sundial\sundial.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = D9 F3 2E FD 66 CE CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15569EE7-17E0-441F-B19E-5A55A07EF87E}" = lport=137 | protocol=17 | dir=in | app=system |
"{294900B9-641C-43DA-9851-6EFF6A341BCE}" = rport=445 | protocol=6 | dir=out | app=system |
"{3C034139-2AA1-4EB9-92F0-9B9CFD6C9F55}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6B8DFFE3-3C97-4000-8E3A-5A2A7A9B0D60}" = rport=139 | protocol=6 | dir=out | app=system |
"{7825F2C7-C8E8-4F2C-B15B-66C96F5A8F81}" = rport=137 | protocol=17 | dir=out | app=system |
"{7C20ACC2-BAA7-48B2-8089-775728897F1E}" = lport=138 | protocol=17 | dir=in | app=system |
"{8678B88F-10D9-4B25-AF63-20A2625EAC1C}" = lport=139 | protocol=6 | dir=in | app=system |
"{87502B76-3373-4B2A-A8AF-11DF045F9E38}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{ECE06BC3-BD49-4ED3-AB7F-39D82A96B9E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{F3FB5A19-C2D4-4591-B0F6-B47182764588}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD1E41B8-7A72-4C48-A59A-F511DFCEFFBC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D836EB9-31AB-49B8-80F6-13D3E85E9D67}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{27EDF4D0-4625-481C-961C-F33888830CD9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2A19BE3E-4AFE-4CEA-871A-07059ADB0D3C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{300245BA-7AB0-452F-B931-3A1642F4E7C3}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe |
"{413BE789-6F1A-44FF-8569-3489897204B5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{47F8646F-3DEF-4ABE-8EE7-12D18C439467}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4D34D9F8-ACBD-4C10-A9BB-87F64ED7F517}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{53AFAD78-C00A-43B6-9042-1B90410CC632}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{57A3B60B-8B91-4DBC-B1FC-4924FA16B8BF}" = protocol=1 | dir=in | [email protected],-28543 |
"{6645CEB4-384A-4899-A569-49CCD427C3E1}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe |
"{6EDF9506-F320-4A69-97D1-2A4C140D7046}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe |
"{786C74AC-EF9C-490D-884C-31F3EE8520FF}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe |
"{7D208893-775A-402A-8126-A64AECD55368}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\rm.exe |
"{888A2941-3314-43E6-B017-50E2942B0F1A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{91EF6EA7-6037-45FD-8165-D33E1A991EE5}" = protocol=58 | dir=in | [email protected],-28545 |
"{94DA9EEC-D573-48C0-A9F4-7176159A3A3D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{95A6507F-0610-4C95-B003-A144B5E2FA03}" = dir=in | app=c:\users\anthony\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{97A83A3B-9456-4906-9222-77AB8701C89D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{AA7A6F90-DA75-4819-B492-68D96237FEAB}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\umi.exe |
"{AC72095A-B7F4-48E9-9F24-2277C8695E6D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B2A27792-836B-4C84-8C5C-1B383F35DB15}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B4D1A272-E7BF-4DAB-A550-CDC33055200C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C52B355E-B08B-4DBA-A767-D6259AC0741F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F5F55784-2CAF-4EA2-BD81-486B3315C869}" = protocol=1 | dir=out | [email protected],-28544 |
"{FD122E61-F537-4C7A-9770-5F8C16ACCAB1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{FDB6C87E-CF22-4F38-8948-B9A79007B560}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{1A2980CD-0DDB-4EA9-A9E7-AAB4DC3E4D9C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{27FB62C5-8DA1-4623-A5CA-06D014D9B538}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"TCP Query User{65EB1714-9FD7-4837-9D0A-724440FDC844}C:\program files (x86)\lime pro\limepro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lime pro\limepro.exe |
"TCP Query User{9281AC92-CF65-4A15-BA58-1A33C5D5112B}C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe |
"TCP Query User{DF1F805F-9F8F-4BB0-9405-952345724E6E}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{120D7E1B-F9BF-4600-A541-9D34B5D5E9FC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7333072D-002C-4C1C-8BDD-DD6095926A6B}C:\Program Files (x86)\Pinnacle\Studio 14\Programs\Studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 14\programs\studio.exe |
"UDP Query User{768CBAAD-F008-46A0-9583-9D27A661B7E8}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{A9AFAFC6-4834-462F-BA65-2F9D69ABF5BD}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |
"UDP Query User{D740024B-6611-4103-AE3E-421F08870AD8}C:\program files (x86)\lime pro\limepro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lime pro\limepro.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2247B69B-C764-41D0-B0DA-812F3E00C268}" = DigitalPersona Personal 3.1.0
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{2D2820A1-F214-4B7A-912E-A87E5608CF10}" = Motorola Mobile Drivers Installation 5.0.0
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F2393654-7D1F-48B3-9E4C-4007D120ABB8}" = AuthenTec Fingerprint Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Creative OA001" = Integrated Webcam Driver (1.05.02.1227)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC Optimizer Pro" = PC Optimizer Pro

