Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Zbot virus help [Solved]


  • This topic is locked This topic is locked

#1
Diedre

Diedre

    Member

  • Member
  • PipPip
  • 26 posts
My pc first started to freeze on 10/27. Kaspersky failed to catch anything so I downloaded Malwarebytes and it found two Trogan.Zbot virus and I deleted them. My pc continuted to freeze while MBAM didn't find anything else. I recently ran a online scan using Eset and it found three HTML/Serinject.B.Gen virus and I deleted those as well. The more info I read on geekstogo, I realize I probably shouldn't be so quick to delete. I have pasted the Oldtimer log as suggested.

Please help.



OTL logfile created on: 11/3/2012 3:04:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\IE NET\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 56.17% Memory free
5.98 Gb Paging File | 4.64 Gb Available in Paging File | 77.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 67.54 Gb Free Space | 45.35% Space Free | Partition Type: NTFS

Computer Name: HOME1234-PC | User Name: IE NET | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 14:59:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IE NET\Desktop\OTL.exe
PRC - [2012/10/31 10:11:57 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012/06/19 17:11:32 | 001,974,272 | ---- | M] () -- C:\iDailyDiary\iDD.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 17:11:32 | 001,974,272 | ---- | M] () -- C:\iDailyDiary\iDD.exe
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010/08/19 22:39:30 | 000,524,288 | ---- | M] () -- C:\iDailyDiary\iDB.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/19 06:10:54 | 000,037,216 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2012/07/11 14:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/04/14 19:01:46 | 001,052,328 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxeecoms.exe -- (lxee_device)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/04/20 12:24:32 | 000,566,704 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxblcoms.exe -- (lxbl_device)
SRV - [2012/11/02 18:32:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/31 10:11:57 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012/10/24 13:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/19 06:10:58 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/09/19 06:10:54 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/23 12:31:06 | 000,031,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/20 12:24:20 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxblcoms.exe -- (lxbl_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/03 08:58:30 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/11/02 17:20:05 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\55405276.sys -- (55405276)
DRV:64bit: - [2012/10/31 10:15:59 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/25 01:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/08/17 05:13:21 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\43119978.sys -- (43119978)
DRV:64bit: - [2011/08/16 01:13:38 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\92998438.sys -- (92998438)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/07 16:40:06 | 000,716,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/01/03 04:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/01/03 04:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/01/03 04:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/12/21 01:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/08/18 09:53:38 | 000,038,768 | ---- | M] (IMFirewall Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\imnpf.sys -- (IMNPF)
DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/01 18:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/06/30 01:10:58 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/23 20:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/12/26 03:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)
DRV - [2012/08/29 16:42:28 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0BC6E3FA-78EF-4886-842C-5A1258C4455A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {194A21F1-2142-45A7-8A4D-3C0B1A2B4043}
IE - HKCU\..\SearchScopes\{194A21F1-2142-45A7-8A4D-3C0B1A2B4043}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?...ID=msnHomepage"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}:1.1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:2.0.2.039
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.1.0: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.1.0: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/11/01 01:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/11/01 01:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/11/01 01:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/11/17 17:28:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/01 01:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/11/02 21:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/11/02 18:59:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/11/02 21:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/02 18:18:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/02 18:59:02 | 000,000,000 | ---D | M]

[2012/11/02 18:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IE NET\AppData\Roaming\Mozilla\Extensions
[2012/07/19 19:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/07/19 19:44:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/11/03 09:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\qw12shr0.default\extensions
[2012/05/09 19:11:03 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2012/11/03 09:50:21 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\qw12shr0.default\extensions\[email protected]
[2012/11/02 18:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/02 18:59:05 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/11/02 21:23:51 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAM FILES (X86)\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2012/10/24 13:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 13:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 13:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: The Vampire Diaries 001 = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkhfjdehckdomepilagalhldddpcakk\1_0\
CHR - Extension: YouTube = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtual Keyboard = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Codec-V = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.61_0\crossrider
CHR - Extension: Codec-V = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.20.61_0\
CHR - Extension: No name found = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [iDailyDiary] C:\iDailyDiary\iDD.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\IE NET\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7620\Launcher.exe (Webshots.com)
O4 - Startup: C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55405276.lnk = C:\Users\IE NET\AppData\Local\Temp\_uninst_55405276.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32846F85-BE5C-4C81-B282-A4FAB250FF8F}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5837953-A1AE-4CDC-BDB3-26E6A8C8906C}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dd4aea0d-2efc-11e1-90b6-0025118a17d9}\Shell - "" = AutoRun
O33 - MountPoints2\{dd4aea0d-2efc-11e1-90b6-0025118a17d9}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/03 14:59:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\IE NET\Desktop\OTL.exe
[2012/11/03 13:55:51 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\QuickScan
[2012/11/02 18:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/11/02 18:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/11/02 18:39:25 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\Macromedia
[2012/11/02 18:18:56 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\Mozilla
[2012/11/02 18:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/02 18:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/02 18:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/02 14:16:08 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\WinPatrol
[2012/11/02 14:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/11/02 14:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2012/11/02 14:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/11/02 14:11:59 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/11/02 10:33:51 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\55405276.sys
[2012/11/01 23:19:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%Report%
[2012/11/01 17:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/01 14:31:06 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\Malwarebytes
[2012/11/01 14:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/01 14:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/01 14:29:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/01 14:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/01 11:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/01 00:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2012/11/01 00:12:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2012/11/01 00:12:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/10/31 23:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/31 21:47:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/31 19:30:35 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/31 19:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/31 19:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/31 18:16:30 | 000,000,000 | ---D | C] -- C:\Users\IE NET\Documents\SRM
[2012/10/31 16:30:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/10/31 16:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2012/10/31 16:15:27 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\SlimWare Utilities Inc
[2012/10/30 23:32:28 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\GetRightToGo
[2012/10/30 22:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2012/10/30 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/10/30 17:43:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/10/30 14:54:26 | 000,000,000 | ---D | C] -- C:\ldiag
[2012/10/30 14:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2012/10/30 14:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo
[2012/10/30 14:37:43 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\LSC
[2012/10/30 14:28:27 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\LSC
[2012/10/30 14:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2012/10/30 12:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2012/10/29 22:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/10/29 20:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/10/27 10:45:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/26 16:11:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[2012/10/25 22:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2012/10/25 19:49:09 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2012/10/24 16:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGI
[2012/10/24 16:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\agi
[2012/10/20 15:53:37 | 207,326,032 | ---- | C] (Kaspersky Lab) -- C:\Users\IE NET\Desktop\KasperskyPURE12.0.1.288en-US-FB.exe
[2012/10/11 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\CrashRpt
[2012/10/11 10:11:20 | 000,000,000 | ---D | C] -- C:\Users\IE NET\Documents\Smile
[2012/10/11 10:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webshots
[2012/10/06 00:01:18 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\{9D280251-C8C8-47E4-B307-05359DAD1F9C}
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/03 14:59:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IE NET\Desktop\OTL.exe
[2012/11/03 14:15:07 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012/11/03 13:10:36 | 000,000,124 | ---- | M] () -- C:\Users\IE NET\AppData\Roaming\mbam.context.scan
[2012/11/03 10:49:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/03 10:46:02 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/11/03 10:26:13 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/03 10:15:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/03 09:03:35 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/03 09:03:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/03 08:58:30 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/11/03 08:58:26 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/02 18:20:39 | 000,001,140 | ---- | M] () -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2012/11/02 17:20:05 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\55405276.sys
[2012/11/02 10:35:54 | 000,000,973 | ---- | M] () -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55405276.lnk
[2012/11/01 23:31:59 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3423992899-3802321084-3640386065-1004.job
[2012/11/01 23:18:56 | 000,415,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/01 22:32:21 | 000,000,017 | ---- | M] () -- C:\Users\IE NET\AppData\Local\resmon.resmoncfg
[2012/11/01 01:07:58 | 000,880,828 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/01 01:07:58 | 000,734,266 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/01 01:07:58 | 000,146,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/31 10:15:59 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/27 17:34:01 | 000,017,288 | ---- | M] () -- C:\bootsqm.dat
[2012/10/25 16:39:04 | 000,011,776 | ---- | M] () -- C:\Users\IE NET\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/20 15:59:36 | 207,326,032 | ---- | M] (Kaspersky Lab) -- C:\Users\IE NET\Desktop\KasperskyPURE12.0.1.288en-US-FB.exe
[2012/10/08 00:22:35 | 000,001,082 | ---- | M] () -- C:\Users\IE NET\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/03 13:10:36 | 000,000,124 | ---- | C] () -- C:\Users\IE NET\AppData\Roaming\mbam.context.scan
[2012/11/02 18:32:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/02 18:18:37 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/02 10:35:54 | 000,000,973 | ---- | C] () -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55405276.lnk
[2012/11/01 23:26:55 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3423992899-3802321084-3640386065-1004.job
[2012/11/01 23:18:45 | 000,415,208 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/01 22:32:21 | 000,000,017 | ---- | C] () -- C:\Users\IE NET\AppData\Local\resmon.resmoncfg
[2012/11/01 11:11:10 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012/11/01 00:13:10 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/11/01 00:12:55 | 000,015,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/10/27 17:34:01 | 000,017,288 | ---- | C] () -- C:\bootsqm.dat
[2012/10/25 19:49:54 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/10/24 16:11:15 | 000,001,140 | ---- | C] () -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2012/10/24 16:11:15 | 000,001,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webshots Desktop.lnk
[2012/05/09 19:12:06 | 000,000,125 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/23 13:57:54 | 000,060,304 | ---- | C] () -- C:\Users\IE NET\g2mdlhlpx.exe
[2011/09/06 22:12:22 | 000,017,408 | ---- | C] () -- C:\Users\IE NET\AppData\Local\WebpageIcons.db
[2011/08/06 13:32:52 | 000,011,776 | ---- | C] () -- C:\Users\IE NET\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 14:04:00 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblinpa.dll
[2011/05/14 14:04:00 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxblcomx.dll
[2011/05/14 14:04:00 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBLinst.dll
[2011/05/14 14:03:59 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblpmui.dll
[2011/05/14 14:03:59 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbliesc.dll
[2011/05/14 14:03:57 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblusb1.dll
[2011/05/14 14:03:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblserv.dll
[2011/05/14 14:03:56 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblppls.exe
[2011/05/14 14:03:56 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblprox.dll
[2011/05/14 14:03:55 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbllmpm.dll
[2011/05/14 14:03:55 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblih.exe
[2011/05/14 14:03:55 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblpplc.dll
[2011/05/14 14:03:54 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblhbn3.dll
[2011/05/14 14:03:53 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcomc.dll
[2011/05/14 14:03:53 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcoms.exe
[2011/05/14 14:03:53 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcomm.dll
[2011/05/14 14:03:52 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcfg.exe
[2011/04/30 22:01:41 | 000,001,481 | ---- | C] () -- C:\Users\IE NET\.recently-used.xbel
[2011/03/30 12:28:26 | 000,874,552 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/22 20:09:24 | 000,000,114 | -H-- | C] () -- C:\Users\IE NET\AppData\Local\tokdet56.dat
[2011/03/13 19:55:40 | 000,000,632 | RHS- | C] () -- C:\Users\IE NET\ntuser.pol
[2011/03/07 16:40:34 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe
[2011/03/07 16:40:33 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/11/19 12:50:04 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\.jbwmdesktop
[2011/08/22 15:53:47 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\AlauxSoft
[2012/04/14 23:51:31 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\AnvSoft
[2011/10/18 16:52:52 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\Azureus
[2012/05/09 19:11:11 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\Babylon
[2011/11/19 12:50:19 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\bwm
[2011/12/25 14:28:35 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\com.kodakgallery.AirUploader
[2011/11/20 16:58:19 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\DriverCure
[2012/07/19 19:44:57 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\DVDVideoSoft
[2012/07/19 19:44:44 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/27 19:31:44 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\FreeFileViewer
[2012/04/14 15:54:47 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\GetGo Software
[2012/10/30 23:43:57 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\GetRightToGo
[2011/10/18 16:52:52 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\gtk-2.0
[2012/10/30 14:28:27 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\LSC
[2011/08/30 11:53:32 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\MechCAD
[2012/11/03 13:55:56 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\QuickScan
[2011/05/01 19:59:15 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\ReliSimple
[2012/10/31 21:58:30 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\SanDisk
[2011/12/25 14:48:50 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\Skinux
[2011/11/20 16:58:19 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\SpeedyPC Software
[2012/11/02 12:18:06 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\Spotify
[2012/10/08 00:08:47 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\TuneUp Software
[2012/10/24 16:11:22 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\Webshots
[2012/11/02 14:17:53 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\WinPatrol
[2012/07/13 12:07:40 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\WinZip
[2012/06/03 13:44:34 | 000,000,000 | -HSD | M] -- C:\Users\IE NET\AppData\Roaming\wyUpdate AU
[2012/07/14 13:15:11 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:06C5B98F

< End of report >
  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hello Diedre and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Hi Diedre,
Can you please run these two programs for me and post the resulting log files while I examine the log file you already posted?