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65173BC2-60E7-4DE8-A61D-A81FCB96EE93}" = Pinnacle Studio Ultimate Plugins
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Webcam Central" = Dell Webcam Central
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Smart Defrag 2_is1" = Smart Defrag 2
"Sundial 4.0.1 (x86 en-US)" = Sundial 4.0.1 (x86 en-US)
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4061898741-860443810-2977409800-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/12/2012 7:31:36 PM | Computer Name = Anthony-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/12/2012 7:57:53 PM | Computer Name = Anthony-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/12/2012 9:30:07 PM | Computer Name = Anthony-PC | Source = EventSystem | ID = 4609
Description =

Error - 8/12/2012 9:30:57 PM | Computer Name = Anthony-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/12/2012 10:34:34 PM | Computer Name = Anthony-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/12/2012 10:34:37 PM | Computer Name = Anthony-PC | Source = ESENT | ID = 517
Description = Catalog Database (1488) Catalog Database: Database recovery failed
with error -551 because it encountered references to a database, 'C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb',
which does not match the current set of logs. The database engine will not permit
recovery to complete for this instance until the mismatching database is re-instated.
If the database is truly no longer available or no longer required, procedures
for recovering from this error are available in the Microsoft Knowledge Base or
by following the "more information" link at the bottom of this message.

Error - 8/12/2012 10:34:49 PM | Computer Name = Anthony-PC | Source = ESENT | ID = 454
Description = Catalog Database (1488) Catalog Database: Database recovery/restore
failed with unexpected error -551.

Error - 8/12/2012 10:34:50 PM | Computer Name = Anthony-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 8/12/2012 11:11:19 PM | Computer Name = Anthony-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/12/2012 11:14:14 PM | Computer Name = Anthony-PC | Source = System Restore | ID = 8209
Description =

Error - 8/13/2012 5:58:24 PM | Computer Name = Anthony-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/17/2012 9:19:51 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/17/2012 9:19:51 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/17/2012 9:19:51 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/17/2012 9:22:34 PM | Computer Name = Anthony-PC | Source = DCOM | ID = 10005
Description =

Error - 8/17/2012 9:22:43 PM | Computer Name = Anthony-PC | Source = DCOM | ID = 10005
Description =

Error - 8/17/2012 9:22:51 PM | Computer Name = Anthony-PC | Source = DCOM | ID = 10005
Description =

Error - 8/17/2012 9:23:35 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/17/2012 9:23:35 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/17/2012 9:24:28 PM | Computer Name = Anthony-PC | Source = DCOM | ID = 10005
Description =