Step 1
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply

Step 2
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Scan

Posted Image

A log will be produced at C:\ADWCleaner[XX].txt please attach that in your next post

In your next reply I would like to see:
  • ASWmbr log file
  • ADWCleaner log file
  • Can you please post the extras.txt log that OTL generated -- it should be on your desktop
  • What are the current symptoms on your computer?

  • 0

#3
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello Crowbar,

Thank you for taking the time to help. I have pasted the logs below as requested. I added the mbam log with the virus it said it found and the superantispyware log with the suspicious items it found from last night's scan. I have been able to download these programs and get the logs without having to reboot in safe mode with networking, but its been a slow process. I also ran an Eset online scan last night and it found two more HTML/Scrinject.B.Gen virus but I didn't delete it. Wondering if that was a false positive.

Current symptoms are the pc is still freezing a lot and programs won't open when clicked on then open two minutes later. It seems like the longer I stay online the more it freezes. When I first booted this morning, I received an error that windows cannot find 8424974.exe. Make sure you typed the name correctly, and then try again. Not sure what happened there.



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-04 12:21:55
-----------------------------
12:21:55.427 OS Version: Windows x64 6.1.7601 Service Pack 1
12:21:55.427 Number of processors: 2 586 0x170A
12:21:55.443 ComputerName: HOME1234-PC UserName: IE NET
12:22:12.501 Initialize success
12:24:03.524 AVAST engine defs: 12110400
12:28:40.658 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
12:28:40.658 Disk 0 Vendor: WDC_WD1600AAJS-22PSA0 05.06H05 Size: 152627MB BusType: 3
12:28:40.689 Disk 0 MBR read successfully
12:28:40.689 Disk 0 MBR scan
12:28:40.689 Disk 0 Windows 7 default MBR code
12:28:40.705 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:28:40.720 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
12:28:40.736 Disk 0 scanning C:\Windows\system32\drivers
12:28:52.967 Service scanning
12:29:16.226 Modules scanning
12:29:16.226 Disk 0 trace - called modules:
12:29:16.242 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
12:29:16.242 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003472740]
12:29:16.242 3 CLASSPNP.SYS[fffff880021c543f] -> nt!IofCallDriver -> [0xfffffa8003350520]
12:29:16.257 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800333b680]
12:29:17.817 AVAST engine scan C:\Windows
12:29:20.610 AVAST engine scan C:\Windows\system32
12:32:42.147 AVAST engine scan C:\Windows\system32\drivers
12:33:01.288 AVAST engine scan C:\Users\IE NET
12:47:51.869 AVAST engine scan C:\ProgramData
12:52:48.363 Scan finished successfully
13:04:14.514 Disk 0 MBR has been saved successfully to "C:\Users\IE NET\Desktop\MBR.dat"
13:04:14.561 The log file has been saved successfully to "C:\Users\IE NET\Desktop\aswMBR.txt"



# AdwCleaner v2.006 - Logfile created 11/04/2012 at 13:16:00
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : IE NET - HOME1234-PC
# Boot Mode : Normal
# Running from : C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBVHHBUB\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\AGI
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Smartdl
Folder Found : C:\ProgramData\AGI
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\IE NET\AppData\Local\Conduit
Folder Found : C:\Users\IE NET\AppData\LocalLow\AGI
Folder Found : C:\Users\IE NET\AppData\LocalLow\Conduit
Folder Found : C:\Users\IE NET\AppData\LocalLow\PriceGong
Folder Found : C:\Users\IE NET\AppData\Roaming\Babylon

***** [Registry] *****

Key Found : HKCU\Software\AGI
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\Software\AGI
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\bflixtoolbar
Key Found : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKU\S-1-5-21-3423992899-3802321084-3640386065-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\qw12shr0.default\prefs.js

Found : user_pref("extensions.enabledAddons", "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145,{1BC4187C-4B[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5722 octets] - [04/11/2012 13:09:59]
AdwCleaner[R2].txt - [5661 octets] - [04/11/2012 13:16:00]

########## EOF - C:\AdwCleaner[R2].txt - [5721 octets] ##########




OTL Extras logfile created on: 11/3/2012 3:04:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\IE NET\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 56.17% Memory free
5.98 Gb Paging File | 4.64 Gb Available in Paging File | 77.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 67.54 Gb Free Space | 45.35% Space Free | Partition Type: NTFS

Computer Name: HOME1234-PC | User Name: IE NET | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0619C1B7-B15A-4ABD-90F2-F4E96368ABCF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1FF28CD4-5AE0-46EE-8F9F-57F6B5C35E76}" = rport=138 | protocol=17 | dir=out | app=system |
"{208ED469-DEC9-4F33-8D29-44AA0C9DEE7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2738F011-4ECE-47EA-B958-8A704DA3CE54}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{30FD7FF2-CC71-4229-9AC0-305E8411738C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3339166B-855D-4BBB-9CE7-AC121674B2B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48D285AA-CDDF-4488-9CF5-B1C4FDB1604E}" = lport=445 | protocol=6 | dir=in | app=system |
"{4B02A8A1-FC4C-43B4-AE01-A20AD6BF8A8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{723070AC-C915-407E-8BA8-BB9696BB4EF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75585679-7F3A-4430-A0CA-CE6F5FBDD374}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{782F857D-47F0-455C-9278-0697397149A6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8B041CF0-D0A9-48C8-9E3D-2279EF83234D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FB37635-7BC0-4C5E-9B3B-EE2B190E9CA3}" = rport=139 | protocol=6 | dir=out | app=system |
"{90F2D86D-2066-4E02-B36B-F070A308EF29}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91401B0E-3C3E-4D72-B15D-8503954CFE1A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5583249-59CF-457B-A370-8930EE7BC96A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B69C4A66-4262-44F5-9F82-B5E40161FCB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B86FFEAA-5856-4175-A342-061E25D1190D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEC3B83A-3313-4CDA-8EDB-E753777DECB3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BF596326-7714-48F2-96F8-69AC98C2657A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C2D0F2CB-1387-4B0D-B15E-9279F7160C5F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C94799B9-2FE8-4804-8AA3-F4A6DBAFB81B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCD09DF3-0049-45AA-B207-C9228FF4F0BC}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CE56DA9C-BFCD-4B3F-B788-74013FD06658}" = rport=137 | protocol=17 | dir=out | app=system |
"{D09E9C3A-6F81-4729-8328-A5EC07B5F326}" = rport=445 | protocol=6 | dir=out | app=system |
"{D37EBA58-3498-4734-8F1B-87286F585DAF}" = lport=139 | protocol=6 | dir=in | app=system |
"{E237F544-2D44-455D-986E-AAA9FC9456FB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E83FF18F-6BA2-4A33-BA6F-75744AA98291}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EC1660DA-22ED-4F51-BACE-B514117718D7}" = lport=138 | protocol=17 | dir=in | app=system |
"{EE4A2CCF-CF01-4E64-BA84-04EF37E7ED63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1BBC180-7504-4633-A5D3-4C3D48AD0378}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F268F63E-9D6A-40EC-9A2A-C00D4D9BFF3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F30A999F-7B6B-42D4-B4E9-23B65A273712}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F52BE151-0B42-443F-A130-1143CCFE84D6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FB5D2286-8049-4DF8-B42C-45A627233666}" = lport=137 | protocol=17 | dir=in | app=system |
"{FE4E06DC-1221-47DC-B075-33824EA1D875}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055D0AFD-6587-4A0E-BC01-80B7C493C659}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E29B101-DBED-4C7B-AC3E-ADCEEADB33AE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{122EDEE4-9D3A-44E0-A729-C379EF8602BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17DBE485-2B71-4B59-9100-6BD4FECE0C68}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1863E3A8-9461-4066-9C57-CA595DB536B2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{197DC31E-949D-4586-BAAB-E18A07CAECD2}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{1B377AAB-DB04-46DB-B2DD-0F78E309B5F5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21827776-FE24-4F41-BE23-ACBB00E3ECA3}" = protocol=1 | dir=out | [email protected],-28544 |
"{2AA2A1CD-8BED-4B20-99C9-EDF439434ADB}" = protocol=58 | dir=in | [email protected],-28545 |
"{39B036B5-BA3D-4390-89D0-DCAA664BDC20}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{39F11BCB-89B2-406D-AB32-BDC6BF72C2A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CEDBE15-B754-4A52-896B-457BF4161B97}" = protocol=6 | dir=out | app=system |
"{3D560F51-31BF-44D6-853A-97EE05A0BC4D}" = protocol=6 | dir=in | app=c:\program files (x86)\7-zip\7zfm.exe |
"{603EA2CA-9163-405C-8570-2222AD7873C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6163F805-FF5C-4708-8F3E-528ABF03C84E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6440E546-38F0-4557-A28E-A9102C3F47E6}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{7653141B-811A-42D0-90EB-B852C08DE8FD}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{893BEE10-FF7D-4211-ACE8-B48901A0444D}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{8EA890E2-E84C-4D81-97ED-6AACF95DD1D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5BAB383-C467-499C-93AC-7A9C2322E989}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"{AB646B59-14DD-47B4-8340-E852E2E5C81C}" = protocol=58 | dir=out | [email protected],-28546 |
"{B1C39578-3E26-46AC-BC0C-052637E22295}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D28BFCF4-DB9A-4ABC-8414-6A6D59808FE1}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D7E20ADF-4183-4F75-A6C8-4CECE739075F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBF03D12-D559-445C-A336-C351DA6B050F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E0A5F38B-2A0E-4482-8AF7-B0D6C5853F80}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2B04224-EA05-4636-AF98-EC9F752A2E64}" = protocol=17 | dir=in | app=c:\program files (x86)\7-zip\7zfm.exe |
"{F83DB054-57EA-4E42-B487-942C7A052B4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FEB50031-D293-4194-A8FB-DE072619252F}" = protocol=1 | dir=in | [email protected],-28543 |
"{FFCB30E7-4E6F-4BE3-BECB-CC90D649836C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{3316FFC7-3DA3-435A-871E-E5C06BB4A3CF}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{33F1E70F-75F2-4807-9E05-0431F5F984BD}C:\users\ie net\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ie net\appdata\roaming\spotify\spotify.exe |
"UDP Query User{73F906CD-8880-46EC-A693-19597B1FB4DC}C:\users\ie net\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ie net\appdata\roaming\spotify\spotify.exe |
"UDP Query User{80DBC09D-7E9B-4946-B5CE-0C3744F7B324}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"HDMI" = Intel® Graphics Media Accelerator Driver
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B2D57D5-8BFD-4554-A9B6-CC8CC0580F1D}" = RealDownloader
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19F1A99A-196F-4D18-BC36-C1DAD6ABCCF3}" = KODAK Share Button App
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{404245D0-E836-4737-9C12-D4D0034540F5}_is1" = Free Countdown Timer 2.2.0
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{806077A4-E0F2-5C60-19EC-E3ACFC88E813}" = KODAK Gallery Upload Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB874}_is1" = TypingMaster TypingTest
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6F5703D-A4B1-4857-9EDD-DC0ABBBB0D96}" = TuneUp Utilities Language Pack (en-US)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C96330FC-3CBE-49D2-8EF7-47EFEA33EE84}" = ReLiSimple
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD350F3A-3620-4185-A5E2-88A6437C8415}" = SlimDrivers
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.22beta
"Accounts and Budget Freeware V6.0_is1" = Accounts and Budget Freeware V6.0
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.4.1
"BWM 2.0 diet manager" = BWM 2.0 diet manager
"com.kodakgallery.AirUploader" = KODAK Gallery Upload Software
"Data Entry Test 2009_is1" = Data Entry Test 2009 Version 5.5.1
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FormatFactory" = FormatFactory 2.96
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Google Chrome" = Google Chrome
"iDailyDiary_is1" = iDailyDiary 3.85.1
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RealPlayer 15.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.94
"The Weather Channel App" = The Weather Channel App
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2011 10:13:43 AM | Computer Name = home1234-PC | Source = System Restore | ID = 8193
Description =

Error - 12/30/2011 10:13:59 AM | Computer Name = home1234-PC | Source = VSS | ID = 13
Description =

Error - 12/30/2011 10:13:59 AM | Computer Name = home1234-PC | Source = VSS | ID = 12292
Description =

Error - 1/1/2012 1:02:44 PM | Computer Name = home1234-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: jscript9.dll, version: 9.0.8112.16440,
time stamp: 0x4eb31a04 Exception code: 0xc0000005 Fault offset: 0x0002c22b Faulting
process id: 0xfa8 Faulting application start time: 0x01ccc886bc2dfa62 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\jscript9.dll Report Id: 6babdeda-349a-11e1-950e-0025118a17d9

Error - 1/1/2012 1:03:45 PM | Computer Name = home1234-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: jscript9.dll, version: 9.0.8112.16440,
time stamp: 0x4eb31a04 Exception code: 0xc0000005 Fault offset: 0x0002c22b Faulting
process id: 0x1200 Faulting application start time: 0x01ccc8a73e80359e Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\jscript9.dll Report Id: 8fe3cb2e-349a-11e1-950e-0025118a17d9

Error - 1/1/2012 5:25:29 PM | Computer Name = home1234-PC | Source = VSS | ID = 13
Description =

Error - 1/1/2012 5:25:29 PM | Computer Name = home1234-PC | Source = VSS | ID = 12292
Description =

Error - 1/4/2012 11:04:50 AM | Computer Name = home1234-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 12.0.6607.1000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13d0 Start
Time: 01cccaf1de29563e Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft
Office\Office12\OUTLOOK.EXE Report Id:

Error - 1/4/2012 6:00:13 PM | Computer Name = home1234-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: Flash11e.ocx, version: 11.1.102.55,
time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x00110def Faulting
process id: 0x8b4 Faulting application start time: 0x01cccaeb10056e62 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Report Id: 79c9167d-371f-11e1-bee4-0025118a17d9

Error - 1/4/2012 9:57:50 PM | Computer Name = home1234-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: cd0 Start
Time: 01cccb4d6321abd0 Termination Time: 50 Application Path: C:\Program Files (x86)\Windows
Media Player\wmplayer.exe Report Id: a81f7242-3740-11e1-bee4-0025118a17d9

[ Media Center Events ]
Error - 10/26/2012 11:27:57 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 11:27:57 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/26/2012 11:28:15 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 11:28:15 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/26/2012 11:28:23 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 11:28:23 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/26/2012 11:28:38 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 11:28:38 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/27/2012 10:21:36 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 10:21:36 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/28/2012 10:14:33 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 10:14:33 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/29/2012 10:12:08 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 10:12:08 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 10/30/2012 10:31:26 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 10:31:25 AM - Error connecting to the internet. 10:31:26 AM - Unable
to contact server..

Error - 10/31/2012 11:00:19 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 11:00:19 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 11/1/2012 10:45:39 AM | Computer Name = home1234-PC | Source = MCUpdate | ID = 0
Description = 10:45:38 AM - Failed to retrieve Directory (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

[ OSession Events ]
Error - 5/31/2012 2:32:34 PM | Computer Name = home1234-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9417
seconds with 780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/3/2012 10:49:59 AM | Computer Name = home1234-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/3/2012 10:49:59 AM | Computer Name = home1234-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/3/2012 10:49:59 AM | Computer Name = home1234-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/3/2012 10:49:59 AM | Computer Name = home1234-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/3/2012 10:49:59 AM | Computer Name = home1234-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/3/2012 10:50:00 AM | Computer Name = home1234-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/3/2012 10:50:00 AM | Computer Name = home1234-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/3/2012 10:50:00 AM | Computer Name = home1234-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/3/2012 10:50:10 AM | Computer Name = home1234-PC | Source = DCOM | ID = 10005
Description =

Error - 11/3/2012 10:50:16 AM | Computer Name = home1234-PC | Source = DCOM | ID = 10005
Description =

[ TuneUp Events ]
Error - 8/15/2011 2:14:27 PM | Computer Name = home1234-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 8/15/2011 2:15:53 PM | Computer Name = home1234-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >






Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
IE NET :: HOME1234-PC [administrator]

Protection: Enabled

11/1/2012 2:40:44 PM
mbam-log-2012-11-01 (14-40-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 415477
Time elapsed: 1 hour(s), 3 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\System32\InstallShield\_isdel.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\_isdel.exe (Trojan.Zbot) -> Quarantined and deleted successfully.

(end)



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/04/2012 at 01:15 AM

Application Version : 5.6.1012

Core Rules Database Version : 9509
Trace Rules Database Version: 7321

Scan type : Complete Scan
Total Scan Time : 00:17:03

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 573
Memory threats detected : 0
Registry items scanned : 71960
Registry threats detected : 0
File items scanned : 17316
File threats detected : 55

Adware.Tracking Cookie
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\TQRB0WZS.txt [ /kaspersky.122.2o7.net ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\PTECFUDQ.txt [ /revsci.net ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\C86YIW4O.txt [ /steelhousemedia.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\31VTVVWB.txt [ /imrworldwide.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\65HLLC7Q.txt [ /apmebf.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\5FSV0LL1.txt [ /ad.yieldmanager.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\ZC9MLG75.txt [ /questionmarket.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\1MYEXA1W.txt [ /interclick.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\EROI85OB.txt [ /invitemedia.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\GI5CKK16.txt [ /ads.pointroll.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\H036C7O4.txt [ /doubleclick.net ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\80AENY8L.txt [ /yieldmanager.net ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\FQ8M0ORQ.txt [ /ads.bridgetrack.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\OJPEB4NW.txt [ /eset.122.2o7.net ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\XRUP0CAM.txt [ /serving-sys.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\KQ1Q961X.txt [ /intermundomedia.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\OG63EKJF.txt [ /c.atdmt.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\HA3P80QB.txt [ /pointroll.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Z900NED8.txt [ /a1.interclick.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\GTILHMKL.txt [ /px.steelhousemedia.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\JI9ID1GE.txt [ /zedo.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\CGY4DIEZ.txt [ /atdmt.com ]
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\2T1VYSPH.txt [ /advertising.com ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\PF8V1RYR.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\8CU2R1PV.txt [ Cookie:ie [email protected]/cgi-bin ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\HRID6H9I.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\6M9P7QDC.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\NGNMPNKK.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\2X5ZZZQK.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\E6LA4ETB.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\DXPCOE0M.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\00VGDRSF.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\EG8VA43E.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\QDM5XWKS.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\S7MR0YPE.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\AppData\Roaming\Microsoft\Windows\Cookies\Low\DI6HXU79.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\TQRB0WZS.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\PTECFUDQ.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\C86YIW4O.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\31VTVVWB.txt [ Cookie:ie [email protected]/cgi-bin ]
C:\USERS\IE NET\Cookies\5FSV0LL1.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\ZC9MLG75.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\1MYEXA1W.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\GI5CKK16.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\H036C7O4.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\80AENY8L.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\OJPEB4NW.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\XRUP0CAM.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\KQ1Q961X.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\OG63EKJF.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\Z900NED8.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\CGY4DIEZ.txt [ Cookie:ie [email protected]/ ]
C:\USERS\IE NET\Cookies\2T1VYSPH.txt [ Cookie:ie [email protected]/ ]

Trace.Known Threat Sources
C:\USERS\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP43PQZG\chunkCAQK312D.js [ cache:safewebnavigate ]
C:\USERS\IE NET\Local Settings\Temporary Internet Files\Content.IE5\OP43PQZG\chunkCAQK312D.js [ cache:safewebnavigate ]
  • 0

#4
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi Diedre,
Let's remove some bad stuff and see where we stand afterwards.
First, I see that you have at least 2 programs that promise to fix or repair your computer -
  • PCPitstop
  • SpeedyPC
These programs are pretty much resigstry "cleaners" or "boosters" and are worthless. At best they will do nothing, and at worst they can break your computer to the point of it not booting. I would stay far away from these.
I notice that you have or had one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • Azureus - might be called Vuze
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
If you do not want to remove them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.

Note:Temporarily disable WinPatrol(so it will not hinder the custom OTL fix below, it will automatically start after the system reboot):-

  • Right click on the WinPatrol system tray icon.
  • Select Exit Program.

Run OTL by right clicking on the icon and selecting Run as administrator
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\CodecCheck\firefox [2011/11/17 17:28:49 | 000,000,000 | ---D | M]
    O3 - HKLM\..\Toolbar: (no name) - {652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - Startup: C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55405276.lnk = C:\Users\IE NET\AppData\Local\Temp\_uninst_55405276.bat ()
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:06C5B98F
    :commands
    [emptytemp]
    [Reboot]
    
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2
Once again,
Temporarily disable WinPatrol(so it will not hinder ADWCleaner below, it will automatically start after the system reboot):-

  • Right click on the WinPatrol system tray icon.
  • Select Exit Program.
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3
I would like you to start Chrome and click on the Chrome Menu Icon on the browser toolbar
Click Tools
Select Extensions
Click on the Trash Can icon by any extensions that say Codec-V
When asked to confirm click on Remove

Step 4
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    CREATERESTOREPOINT
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post the log it produces in your next reply.

In your next reply I would like to see:
  • OTL fix log
  • ADWCleaner log
  • New Custom OTL scan log
  • Did you find the codec-v extension in Chrome?
  • How is the computer running at this point?

Just another note, I will be probably be unavailable for the rest of today, Tuesday, but don't worry, I will be available on Wednesday and for the rest of the week.
  • 0

#5
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Crowbar,

Do you think I don't have a virus but my pc has had things deleted by a "registry cleaner" that shouldn't have been deleted?

Yes I did find the codec-v extension in Chrome and I removed it.

My computer is running the same except I'm using Chrome now instead of IE9 which was freezing so bad I avoid using it except to find my favorites to add to Chrome. Chrome performs better but it too freezes way too much. I had a problem getting Outlook to open today but I eventually got it to open.

The programs you mentioned are pieces of programs I deleted awhile ago. I had Vuze on my pc for about one day before all [bleep] broke loose and I immediately deleted it. I do still have Tuneup Utilities 2013 which has a registry cleaner which I have turned off but haven't deleted yet.

I would like help deleting these.