Error - 8/17/2012 9:29:30 PM | Computer Name = Anthony-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#7
Gammo
Posted 18 August 2012 - 04:44 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0
[2012/07/28 11:32:38 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\j8013ptu.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}(57)
[2012/08/13 18:39:29 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\j8013ptu.default\extensions\[email protected]
[2012/08/13 18:39:29 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\khdbnbd7.default\extensions\[email protected]
[2012/08/16 00:30:07 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\khdbnbd7.default\extensions\vshareus@toolbar
[2010/10/19 17:20:24 | 000,001,919 | ---- | M] () -- C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\j8013ptu.default\searchplugins\bing-zugo.xml
O2 - BHO: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\S-1-5-21-4061898741-860443810-2977409800-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O18 - Protocol\Handler\vsharechrome - No CLSID value found
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2011/04/11 00:19:58 | 000,000,136 | ---- | C] () -- C:\ProgramData\~47832840r
[2011/04/11 00:19:58 | 000,000,104 | ---- | C] () -- C:\ProgramData\~47832840
[2011/04/11 00:19:54 | 000,000,336 | ---- | C] () -- C:\ProgramData\47832840
[2010/09/20 18:59:12 | 001,822,720 | ---- | C] () -- C:\Users\Anthony\s-1-5-21-4061898741-860443810-2977409800-1000.rrr
[2010/04/12 09:03:55 | 000,008,122 | -HS- | C] () -- C:\Users\Anthony\AppData\Local\2208174817
[2010/04/12 02:13:14 | 000,008,126 | -HS- | C] () -- C:\Users\Anthony\AppData\Local\1nsO3pTQCOnL
[2010/04/12 02:13:14 | 000,008,126 | -HS- | C] () -- C:\ProgramData\1nsO3pTQCOnL
[2010/04/07 15:57:59 | 000,012,814 | -HS- | C] () -- C:\Users\Anthony\AppData\Local\4g70472qn256v
[2010/04/07 15:57:59 | 000,012,814 | -HS- | C] () -- C:\ProgramData\4g70472qn256v

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#8
deebouss
Posted 18 August 2012 - 04:26 PM

deebouss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
What is the purpose of these next steps? Currently, my PC is running fine, although it may be infected...I don't know. What exactly will the custom scan/fixes do?

I'd like to locate the folders and files which I kept saved on my desktop. When I saved the installation contents of League of Legends to my desktop I believe all but maybe two or three folders went missing..

Edited by deebouss, 18 August 2012 - 05:41 PM.

  • 0

#9
Gammo
Posted 19 August 2012 - 04:24 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts

What is the purpose of these next steps? Currently, my PC is running fine, although it may be infected...I don't know. What exactly will the custom scan/fixes do?

It removes some malware from your PC. So please follow the steps in my previous post. :)

I'd like to locate the folders and files which I kept saved on my desktop. When I saved the installation contents of League of Legends to my desktop I believe all but maybe two or three folders went missing..

If you use the Windows Explorer to go to the Desktop, do you see the missing folders?
  • 0

#10
deebouss
Posted 19 August 2012 - 05:10 PM

deebouss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I did use Windows Explorer and still could not locate the folders which were on my desktop. I will follow your instructions from the previous post.
  • 0

Advertisements

#11
deebouss
Posted 19 August 2012 - 05:55 PM

deebouss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
okay, I copied and pasted the code into the custom scan field and followed the instructions and after I ran combofix. What's next?
  • 0

#12
Gammo
Posted 20 August 2012 - 08:37 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts

Please include the C:\ComboFix.txt in your next reply.


  • 0

#13
deebouss
Posted 20 August 2012 - 03:30 PM

deebouss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Is this what you were looking for?


ComboFix 12-08-18.03 - Anthony 08/19/2012 19:32:31.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4056.2568 [GMT -4:00]
Running from: c:\users\Anthony\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Anthony\GoToAssistDownloadHelper.exe
c:\windows\system32\DpPwdFlt.dll
c:\windows\SysWow64\tempdir
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 23:40 . 2012-08-19 23:43 -------- d-----w- c:\users\Anthony\AppData\Local\temp
2012-08-19 23:14 . 2012-08-19 23:14 -------- d-----w- C:\_OTL
2012-08-18 04:25 . 2012-08-18 04:25 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-18 04:25 . 2012-08-18 04:25 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-18 01:35 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9221759B-A350-4EA9-973D-EF9B38ABF984}\mpengine.dll
2012-08-13 23:58 . 2012-08-13 23:58 -------- d-----w- c:\users\Anthony\Frozen Throne
2012-08-13 22:39 . 2012-08-13 22:43 -------- d-----w- c:\programdata\HitmanPro
2012-08-13 22:39 . 2012-08-13 22:39 -------- d-----w- c:\programdata\Tarma Installer
2012-08-12 15:19 . 2012-08-12 15:19 -------- d-----w- C:\StarCraft II
2012-08-12 15:17 . 2012-08-12 17:15 -------- d-----w- c:\program files (x86)\StarCraft II
2012-08-11 19:31 . 2012-08-11 19:31 -------- d-----w- c:\programdata\Battle.net
2012-08-11 18:53 . 2012-08-12 17:00 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-08-11 03:45 . 2012-08-15 08:03 -------- d-----w- c:\users\Anthony\AppData\Local\PokerStars.NET
2012-08-11 03:45 . 2012-08-15 08:03 -------- d-----w- c:\program files (x86)\PokerStars.NET
2012-08-10 00:37 . 2012-08-10 00:38 -------- d-----w- c:\program files (x86)\Google
2012-08-09 01:41 . 2012-08-16 03:02 -------- d-----w- c:\users\Anthony\AppData\Local\PMB Files
2012-08-09 01:41 . 2012-08-16 02:06 -------- d-----w- c:\programdata\PMB Files
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 22:25 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-08-10 00:37 . 2012-04-25 21:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-10 00:37 . 2011-10-19 01:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-13 13:58 . 2012-07-11 06:56 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-11 04:08 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 04:08 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 04:08 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 04:08 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 04:08 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 04:08 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 00:32 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 00:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 00:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 00:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 00:32 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-22 00:32 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 00:32 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-22 00:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 00:32 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-22 00:32 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-22 00:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-22 00:31 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 00:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-22 00:31 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 12:49 . 2012-07-11 06:56 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 06:56 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 06:56 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 06:56 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 06:56 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 06:56 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 06:56 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 06:56 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 06:56 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 06:56 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 06:56 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 06:56 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 06:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 06:56 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 06:56 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 06:56 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 06:56 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 06:56 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 06:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 00:22 . 2012-07-11 04:08 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 04:08 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 04:08 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 04:08 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 04:08 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-05-31 16:25 . 2010-03-25 01:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-18 619352]
"Facebook Update"="c:\users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-18 494424]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-30 89600]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061898741-860443810-2977409800-1000Core.job
- c:\users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-19 00:22]
.
2012-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061898741-860443810-2977409800-1000UA.job
- c:\users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-19 00:22]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 00:37]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 00:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-27 309760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-20 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-20 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-20 408600]
"combofix"="c:\combofix\CF5893.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://tuportal3.te...me/displaylogin
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\j8013ptu.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://football.fantasysports.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE
.
**************************************************************************
.
Completion time: 2012-08-19 19:49:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 23:49
.
Pre-Run: 291,325,960,192 bytes free
Post-Run: 290,513,514,496 bytes free
.
- - End Of File - - C380A6A837AF2C3062E5D7111DD09F47
  • 0

#14
Gammo
Posted 20 August 2012 - 04:01 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Firefox::
FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\j8013ptu.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#15
deebouss
Posted 22 August 2012 - 07:51 PM

deebouss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here it is...