PCPitstop
SpeedyPC
Azureus - might be called Vuze








OTL Fix Log

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
C:\ProgramData\CodecCheck\firefox\skin folder moved successfully.
C:\ProgramData\CodecCheck\firefox\locale\en-US folder moved successfully.
C:\ProgramData\CodecCheck\firefox\locale folder moved successfully.
C:\ProgramData\CodecCheck\firefox\defaults\preferences folder moved successfully.
C:\ProgramData\CodecCheck\firefox\defaults folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome\content\lib\facebox\Images folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome\content\lib\facebox folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome\content\lib folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome\content folder moved successfully.
C:\ProgramData\CodecCheck\firefox\chrome folder moved successfully.
C:\ProgramData\CodecCheck\firefox folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{652853ad-5592-4231-88c6-706613a52e61} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{652853ad-5592-4231-88c6-706613a52e61}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_55405276.lnk moved successfully.
File C:\Users\IE NET\AppData\Local\Temp\_uninst_55405276.bat not found.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
C:\Windows\Downloaded Program Files\QTPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:06C5B98F deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: BRIAN1221

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: home1234
->Temp folder emptied: 793888540 bytes
->Temporary Internet Files folder emptied: 66496648 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1687 bytes

User: IE NET
->Temp folder emptied: 4829549184 bytes
->Temporary Internet Files folder emptied: 397636055 bytes
->Java cache emptied: 9732831 bytes
->FireFox cache emptied: 77466540 bytes
->Google Chrome cache emptied: 93756655 bytes
->Flash cache emptied: 15232227 bytes

User: Public

User: SingleClick Admin
->Temp folder emptied: 21938601 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11495650 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
RecycleBin emptied: 197556324 bytes

Total Files Cleaned = 6,213.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11062012_181028

Files\Folders moved on Reboot...
C:\Users\IE NET\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YN90F2QQ\follow_button.1351848862[1].htm moved successfully.
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YN90F2QQ\hub[1].htm moved successfully.
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLV53F38\msn_com[2].htm moved successfully.
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BLV53F38\sck[1].htm moved successfully.
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5SFITLJL\hub[1].htm moved successfully.
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3WMYVG2H\142[1].htm moved successfully.
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3WMYVG2H\7407185e[1].htm moved successfully.
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3WMYVG2H\like[2].htm moved successfully.
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3WMYVG2H\sck[2].htm moved successfully.
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3WMYVG2H\xd_arbiter[5].htm moved successfully.
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



ADWCleaner Log

# AdwCleaner v2.007 - Logfile created 11/07/2012 at 13:38:03
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : IE NET - HOME1234-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\IE NET\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\AGI
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Smartdl
Folder Deleted : C:\ProgramData\AGI
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\IE NET\AppData\Local\Conduit
Folder Deleted : C:\Users\IE NET\AppData\LocalLow\AGI
Folder Deleted : C:\Users\IE NET\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\IE NET\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\IE NET\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\IE NET\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\bflixtoolbar
Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default-1352143406514 [Profil par défaut]
File : C:\Users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\6t79x38f.default-1352143406514\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5722 octets] - [04/11/2012 13:09:59]
AdwCleaner[R2].txt - [5782 octets] - [04/11/2012 13:16:00]
AdwCleaner[R3].txt - [5518 octets] - [07/11/2012 13:34:38]
AdwCleaner[R4].txt - [5578 octets] - [07/11/2012 13:37:25]
AdwCleaner[R5].txt - [5638 octets] - [07/11/2012 13:37:37]
AdwCleaner[S1].txt - [5433 octets] - [07/11/2012 13:38:03]

########## EOF - C:\AdwCleaner[S1].txt - [5493 octets] ##########


New Custom OTL scan log


OTL logfile created on: 11/7/2012 1:46:27 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\IE NET\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 79.59% Memory free
5.98 Gb Paging File | 5.39 Gb Available in Paging File | 90.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 65.46 Gb Free Space | 43.95% Space Free | Partition Type: NTFS

Computer Name: HOME1234-PC | User Name: IE NET | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/03 13:59:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IE NET\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/19 05:10:54 | 000,037,216 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/04/14 18:01:46 | 001,052,328 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxeecoms.exe -- (lxee_device)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/04/20 11:24:32 | 000,566,704 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxblcoms.exe -- (lxbl_device)
SRV - [2012/11/05 22:38:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/31 09:11:57 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012/10/24 12:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/19 05:10:58 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/09/19 05:10:54 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/23 11:31:06 | 000,031,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/20 11:24:20 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxblcoms.exe -- (lxbl_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/07 13:24:29 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/11/02 16:20:05 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\55405276.sys -- (55405276)
DRV:64bit: - [2012/10/31 09:15:59 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/08/17 04:13:21 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\43119978.sys -- (43119978)
DRV:64bit: - [2011/08/16 00:13:38 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\92998438.sys -- (92998438)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/07 15:40:06 | 000,716,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/01/03 03:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/01/03 03:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/01/03 03:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2010/12/21 00:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/08/18 08:53:38 | 000,038,768 | ---- | M] (IMFirewall Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\imnpf.sys -- (IMNPF)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/06/30 00:10:58 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/12/26 02:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)
DRV - [2012/08/29 15:42:28 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {194A21F1-2142-45A7-8A4D-3C0B1A2B4043}
IE - HKCU\..\SearchScopes\{194A21F1-2142-45A7-8A4D-3C0B1A2B4043}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.1.0: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.1.0: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/11/01 00:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/11/01 00:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/11/01 00:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/01 00:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/11/02 20:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/11/02 20:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/11/04 16:27:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/02 17:18:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/02 17:59:02 | 000,000,000 | ---D | M]

[2012/11/02 17:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IE NET\AppData\Roaming\Mozilla\Extensions
[2012/07/19 18:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/07/19 18:44:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/05/09 18:11:03 | 000,086,818 | ---- | M] () (No name found) -- C:\Users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2012/11/02 17:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Disabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: YouTube = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Web Video Downloader = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\clfhanhcjmgjnbpjfopldmnabimhmcmp\3.0.0.0_0\
CHR - Extension: Google Search = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Kaspersky URL Advisor = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtual Keyboard = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: FVD Video Downloader = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\1.3.9_0\
CHR - Extension: Cath Kidston = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm\3_1\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [iDailyDiary] C:\iDailyDiary\iDD.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\IE NET\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7620\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32846F85-BE5C-4C81-B282-A4FAB250FF8F}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5837953-A1AE-4CDC-BDB3-26E6A8C8906C}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dd4aea0d-2efc-11e1-90b6-0025118a17d9}\Shell - "" = AutoRun
O33 - MountPoints2\{dd4aea0d-2efc-11e1-90b6-0025118a17d9}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2012/11/06 23:47:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/11/06 18:10:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/06 06:34:55 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/11/05 14:23:32 | 000,000,000 | ---D | C] -- C:\Users\IE NET\Desktop\Old Firefox Data
[2012/11/04 16:30:17 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\DDMSettings
[2012/11/03 13:59:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\IE NET\Desktop\OTL.exe
[2012/11/03 12:55:51 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\QuickScan
[2012/11/02 17:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/11/02 17:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/11/02 17:39:25 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\Macromedia
[2012/11/02 17:18:56 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\Mozilla
[2012/11/02 17:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/02 17:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/02 17:18:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/11/02 13:16:08 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\WinPatrol
[2012/11/02 13:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/11/02 13:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2012/11/02 13:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/11/02 13:11:59 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/11/02 09:33:51 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\55405276.sys
[2012/11/01 22:19:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%Report%
[2012/11/01 16:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/01 13:31:06 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\Malwarebytes
[2012/11/01 13:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/01 13:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/01 13:29:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/01 13:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/01 10:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/31 23:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2012/10/31 23:12:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2012/10/31 23:12:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/10/31 22:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/10/31 20:47:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/10/31 18:30:35 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\SUPERAntiSpyware.com
[2012/10/31 18:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/10/31 18:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/10/31 17:16:30 | 000,000,000 | ---D | C] -- C:\Users\IE NET\Documents\SRM
[2012/10/31 15:30:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/10/31 15:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2012/10/31 15:15:27 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\SlimWare Utilities Inc
[2012/10/30 22:32:28 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\GetRightToGo
[2012/10/30 16:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/10/30 16:43:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/10/30 13:54:26 | 000,000,000 | ---D | C] -- C:\ldiag
[2012/10/30 13:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2012/10/30 13:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo
[2012/10/30 13:37:43 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\LSC
[2012/10/30 13:28:27 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Roaming\LSC
[2012/10/30 13:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2012/10/30 11:49:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2012/10/29 21:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/10/29 19:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/10/27 09:45:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/26 15:11:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP
[2012/10/25 21:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2012/10/25 18:49:09 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2012/10/20 14:53:37 | 207,326,032 | ---- | C] (Kaspersky Lab) -- C:\Users\IE NET\Desktop\KasperskyPURE12.0.1.288en-US-FB.exe
[2012/10/11 09:17:13 | 000,000,000 | ---D | C] -- C:\Users\IE NET\AppData\Local\CrashRpt
[2012/10/11 09:11:20 | 000,000,000 | ---D | C] -- C:\Users\IE NET\Documents\Smile
[2012/10/11 09:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webshots
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/07 13:39:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/07 13:33:18 | 000,541,569 | ---- | M] () -- C:\Users\IE NET\Desktop\AdwCleaner.exe
[2012/11/07 13:26:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/07 13:24:56 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/11/07 13:24:29 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/11/07 13:24:23 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/07 13:16:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/07 12:16:18 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/07 12:16:18 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/06 21:54:53 | 738,812,910 | ---- | M] () -- C:\Users\IE NET\Desktop\Total_Recall_2012___XviD-HELLRAZ0R.avi
[2012/11/06 20:53:47 | 000,880,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/06 20:53:47 | 000,734,266 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/06 20:53:47 | 000,146,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/06 14:11:39 | 000,056,016 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2012/11/06 13:14:37 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012/11/06 00:01:49 | 000,840,470 | ---- | M] () -- C:\Users\IE NET\AppData\Local\census.cache
[2012/11/06 00:01:40 | 000,109,482 | ---- | M] () -- C:\Users\IE NET\AppData\Local\ars.cache
[2012/11/05 23:53:55 | 000,000,036 | ---- | M] () -- C:\Users\IE NET\AppData\Local\housecall.guid.cache
[2012/11/04 20:09:35 | 000,001,140 | ---- | M] () -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2012/11/03 13:59:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\IE NET\Desktop\OTL.exe
[2012/11/02 16:20:05 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\55405276.sys
[2012/11/01 22:31:59 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3423992899-3802321084-3640386065-1004.job
[2012/11/01 22:18:56 | 000,415,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/01 21:32:21 | 000,000,017 | ---- | M] () -- C:\Users\IE NET\AppData\Local\resmon.resmoncfg
[2012/10/31 09:15:59 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/10/27 16:34:01 | 000,020,592 | ---- | M] () -- C:\bootsqm.dat
[2012/10/25 15:39:04 | 000,011,776 | ---- | M] () -- C:\Users\IE NET\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/20 14:59:36 | 207,326,032 | ---- | M] (Kaspersky Lab) -- C:\Users\IE NET\Desktop\KasperskyPURE12.0.1.288en-US-FB.exe
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[14 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/07 13:33:07 | 000,541,569 | ---- | C] () -- C:\Users\IE NET\Desktop\AdwCleaner.exe
[2012/11/06 22:00:02 | 738,812,910 | ---- | C] () -- C:\Users\IE NET\Desktop\Total_Recall_2012___XviD-HELLRAZ0R.avi
[2012/11/06 14:11:39 | 000,056,016 | ---- | C] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2012/11/06 00:01:49 | 000,840,470 | ---- | C] () -- C:\Users\IE NET\AppData\Local\census.cache
[2012/11/06 00:01:40 | 000,109,482 | ---- | C] () -- C:\Users\IE NET\AppData\Local\ars.cache
[2012/11/05 23:53:55 | 000,000,036 | ---- | C] () -- C:\Users\IE NET\AppData\Local\housecall.guid.cache
[2012/11/02 17:32:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/02 17:18:37 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/11/01 22:26:55 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3423992899-3802321084-3640386065-1004.job
[2012/11/01 22:18:45 | 000,415,208 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/01 21:32:21 | 000,000,017 | ---- | C] () -- C:\Users\IE NET\AppData\Local\resmon.resmoncfg
[2012/11/01 10:11:10 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012/10/31 23:13:10 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2012/10/31 23:12:55 | 000,015,712 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2012/10/27 16:34:01 | 000,020,592 | ---- | C] () -- C:\bootsqm.dat
[2012/10/25 18:49:54 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/10/24 15:11:15 | 000,001,140 | ---- | C] () -- C:\Users\IE NET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2012/10/24 15:11:15 | 000,001,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webshots Desktop.lnk
[2012/05/09 18:12:06 | 000,000,125 | ---- | C] () -- C:\Windows\wininit.ini
[2012/01/23 12:57:54 | 000,060,304 | ---- | C] () -- C:\Users\IE NET\g2mdlhlpx.exe
[2011/09/06 21:12:22 | 000,017,408 | ---- | C] () -- C:\Users\IE NET\AppData\Local\WebpageIcons.db
[2011/08/06 12:32:52 | 000,011,776 | ---- | C] () -- C:\Users\IE NET\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/14 13:04:00 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblinpa.dll
[2011/05/14 13:04:00 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxblcomx.dll
[2011/05/14 13:04:00 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBLinst.dll
[2011/05/14 13:03:59 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblpmui.dll
[2011/05/14 13:03:59 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbliesc.dll
[2011/05/14 13:03:57 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblusb1.dll
[2011/05/14 13:03:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblserv.dll
[2011/05/14 13:03:56 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblppls.exe
[2011/05/14 13:03:56 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblprox.dll
[2011/05/14 13:03:55 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbllmpm.dll
[2011/05/14 13:03:55 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblih.exe
[2011/05/14 13:03:55 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblpplc.dll
[2011/05/14 13:03:54 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblhbn3.dll
[2011/05/14 13:03:53 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcomc.dll
[2011/05/14 13:03:53 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcoms.exe
[2011/05/14 13:03:53 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcomm.dll
[2011/05/14 13:03:52 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcfg.exe
[2011/04/30 21:01:41 | 000,001,481 | ---- | C] () -- C:\Users\IE NET\.recently-used.xbel
[2011/03/30 11:28:26 | 000,874,552 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/22 19:09:24 | 000,000,114 | -H-- | C] () -- C:\Users\IE NET\AppData\Local\tokdet56.dat
[2011/03/13 18:55:40 | 000,000,632 | RHS- | C] () -- C:\Users\IE NET\ntuser.pol
[2011/03/07 15:40:34 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe
[2011/03/07 15:40:33 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/11/19 11:50:04 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\.jbwmdesktop
[2011/08/22 14:53:47 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\AlauxSoft
[2012/04/14 22:51:31 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\AnvSoft
[2011/10/18 15:52:52 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\Azureus
[2011/11/19 11:50:19 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\bwm
[2011/12/25 13:28:35 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\com.kodakgallery.AirUploader
[2011/11/20 15:58:19 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\DriverCure
[2012/07/19 18:44:57 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\DVDVideoSoft
[2012/07/19 18:44:44 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/11/27 18:31:44 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\FreeFileViewer
[2012/04/14 14:54:47 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\GetGo Software
[2012/10/30 22:43:57 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\GetRightToGo
[2011/10/18 15:52:52 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\gtk-2.0
[2012/10/30 13:28:27 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\LSC
[2011/08/30 10:53:32 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\MechCAD
[2012/11/03 12:55:56 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\QuickScan
[2011/05/01 18:59:15 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\ReliSimple
[2012/10/31 20:58:30 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\SanDisk
[2011/12/25 13:48:50 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\Skinux
[2011/11/20 15:58:19 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\SpeedyPC Software
[2012/11/05 18:04:35 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\Spotify
[2012/10/07 23:08:47 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\TuneUp Software
[2012/10/24 15:11:22 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\Webshots
[2012/11/02 13:17:53 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\WinPatrol
[2012/07/13 11:07:40 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\WinZip
[2012/06/03 12:44:34 | 000,000,000 | -HSD | M] -- C:\Users\IE NET\AppData\Roaming\wyUpdate AU
[2012/07/14 12:15:11 | 000,000,000 | ---D | M] -- C:\Users\IE NET\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 08:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 08:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/02 00:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/01 23:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 08:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 08:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 08:27:22 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 08:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 08:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 08:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 08:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 08:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 08:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 08:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 08:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 08:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 08:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 08:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 08:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/07/27 15:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.HTML >
[2008/04/16 11:29:04 | 000,004,166 | ---- | M] () MD5=DB0CABD236311DDEB186C9B8A13F39A6 -- C:\Program Files (x86)\BillP Studios\WinPatrol\services.html

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.TICO >
[2009/09/25 13:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files (x86)\TuneUp Utilities 2013\data\services.tico

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< End of report >
  • 0

#6
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi Diedra,
You had an infection called Zbot, or Zeus. This one likes to try and steal your online banking info. I recommend that you go to a clean computer and change your passwords to any financial sites that you use, as a precaution.
Some of your issues might be from using registry cleaners, and I will check for that once I am sure we removed all the adware and malware from your computer. :)
As for the Tuneup utility that you have, I would not use it myself. I recommend using a program we have available here called TFC that can delete your temporary files without touching your registry. Best thing about it is that it's free, but the author does accept donations.
I will remove the traces of these 3 programs that you have uninstalled:
PCPitstop
SpeedyPC
Azureus - might be called Vuze
and feel free to remove tuneup utilities if you want to, but at very least, don't use it's registry "cleaning" feature.

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.

Temporarily disable WinPatrol(so it will not hinder the custom OTL fix below, it will automatically start after the system reboot):-

  • Right click on the WinPatrol system tray icon.
  • Select Exit Program.

Run OTL by right clicking on the icon and selecting Run as administrator
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :files
    C:\Users\IE NET\AppData\Roaming\Azureus
    C:\ProgramData\PCPitstop
    C:\Users\IE NET\AppData\Roaming\DriverCure
    C:\Users\IE NET\AppData\Roaming\SpeedyPC Software
    
  • Then click the Run Fix button at the top
  • Post the log it produces in your next reply.

Step 2
Jotti File Submission:
  • Please go to Jotti's malware scan
  • Double click the box next to file to scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\Users\IE NET\AppData\Local\tokdet56.dat
  • Click on the submit file button
  • Please post the results in your next reply.

Step 3
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 4
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 5
Is Internet Explorer still freezing up? If so, please start it up without add-ons.
Here is how to do that --
Click the Start Orb
Click on All Programs
Click on Accessories
Click on System Tools
Click on Internet Explorer (No Add-ons)
Surf around to your usual places and see if it misbehaves at all.

In your next reply I would like to see:
  • OTL fix log
  • Jotti virus scan info
  • RogueKiller log
  • FSS.txt farbar's service scan log
  • Results of internet explorer without add-ons

  • 0

#7
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Crowbar,

The OTL fix log is saying not found because the first log I received I didn't save it in notepad to the desktop so the RSS log replaced it so I got another log.

I did turn off add ons and I opened IE9 but I want to send this post before Chrome and/or IE9 has a chance to crash and I have to assemble this post again. I have turned off add ons a couple of times and reset IE9 a couple of times and it still locks up. I have been getting a lot of shock wave flash errors and a java error. Since my malware issue started, I have been getting an error that one of my USB Composite Devices is having an identity crisis and is now an Unknown Device and says it has an updated driver.

I did run MBAM last night and it found Heuristics.Reserved.Word.Exploit in C:\Users\IE NET\AppData\Local\Temp\services.exe.mui and it is now in quarantine.


OTL fix log

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder C:\Users\IE NET\AppData\Roaming\Azureus not found.
File\Folder C:\ProgramData\PCPitstop not found.
File\Folder C:\Users\IE NET\AppData\Roaming\DriverCure not found.
File\Folder C:\Users\IE NET\AppData\Roaming\SpeedyPC Software not found.

OTL by OldTimer - Version 3.2.69.0 log created on 11092012_114111


 Jotti virus scan info


Jotti's malware scan
Filename: tokdet56.dat
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Fri 9 Nov 2012 17:20:28 (CET) Permalink

Additional info
File size: 114 bytes
Filetype: Hitachi SH big-endian COFF object, not stripped
MD5: b8a73c837915df08879e80b6e3c61414
SHA1: bf43ad9264e85e4af7850e4b7f0a980ccc8792f7




Scanners

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-08 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing

2012-11-09 Found nothing


 
RogueKiller log


RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : IE NET [Admin rights]
Mode : Scan -- Date : 11/09/2012 11:29:48

¤¤¤ Bad processes : 1 ¤¤¤

¤¤¤ Registry Entries : 78 ¤¤¤
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\43119978 (C:\Windows\system32\DRIVERS\43119978.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\55405276 (C:\Windows\system32\DRIVERS\55405276.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\92998438 (C:\Windows\system32\DRIVERS\92998438.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\43119978 (C:\Windows\system32\DRIVERS\43119978.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\55405276 (C:\Windows\system32\DRIVERS\55405276.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\92998438 (C:\Windows\system32\DRIVERS\92998438.sys) -> FOUND
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4729 : wscript.exe C:\Users\IENET~1\AppData\Local\Temp\launchie.vbs //B -> FOUND
[TASK][SUSP PATH] {021CDEEF-B76B-4DFC-A068-D6CF4D63398F} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {06015A05-83E4-4928-A4DE-D9AAAB72F731} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {07F0D53F-7BCB-4E15-B56A-6A8590C6DADB} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {0C9A65B0-1124-4317-97A4-CFD8FD47F968} : C:\Users\IE NET\Desktop\New folder\Lexmark\cjsZ700-P700EN.exe -> FOUND
[TASK][SUSP PATH] {1C053976-B1EA-4C2D-BC4C-8E00B21759BE} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {1EE2DE7C-A51F-4E51-B827-1408A0E0E122} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {25E5AC66-42A2-4D7F-81C6-097DF444657B} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {28C973B3-B165-44C3-8A27-6E4C1A89DD73} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {2E314F30-CED6-415B-B595-6D8A71C85F8B} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {39379AA5-ED78-4E93-8F4C-348F28EAF623} : C:\Users\IE NET\Desktop\New folder\Lexmark\cjsZ700-P700EN.exe -> FOUND
[TASK][SUSP PATH] {395A75B8-0603-4003-A2DF-4FB069F85596} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {3E66A25C-1CAD-447F-AC4D-7B1680B217A5} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {40EEABAA-34DF-4F20-933D-039C762B1A25} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {45875D26-CEDF-4A38-B7DF-93142A59F1EA} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {4961D8AB-FE17-4F9E-B94E-78628A5DF6EA} : C:\Users\IE NET\Desktop\New folder\Taxes\Home Cooking\homecook.exe -> FOUND
[TASK][SUSP PATH] {4DD44378-D66F-41C0-8519-BC7DDADA9364} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {512B705F-2FD6-4FFA-87AD-2BE31A464045} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {5663D31C-D2F6-4858-8D6A-D7AA9C6AD760} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {5822A566-1507-4D8C-A49E-1EAC098A9149} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {59E8DBE5-2184-4742-9F65-DAB0B74423A8} : C:\Users\IE NET\Desktop\New folder\Taxes\Home Cooking\homecook.exe -> FOUND
[TASK][SUSP PATH] {5B57B312-CEDB-404C-8AD0-D66129CC77A8} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {5EDBD31F-99F3-46F5-BCB3-CA5920529EE0} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {6053A2C9-7DE2-4D71-8DCF-FE944D0F0CE5} : C:\Users\IE NET\Desktop\New folder\Lexmark\CJB700EN.exe -> FOUND
[TASK][SUSP PATH] {62AAAA57-B8B4-4066-97FD-51A91504D69F} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {663DD190-E4F2-4CC2-86AF-F146FC9BCED7} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {6EC2C846-70E3-4088-8290-FD664E221721} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {7036DE31-BB7F-428B-AF90-E312BD17EF31} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {743032AA-1CE9-4089-8B6E-42FB7B440635} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {748EB940-E289-4DE4-94F5-B64BCD8AC0AE} : C:\Users\IE NET\Desktop\New folder\Lexmark\CJB700EN.exe -> FOUND
[TASK][SUSP PATH] {769A16EF-1AFE-415E-B226-58E293CFB88A} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {7756E7A1-3C10-4332-ADBE-907D63BDB4DA} : C:\Users\IE NET\Desktop\New folder\Lexmark\cjsZ700-P700EN.exe -> FOUND
[TASK][SUSP PATH] {7995083E-F12B-4E66-AA6E-5D0F4670EA3E} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {7B8A3A50-65C4-4782-B8DF-35BB4FF3A9E9} : C:\Users\IE NET\Desktop\New folder\Lexmark\cjsZ700-P700EN_Vista 64.exe -> FOUND
[TASK][SUSP PATH] {7D793715-A3AE-4CB1-8E34-835D78EF56B6} : C:\Users\IE NET\Desktop\New folder\Taxes\Home Cooking\homecook.exe -> FOUND
[TASK][SUSP PATH] {7FF68868-882B-429E-8BFF-21291F396DE4} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {85ECEAED-74D6-4A63-BAD3-A234CCFEEB94} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {8B194ED2-BE5E-4685-A69D-63FB60A6A138} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {8DDAE179-8FF4-4F85-9A6B-D3652B3EC909} : C:\Users\IE NET\Desktop\New folder\Taxes\Home Cooking\homecook.exe -> FOUND
[TASK][SUSP PATH] {96536BF7-66A5-4BA9-9F94-9E4301BFE4C8} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {99838A12-B1CA-405A-8D8B-4FC8EB6FDC20} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {9BC36FB5-E0DA-4833-B69A-493507CBAFD9} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {9D12AF1E-3401-4519-9B9F-2F10BE0262E3} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {A1C8A04F-0283-4025-BE16-B302C70ADA19} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {A479C45E-C365-46D1-AA23-D6B81A31D106} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {A8B924D5-5F9F-4010-B61C-2F61AB47C8D0} : C:\Users\IE NET\Desktop\New folder\Lexmark\CJB700EN.exe -> FOUND
[TASK][SUSP PATH] {AE85570B-589B-42FB-B34B-2DC94AD87433} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {B34DA68C-A3BB-475D-AFBD-4AB147533F95} : C:\Users\IE NET\Desktop\New folder\Lexmark\CJB700EN.exe -> FOUND
[TASK][SUSP PATH] {B46F15DA-05BD-4365-ADF1-D9537121B863} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {B9F733CB-3262-4D2C-92FC-D3B66427DB56} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {BBCB5C8F-93D5-4D1C-8152-773E5A4C3154} : C:\Users\IE NET\Desktop\New folder\Lexmark\CJB700EN.exe -> FOUND
[TASK][SUSP PATH] {BBD4B6D1-EAF9-4BE0-89F3-B5A58689E62B} : C:\Users\IE NET\Desktop\New folder\Taxes\Home Cooking\homecook.exe -> FOUND
[TASK][SUSP PATH] {C8B208CA-0BF6-426C-BBBD-EB60DD8EA1C5} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {CA7B274E-2E42-4FFA-8FFF-94BCB7909D86} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {CCE46F26-A88C-4D2A-835D-AB125E82FAB2} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {CF1A4EBA-DC3A-45DA-8EDD-D31B4A4505A8} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {D2882FBF-A608-4E7B-8097-A7C6BDF75982} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {DC34D188-733A-4F92-8587-5406C9DF075B} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {DD03EB98-7008-46C0-A9A7-C5427B374079} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {E2EB3B30-5D13-4BD3-B1DD-D60627F71181} : C:\Users\IE NET\Desktop\New folder\Lexmark\cjsZ700-P700EN_Vista 64.exe -> FOUND
[TASK][SUSP PATH] {EB0ACF28-01FC-4126-B30A-A05D9089915F} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {EC0B0C06-F93F-4810-BA5F-680638358256} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {F5695BCC-C576-46DF-89E1-0FDF6FEA6C43} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {F5DBCD6C-69E7-4EEF-8D12-BDCC970A40EA} : C:\Users\IE NET\Desktop\New folder\Taxes\Home Cooking\homecook.exe -> FOUND
[TASK][SUSP PATH] {F9B3C311-4B38-4DEE-A6A5-F3B00F4515E0} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[TASK][SUSP PATH] {FBCDF4DC-38CF-4CBE-81C5-4C1ADA7B2A69} : C:\Users\IE NET\Desktop\New folder\Taxes\Home Cooking\homecook.exe -> FOUND
[TASK][SUSP PATH] {FE0B99C3-669C-4F70-9B64-2799238BDF41} : C:\Users\IE NET\Desktop\New folder\Home Cook\homecook.exe -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{32846F85-BE5C-4C81-B282-A4FAB250FF8F} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{32846F85-BE5C-4C81-B282-A4FAB250FF8F} : NameServer (8.26.56.26,156.154.70.22) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD1600AAJS-22PSA0 ATA Device +++++
--- User ---
[MBR] 52bd972fb795fadf734056a3d6be6d6d
[BSP] 0c9aac1b823400b1a75d30acac1ca8d0 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11092012_02d1129.txt >>
RKreport[1]_S_11092012_02d1129.txt



FSS.txt farbar's service scan log

Farbar Service Scanner Version: 09-11-2012
Ran by IE NET (administrator) on 09-11-2012 at 11:33:04
Running from "C:\Users\IE NET\Downloads"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#8
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi Diedre,
First thing, when you download any of the tools I am directing you towards, you have to download them to your desktop please :) . When asked to either save or run, do not select run, as that option will just download the tool into one of your temporary internet files folder. With IE 9 you will see a yellow box on the bottom of your browser, and from there you can pull down the Save button and choose Save As. This will let you choose to save the file to your desktop.
With chrome, you will see a box appear on the bottom of your browser after you click to download. There is a little pulldown icon on the right side of that box, click on it you will see an option to Show in Folder. You can select that option, the downloads folder will open and then you can copy and paste the tool to your desktop.

Step 1
Malwarebytes might be flagging that file services.exe.mui as a false positive, so I would like you to restore it from quarrentine and then submit it to the online virus scan site as you did with the other file.
Please start MalwareBytes, go to the Quarantine tab, hightlight the file services.exe.mui and click on the restore button.
Then --
Jotti File Submission:
  • Please go to Jotti's malware scan
  • Double click the box next to file to scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\Windows\SysNative\en-US\services.exe.mui
  • Click on the submit file button
  • Please post the results in your next reply.

Step 2
Please download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

4. If necessary, re enable your Anti-Virus program

Step 3

Let's try to uninstall your Flash player, and Java, as I think those 2 issues are causing the problems with your browser
Download the Flash Uninstaller to your desktop.
Exit all browsers and other programs that use Flash
The uninstaller does not work if any programs that use Flash are running on your computer.
Look at the icons in the system tray for programs that run in the background. Examples include AOL Instant Messenger, Yahoo! Messenger, and games that use Flash (any file with a name that ends in .swf). If you see such an icon, right-click the icon and click Exit, if you are unsure if it uses flash, you can still close the program anyway.
Double-click the icon of the uninstaller that downloaded to your computer.
Follow the prompts. If you see the message "Do you want to allow the following program to make changes to this computer?," click Yes, or Continue.

After the uninstaller has run you will need to delete Flash player files and folders.
Click on the Start Orb and paste the following into the search box

C:\Windows\system32\Macromed\Flash

Delete all the files in that folder
Now paste this into the search box

C:\Windows\SysWOW64\Macromed\Flash

Delete all the files in there as well.
Next paste this into the search box:

%appdata%\Adobe\Flash Player

Delete all the files in there as well.
and finally paste this into the search box

%appdata%\Macromedia\Flash Player

and delete all the files in there.

Restart your computer, then go to this web page to check the status of the Flash player
You should not see the flash movie, so follow the instructions to in step 4 on that page.

Step 4
Uninstall Java -
Click on the Start Orb
Click on Control Panel
Click on Uninstall a Program
Select each version of Java you see in there and uninstall all of them.
Now go to this web page and download the Windows Offline (32-bit) link. Save that file to your desktop and double click it to start the installation.
After it installs you can verify that it is working properly by visiting this web page

In your next reply I would like to see:
  • Results from Jotti virus scan
  • Combofix log file
  • Are your browsers behaving now after re-installing Flash and Java?

  • 0

#9
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Step 1-Done

Services.exe.mui wasn't located in
C:\Windows\SysNative\en-US\services.exe.mui, it was located in C:\Users\IE NET\AppData\Local\Temp\services.exe.mui



Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.
________________________________________
Filename: services.exe.mui
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Wed 11 Jul 2012 10:27:24 (CET) Permalink


________________________________________
Additional info
File size: 17408 bytes
Filetype: PE32+ executable for MS Windows (DLL) (GUI)
MD5: 6507bf0dc2d1f5f32493c288eaa59277
SHA1: 6acbfc90f392748bdde10ce76a0176f8fa0523d3
Scanners
2012-07-11 Found nothing 2012-07-11 Found nothing
Scanner unavailable 2012-07-11 Found nothing
2012-07-10 Found nothing 2012-07-11 Found nothing
2012-07-11 Found nothing 2012-07-11 Found nothing
2012-07-11 Found nothing 2012-07-10 Found nothing
2012-07-10 Found nothing 2012-07-11 Found nothing
2012-07-11 Found nothing 2012-07-06 Found nothing
2012-07-11 Found nothing 2012-07-10 Found nothing
2012-07-10 Found nothing 2012-07-10 Found nothing
2012-07-10 Found nothing



Step 2-Done

ComboFix 12-11-10.01 - IE NET 11/11/2012 14:34:59.1.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.2066 [GMT -5:00]
Running from: c:\users\IE NET\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL1C49.tmp
c:\programdata\SPL3284.tmp
c:\programdata\SPL3892.tmp
c:\programdata\SPL5366.tmp
c:\programdata\SPL6614.tmp
c:\programdata\SPL6B83.tmp
c:\programdata\SPL6C7A.tmp
c:\programdata\SPL7BF3.tmp
c:\programdata\SPL8A46.tmp
c:\programdata\SPLB3E9.tmp
c:\programdata\SPLDA0F.tmp
c:\programdata\SPLE449.tmp
c:\programdata\SPLE551.tmp
c:\programdata\SPLFA67.tmp
c:\users\IE NET\AppData\Roaming\Microsoft\Windows\Recent\desktop_29506278.ico
c:\users\IE NET\g2mdlhlpx.exe
c:\windows\SysWow64\Packet.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-10-11 to 2012-11-11 )))))))))))))))))))))))))))))))
.
.
2012-11-11 19:40 . 2012-11-11 19:40 -------- d-----w- c:\users\SingleClick Admin\AppData\Local\temp
2012-11-11 19:40 . 2012-11-11 19:40 -------- d-----w- c:\users\home1234\AppData\Local\temp
2012-11-10 22:22 . 2012-11-10 22:22 -------- d-----w- c:\program files (x86)\RealNetworks
2012-11-10 22:19 . 2012-11-10 22:19 -------- d-----w- c:\programdata\RealNetworks
2012-11-10 21:51 . 2012-11-10 21:51 -------- d-----w- c:\users\IE NET\AppData\Local\DDMSettings
2012-11-10 21:13 . 2012-11-10 21:40 -------- d--h--w- c:\windows\AxInstSV
2012-11-10 17:54 . 2012-11-10 18:01 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-11-09 15:02 . 2012-11-09 15:02 -------- d-----w- c:\users\IE NET\AppData\Roaming\f-secure
2012-11-09 15:01 . 2012-11-09 15:01 -------- d-----w- c:\programdata\F-Secure
2012-11-09 14:44 . 2012-11-09 14:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-09 14:43 . 2012-11-09 14:43 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-08 22:32 . 2012-11-08 22:32 -------- d-----w- c:\program files\Defraggler
2012-11-08 03:04 . 2012-11-10 02:44 -------- d-----w- C:\found.000
2012-11-07 04:47 . 2012-11-07 04:47 -------- d-----w- c:\windows\SysWow64\Adobe
2012-11-06 23:10 . 2012-11-06 23:10 -------- dc----w- C:\_OTL
2012-11-06 19:11 . 2012-11-06 19:11 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-11-06 11:34 . 2012-11-06 16:49 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-11-03 17:55 . 2012-11-09 20:57 -------- d-----w- c:\users\IE NET\AppData\Roaming\QuickScan
2012-11-02 22:57 . 2012-11-10 21:25 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-11-02 22:39 . 2012-11-02 22:39 -------- d-----w- c:\users\IE NET\AppData\Local\Macromedia
2012-11-02 22:18 . 2012-11-02 22:18 -------- d-----w- c:\users\IE NET\AppData\Local\Mozilla
2012-11-02 22:18 . 2012-11-02 22:18 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-02 18:16 . 2012-11-02 18:17 -------- d-----w- c:\users\IE NET\AppData\Roaming\WinPatrol
2012-11-02 18:15 . 2012-11-02 18:15 -------- d-----w- c:\program files (x86)\BillP Studios
2012-11-02 18:11 . 2012-11-02 18:11 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-11-02 14:33 . 2012-11-02 21:20 460888 ----a-w- c:\windows\system32\drivers\55405276.sys
2012-11-02 03:19 . 2012-11-02 03:19 -------- d-----w- c:\windows\SysWow64\%Report%
2012-11-01 18:31 . 2012-11-01 18:31 -------- d-----w- c:\users\IE NET\AppData\Roaming\Malwarebytes
2012-11-01 18:29 . 2012-11-01 18:29 -------- d-----w- c:\programdata\Malwarebytes
2012-11-01 18:29 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-01 18:29 . 2012-11-01 18:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-01 15:06 . 2012-11-01 15:06 -------- d-----w- c:\program files (x86)\ESET
2012-11-01 13:50 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31C186DC-CA03-4FE2-9CB8-E1592243AB1A}\mpengine.dll
2012-11-01 04:12 . 2012-11-11 18:39 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-11-01 04:12 . 2012-11-01 04:12 -------- d-----w- c:\program files (x86)\SlimDrivers
2012-10-31 23:30 . 2012-10-31 23:30 -------- d-----w- c:\users\IE NET\AppData\Roaming\SUPERAntiSpyware.com
2012-10-31 23:30 . 2012-11-05 20:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-31 23:30 . 2012-10-31 23:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-31 20:30 . 2012-10-31 20:30 -------- d-----w- c:\program files (x86)\Realtek
2012-10-31 20:18 . 2012-10-31 20:18 -------- d-----w- c:\program files (x86)\Marvell
2012-10-31 20:15 . 2012-10-31 20:15 -------- d-----w- c:\users\IE NET\AppData\Local\SlimWare Utilities Inc
2012-10-31 03:32 . 2012-10-31 03:43 -------- d-----w- c:\users\IE NET\AppData\Roaming\GetRightToGo
2012-10-30 21:44 . 2012-10-30 21:44 -------- d-----w- c:\program files\Realtek
2012-10-30 21:43 . 2012-10-31 20:41 -------- d--h--w- c:\program files (x86)\Temp
2012-10-30 18:54 . 2012-10-30 18:54 -------- dc----w- C:\ldiag
2012-10-30 18:41 . 2012-11-01 05:16 -------- d-----w- c:\program files (x86)\Lenovo
2012-10-30 18:41 . 2012-10-30 18:41 -------- d-----w- c:\programdata\Lenovo
2012-10-30 18:37 . 2012-10-30 18:38 -------- d-----w- c:\users\IE NET\AppData\Local\LSC
2012-10-30 18:28 . 2012-10-30 18:28 -------- d-----w- c:\users\IE NET\AppData\Roaming\LSC
2012-10-30 18:27 . 2012-11-01 05:16 -------- d-----w- c:\program files\Lenovo
2012-10-30 02:15 . 2012-10-30 02:15 -------- d-----w- c:\program files (x86)\Intel
2012-10-30 00:46 . 2012-10-30 00:46 -------- d-----w- c:\program files\Java
2012-10-26 20:11 . 2012-11-01 01:22 -------- d-----w- c:\windows\SysWow64\C2MP
2012-10-26 02:14 . 2012-10-26 02:14 -------- d-----w- c:\program files\PlayReady
2012-10-25 23:49 . 2012-10-25 23:49 -------- d-----w- c:\windows\ehome
2012-10-25 23:49 . 2012-10-25 23:49 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-09 14:42 . 2012-06-19 00:11 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-11-09 14:42 . 2011-03-31 00:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-06 03:38 . 2012-04-11 00:25 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-06 03:38 . 2011-05-18 00:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-31 14:15 . 2011-11-07 01:52 637272 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-10 13:16 . 2011-03-11 00:37 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-01 05:08 . 2012-07-29 22:30 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-10-01 05:08 . 2012-07-29 22:30 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-19 10:10 . 2012-09-19 23:22 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-19 10:10 . 2012-09-19 23:22 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-09-19 10:10 . 2012-09-22 13:01 37216 ----a-w- c:\windows\system32\uxtuneup.dll
2012-09-19 10:10 . 2012-09-22 13:01 29536 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-09-19 10:10 . 2012-09-19 23:22 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-09-14 19:19 . 2012-10-10 13:12 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 13:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 13:12 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 13:12 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 13:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 13:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 13:12 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 13:12 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-21 22:16 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-21 22:16 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-21 22:16 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-21 22:16 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-21 22:16 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-21 22:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-21 22:16 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-21 22:16 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-21 22:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-21 22:16 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-21 22:16 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-21 22:16 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-21 22:16 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-21 22:16 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-21 22:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-21 22:16 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-21 22:16 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-21 22:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-21 22:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-21 22:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-21 22:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-21 22:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 02:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-14 01:59 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 02:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 02:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-10-02 12:49 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 17:01 . 2012-09-20 23:17 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-08-22 22:33 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-08-22 22:33 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-21 03:07 . 2012-08-21 03:07 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2012-08-20 18:48 . 2012-10-10 13:12 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 13:12 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 13:12 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 13:12 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 13:12 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 13:12 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 13:12 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 13:12 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 13:12 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 13:12 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 13:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 13:12 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 13:12 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 13:12 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 13:12 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iDailyDiary"="c:\idaily~1\iDD.exe" [2012-06-19 1974272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 566704]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [2010-04-14 1052328]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-08-09 38608]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]
R3 IMNPF;WinPcap Packet Driver (IMNPF);c:\windows\system32\drivers\IMNPF.sys [2010-08-18 38768]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 340992]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-06-10 378368]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-11-11 15712]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-08-29 11880]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-24 1255736]
S0 43119978;43119978;c:\windows\system32\DRIVERS\43119978.sys [2011-08-17 460888]
S0 55405276;55405276;c:\windows\system32\DRIVERS\55405276.sys [2012-11-02 460888]
S0 92998438;92998438;c:\windows\system32\DRIVERS\92998438.sys [2011-08-16 460888]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-03-07 716800]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 03:38]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 21:39]
.
2012-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 21:39]
.
2012-11-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3423992899-3802321084-3640386065-1004.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-11-11 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2012-10-14 19:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-09-20 363752]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{32846F85-BE5C-4C81-B282-A4FAB250FF8F}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{32846F85-BE5C-4C81-B282-A4FAB250FF8F}\347444234374: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{32846F85-BE5C-4C81-B282-A4FAB250FF8F}\84F4D454: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{C2B41405-9548-4E56-ACB1-711E0DFDCF22}\3474442343747333: NameServer = 192.168.1.1
TCP: Interfaces\{C2B41405-9548-4E56-ACB1-711E0DFDCF22}\84F6D656: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\0\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}"=hex:51,66,7a,6c,4c,1d,38,12,c5,15,ac,
a2,93,0c,ab,0e,e9,4b,1d,00,7b,1a,de,be
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:80,ff,ea,09,3b,2e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,2f,6d,b6,b7,f7,b9,4c,8e,c0,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,27,cd,b7,1d,5c,02,4e,93,e4,90,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\06\06\0e7\0a×"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-11 14:51:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-11 19:51
.
Pre-Run: 77,145,526,272 bytes free
Post-Run: 77,464,432,640 bytes free
.
- - End Of File - - F917F04DAD647B2CE1DD9AF5BE1B07F4


Step 3-Done

Let's try to uninstall your Flash player, and Java, as I think those 2 issues are causing the problems with your browser
Download the Flash Uninstaller to your desktop.
Exit all browsers and other programs that use Flash
The uninstaller does not work if any programs that use Flash are running on your computer.
Look at the icons in the system tray for programs that run in the background. Examples include AOL Instant Messenger, Yahoo! Messenger, and games that use Flash (any file with a name that ends in .swf). If you see such an icon, right-click the icon and click Exit, if you are unsure if it uses flash, you can still close the program anyway.
Double-click the icon of the uninstaller that downloaded to your computer.
Follow the prompts. If you see the message "Do you want to allow the following program to make changes to this computer?," click Yes, or Continue.

After the uninstaller has run you will need to delete Flash player files and folders.
Click on the Start Orb and paste the following into the search box
Quote
C:\Windows\system32\Macromed\Flash
Delete all the files in that folder
Now paste this into the search box
Quote
C:\Windows\SysWOW64\Macromed\Flash
Delete all the files in there as well.
Next paste this into the search box:
Quote
%appdata%\Adobe\Flash Player
Delete all the files in there as well.
and finally paste this into the search box
Quote
%appdata%\Macromedia\Flash Player
and delete all the files in there.

Restart your computer, then go to this web page to check the status of the Flash player
You should not see the flash movie, so follow the instructions to in step 4 on that page.

Step 4
Uninstall Java -
Click on the Start Orb
Click on Control Panel
Click on Uninstall a Program
Select each version of Java you see in there and uninstall all of them.
Now go to this web page and download the Windows Offline (32-bit) link. Save that file to your desktop and double click it to start the installation.
After it installs you can verify that it is working properly by visiting this web page

In your next reply I would like to see:
• Results from Jotti virus scan
• Combofix log file
• Are your browsers behaving now after re-installing Flash and Java?



My browsers are behaving just as badly as they did when my pc was first infected which makes me suspicious about whether my machine is malware free now. I reset IE9 again because it took six minutes to load and once it did, it wouldn't let me click on another tab. Chrome is a little better but it too freezes badly. A couple of times I clicked on something in IE9 and the page opened in Chrome.
  • 0

#10
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi Diedre,
I see one more bad thing, I would like to remove it and scan for any left over files, then try to look a little deeper at your browser issues.

Step 1
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

REGLOCK::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
REGISTRY::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
"{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

  • Please download the Event Viewer Tool by Vino Rosso VEW and save it to your Desktop:
  • Double-click VEW.exe
  • Under 'Select log to query', select:
  • Application
  • System
<li>Under 'Select type to list', select:
  • Error
  • Warning
Then use the 'Date of events' or 'Number of events' as follows:

  • Click the radio button for 'Number of events'
    Type 15 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
Please post the Output log in your next reply

In your next reply I would like to see:
  • Combofix log
  • Output from VEW

  • 0

Advertisements


#11
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello Crowbar,


Step 1

•Combofix log
ComboFix 12-11-16.02 - IE NET 11/17/2012 10:38:01.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.2037 [GMT -5:00]
Running from: c:\users\IE NET\Desktop\ComboFix.exe
Command switches used :: c:\users\IE NET\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-17 15:49 . 2012-11-17 15:49 -------- d-----w- c:\users\SingleClick Admin\AppData\Local\temp
2012-11-17 15:49 . 2012-11-17 15:49 -------- d-----w- c:\users\home1234\AppData\Local\temp
2012-11-17 15:49 . 2012-11-17 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-17 15:49 . 2012-11-17 15:49 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2012-11-17 15:49 . 2012-11-17 15:49 -------- d-----w- c:\users\BRIAN1221\AppData\Local\temp
2012-11-17 11:55 . 2012-11-17 11:55 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31C186DC-CA03-4FE2-9CB8-E1592243AB1A}\offreg.dll
2012-11-15 18:37 . 2012-11-15 20:17 -------- d-----w- c:\program files\Recuva
2012-11-14 19:03 . 2012-11-14 19:03 -------- d-----w- c:\program files\Common Files\Services
2012-11-14 18:57 . 2012-11-14 18:57 -------- d-----w- c:\program files\CCleaner
2012-11-14 05:49 . 2012-11-14 05:49 -------- dc----w- C:\68c7ae2128a409909c
2012-11-14 05:44 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 05:44 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 05:44 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 05:44 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 05:25 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 05:25 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 05:25 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 05:25 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 05:25 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 05:25 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 05:25 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 05:20 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 05:20 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-13 02:57 . 2012-11-13 02:57 -------- d-----w- c:\program files (x86)\RealNetworks
2012-11-13 02:56 . 2012-11-13 02:56 -------- d-----w- c:\users\IE NET\AppData\Roaming\RealNetworks
2012-11-13 02:55 . 2012-11-13 02:55 -------- d-----w- c:\programdata\RealNetworks
2012-11-12 23:08 . 2012-11-13 01:04 8107 ----a-w- c:\windows\w7dsd.reg
2012-11-12 23:08 . 2012-11-13 01:04 8089 ----a-w- c:\windows\w7dse.reg
2012-11-12 23:08 . 2012-11-12 23:08 275360 ----a-w- c:\windows\system32\DreamScene.dll
2012-11-12 20:41 . 2012-11-12 20:41 -------- d-----w- c:\users\IE NET\AppData\Local\DDMSettings
2012-11-12 20:40 . 2012-11-12 20:40 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-11-11 21:28 . 2012-11-11 21:28 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-11 21:27 . 2012-11-11 21:27 -------- d-----w- c:\program files (x86)\Java
2012-11-11 20:59 . 2012-11-11 20:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-11 20:59 . 2012-11-11 20:59 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-10 17:54 . 2012-11-10 18:01 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-11-09 15:02 . 2012-11-09 15:02 -------- d-----w- c:\users\IE NET\AppData\Roaming\f-secure
2012-11-09 15:01 . 2012-11-09 15:01 -------- d-----w- c:\programdata\F-Secure
2012-11-08 22:32 . 2012-11-08 22:32 -------- d-----w- c:\program files\Defraggler
2012-11-08 03:04 . 2012-11-10 02:44 -------- d-----w- C:\found.000
2012-11-07 04:47 . 2012-11-07 04:47 -------- d-----w- c:\windows\SysWow64\Adobe
2012-11-06 23:10 . 2012-11-06 23:10 -------- dc----w- C:\_OTL
2012-11-06 19:11 . 2012-11-06 19:11 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-11-06 11:34 . 2012-11-06 16:49 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-11-03 17:55 . 2012-11-09 20:57 -------- d-----w- c:\users\IE NET\AppData\Roaming\QuickScan
2012-11-02 22:39 . 2012-11-02 22:39 -------- d-----w- c:\users\IE NET\AppData\Local\Macromedia
2012-11-02 22:18 . 2012-11-02 22:18 -------- d-----w- c:\users\IE NET\AppData\Local\Mozilla
2012-11-02 22:18 . 2012-11-02 22:18 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-02 18:16 . 2012-11-02 18:17 -------- d-----w- c:\users\IE NET\AppData\Roaming\WinPatrol
2012-11-02 18:15 . 2012-11-02 18:15 -------- d-----w- c:\program files (x86)\BillP Studios
2012-11-02 18:11 . 2012-11-02 18:11 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-11-02 14:33 . 2012-11-02 21:20 460888 ----a-w- c:\windows\system32\drivers\55405276.sys
2012-11-02 03:19 . 2012-11-11 20:09 -------- d-----w- c:\windows\SysWow64\%Report%
2012-11-01 18:31 . 2012-11-01 18:31 -------- d-----w- c:\users\IE NET\AppData\Roaming\Malwarebytes
2012-11-01 18:29 . 2012-11-01 18:29 -------- d-----w- c:\programdata\Malwarebytes
2012-11-01 18:29 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-01 18:29 . 2012-11-01 18:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-01 15:06 . 2012-11-01 15:06 -------- d-----w- c:\program files (x86)\ESET
2012-11-01 13:50 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31C186DC-CA03-4FE2-9CB8-E1592243AB1A}\mpengine.dll
2012-11-01 04:12 . 2012-11-17 14:27 15712 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-11-01 04:12 . 2012-11-01 04:12 -------- d-----w- c:\program files (x86)\SlimDrivers
2012-10-31 23:30 . 2012-10-31 23:30 -------- d-----w- c:\users\IE NET\AppData\Roaming\SUPERAntiSpyware.com
2012-10-31 23:30 . 2012-11-05 20:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-10-31 23:30 . 2012-10-31 23:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-10-31 20:30 . 2012-10-31 20:30 -------- d-----w- c:\program files (x86)\Realtek
2012-10-31 20:18 . 2012-10-31 20:18 -------- d-----w- c:\program files (x86)\Marvell
2012-10-31 20:15 . 2012-10-31 20:15 -------- d-----w- c:\users\IE NET\AppData\Local\SlimWare Utilities Inc
2012-10-31 03:32 . 2012-10-31 03:43 -------- d-----w- c:\users\IE NET\AppData\Roaming\GetRightToGo
2012-10-30 21:44 . 2012-10-30 21:44 -------- d-----w- c:\program files\Realtek
2012-10-30 21:43 . 2012-10-31 20:41 -------- d--h--w- c:\program files (x86)\Temp
2012-10-30 18:54 . 2012-10-30 18:54 -------- dc----w- C:\ldiag
2012-10-30 18:41 . 2012-11-01 05:16 -------- d-----w- c:\program files (x86)\Lenovo
2012-10-30 18:41 . 2012-10-30 18:41 -------- d-----w- c:\programdata\Lenovo
2012-10-30 18:37 . 2012-10-30 18:38 -------- d-----w- c:\users\IE NET\AppData\Local\LSC
2012-10-30 18:28 . 2012-10-30 18:28 -------- d-----w- c:\users\IE NET\AppData\Roaming\LSC
2012-10-30 18:27 . 2012-11-01 05:16 -------- d-----w- c:\program files\Lenovo
2012-10-30 02:15 . 2012-10-30 02:15 -------- d-----w- c:\program files (x86)\Intel
2012-10-30 00:46 . 2012-10-30 00:46 -------- d-----w- c:\program files\Java
2012-10-26 20:11 . 2012-11-01 01:22 -------- d-----w- c:\windows\SysWow64\C2MP
2012-10-26 02:14 . 2012-10-26 02:14 -------- d-----w- c:\program files\PlayReady
2012-10-25 23:49 . 2012-10-25 23:49 -------- d-----w- c:\windows\ehome
2012-10-25 23:49 . 2012-10-25 23:49 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 05:26 . 2011-03-11 00:37 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-11 21:27 . 2012-06-19 00:11 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-11-11 21:27 . 2011-03-31 00:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-31 14:15 . 2011-11-07 01:52 637272 ----a-w- c:\windows\system32\drivers\klif.sys
2012-10-01 05:08 . 2012-07-29 22:30 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-10-01 05:08 . 2012-07-29 22:30 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-19 10:10 . 2012-09-19 23:22 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-19 10:10 . 2012-09-19 23:22 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-09-19 10:10 . 2012-09-22 13:01 37216 ----a-w- c:\windows\system32\uxtuneup.dll
2012-09-19 10:10 . 2012-09-22 13:01 29536 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-09-19 10:10 . 2012-09-19 23:22 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-09-14 19:19 . 2012-10-10 13:12 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 13:12 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 13:12 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 13:12 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 13:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 13:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 13:12 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 13:12 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-22 18:12 . 2012-09-14 01:59 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 02:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 02:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-10-02 12:49 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 17:01 . 2012-09-20 23:17 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-08-22 22:33 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-08-22 22:33 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-21 03:07 . 2012-08-21 03:07 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2012-08-20 18:48 . 2012-10-10 13:12 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 13:12 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 13:12 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 13:12 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 13:12 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 13:12 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 13:12 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 13:12 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 13:12 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 13:12 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 13:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 13:12 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 13:12 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 13:12 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 13:12 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:38 . 2012-10-10 13:12 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-08-20 15:38 . 2012-10-10 13:12 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-08-20 15:33 . 2012-10-10 13:12 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 13:12 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 13:12 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 13:12 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iDailyDiary"="c:\idaily~1\iDD.exe" [2012-06-19 1974272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-10-01 296096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]
R3 IMNPF;WinPcap Packet Driver (IMNPF);c:\windows\system32\drivers\IMNPF.sys [2010-08-18 38768]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 340992]
R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-06-10 378368]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-11-17 15712]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-24 1255736]
S0 43119978;43119978;c:\windows\system32\DRIVERS\43119978.sys [2011-08-17 460888]
S0 55405276;55405276;c:\windows\system32\DRIVERS\55405276.sys [2012-11-02 460888]
S0 92998438;92998438;c:\windows\system32\DRIVERS\92998438.sys [2011-08-16 460888]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 566704]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [2010-04-14 1052328]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-08-09 38608]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-03-07 716800]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-08-29 11880]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-11 20:59]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 21:39]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 21:39]
.
2012-11-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3423992899-3802321084-3640386065-1004.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2012-11-17 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2012-10-14 19:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-09-20 363752]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{32846F85-BE5C-4C81-B282-A4FAB250FF8F}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{32846F85-BE5C-4C81-B282-A4FAB250FF8F}\347444234374: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{32846F85-BE5C-4C81-B282-A4FAB250FF8F}\84F4D454: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{C2B41405-9548-4E56-ACB1-711E0DFDCF22}\3474442343747333: NameServer = 192.168.1.1
TCP: Interfaces\{C2B41405-9548-4E56-ACB1-711E0DFDCF22}\84F6D656: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\IE NET\AppData\Roaming\Mozilla\Firefox\Profiles\6t79x38f.default-1352143406514\
FF - prefs.js: browser.search.selectedEngine - Custom search
FF - prefs.js: browser.startup.homepage - hxxp://btsearch.name
FF - prefs.js: keyword.URL - hxxp://btsearch.name/results.php?q=
FF - ExtSQL: 2012-11-01 01:13; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF - ExtSQL: 2012-11-01 01:13; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF - ExtSQL: 2012-11-01 01:13; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF - ExtSQL: 2012-11-04 16:27; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2012-11-12 21:57; {B1FC07E1-E05B-4567-8891-E63FBE545BA8}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:80,ff,ea,09,3b,2e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,2f,6d,b6,b7,f7,b9,4c,8e,c0,25,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,27,cd,b7,1d,5c,02,4e,93,e4,90,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\06\06\0e7\0a×"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-17 10:58:02
ComboFix-quarantined-files.txt 2012-11-17 15:58
ComboFix2.txt 2012-11-11 19:51
.
Pre-Run: 76,153,327,616 bytes free
Post-Run: 75,996,663,808 bytes free
.
- - End Of File - - 751993F24D57ECB3978990E58B19623C


Step 2

•Output from VEW

I followed the instructions you gave me but received an error saying "Cannot find the c:\VEW.txt file. Do you want to create a new one?" I clicked yes and the error went away to reveal an untitled blank notepad page. I ran it twice and got the same result.
  • 0

#12
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi Diedre,
Sorry, that was my fault, in order to run VEW properly, you must right click the icon and select Run as Administrator

  • Right click VEW.exe and select Run as Administrator
  • Under 'Select log to query', select:
    • Application
    • System
  • Under 'Select type to list', select:
    • Error
    • Warning

  • Click the radio button for 'Number of events'
  • Type 15 in the 1 to 20 box
  • Then click the Run button.
  • Notepad will open with the output log.

Please post the Output log in your next reply
  • 0

#13
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello Crowbar,

Here is the log from VEW. It appears Kaspersky caught a trojan last night. Trojan-Downloader-Win32.Genome.ddxs. I ran mbam later and it was clean.



Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 18/11/2012 1:02:03 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/11/2012 4:35:10 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 18/11/2012 3:14:03 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 9.0.8112.16455 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ea4 Start Time: 01cdc59f1d9d7d7f Termination Time: 16 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id:

Log: 'Application' Date/Time: 18/11/2012 6:04:53 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 4f4 Start Time: 01cdc501cc28e0aa Termination Time: 2605 Application Path: C:\Windows\Explorer.EXE