ComboFix 12-08-22.03 - Anthony 08/22/2012 21:39:09.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4056.2744 [GMT -4:00]
Running from: c:\users\Anthony\Desktop\ComboFix.exe
Command switches used :: c:\users\Anthony\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 01:45 . 2012-08-23 01:45 -------- d-----w- c:\users\RA Media Server\AppData\Local\temp
2012-08-23 01:45 . 2012-08-23 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-23 01:45 . 2012-08-23 01:45 -------- d-----w- c:\users\Anthony\AppData\Local\temp
2012-08-22 23:16 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C71E32F-AAAA-4779-BD15-152506D5499E}\mpengine.dll
2012-08-19 23:14 . 2012-08-19 23:14 -------- d-----w- C:\_OTL
2012-08-18 04:25 . 2012-08-18 04:25 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-08-18 04:25 . 2012-08-18 04:25 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-08-13 23:58 . 2012-08-13 23:58 -------- d-----w- c:\users\Anthony\Frozen Throne
2012-08-13 22:39 . 2012-08-13 22:43 -------- d-----w- c:\programdata\HitmanPro
2012-08-13 22:39 . 2012-08-13 22:39 -------- d-----w- c:\programdata\Tarma Installer
2012-08-12 15:19 . 2012-08-12 15:19 -------- d-----w- C:\StarCraft II
2012-08-12 15:17 . 2012-08-12 17:15 -------- d-----w- c:\program files (x86)\StarCraft II
2012-08-11 19:31 . 2012-08-11 19:31 -------- d-----w- c:\programdata\Battle.net
2012-08-11 18:53 . 2012-08-12 17:00 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-08-11 03:45 . 2012-08-15 08:03 -------- d-----w- c:\users\Anthony\AppData\Local\PokerStars.NET
2012-08-11 03:45 . 2012-08-15 08:03 -------- d-----w- c:\program files (x86)\PokerStars.NET
2012-08-10 00:37 . 2012-08-10 00:38 -------- d-----w- c:\program files (x86)\Google
2012-08-09 01:41 . 2012-08-16 03:02 -------- d-----w- c:\users\Anthony\AppData\Local\PMB Files
2012-08-09 01:41 . 2012-08-16 02:06 -------- d-----w- c:\programdata\PMB Files
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 22:25 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-08-10 00:37 . 2012-04-25 21:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-10 00:37 . 2011-10-19 01:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-13 13:58 . 2012-07-11 06:56 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-11 04:08 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 04:08 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 04:08 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 04:08 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 04:08 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 04:08 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 00:32 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 00:32 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 00:32 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 00:32 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 00:32 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-22 00:32 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 00:32 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-22 00:32 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 00:32 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-22 00:32 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-22 00:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-22 00:31 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 00:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-22 00:31 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-02 12:49 . 2012-07-11 06:56 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 06:56 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 06:56 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 06:56 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 06:56 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 06:56 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 06:56 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 06:56 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 06:56 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 06:56 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 06:56 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 06:56 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 06:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 06:56 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 06:56 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 06:56 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 06:56 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 06:56 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 06:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 00:22 . 2012-07-11 04:08 347136 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 04:08 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 04:08 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 04:08 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 04:08 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-05-31 16:25 . 2010-03-25 01:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-18 619352]
"Facebook Update"="c:\users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-18 494424]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-03-30 89600]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061898741-860443810-2977409800-1000Core.job
- c:\users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-19 00:22]
.
2012-08-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4061898741-860443810-2977409800-1000UA.job
- c:\users\Anthony\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-19 00:22]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 00:37]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 00:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-27 309760]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-20 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-20 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-20 408600]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://tuportal3.te...me/displaylogin
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 71.242.0.12
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\j8013ptu.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://football.fantasysports.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-08-22 21:48:08
ComboFix-quarantined-files.txt 2012-08-23 01:48
ComboFix2.txt 2012-08-23 01:23
ComboFix3.txt 2012-08-19 23:49
.
Pre-Run: 291,496,497,152 bytes free
Post-Run: 291,058,868,224 bytes free
.
- - End Of File - - 501053815685800BAACC49F7D9DBA5BB
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP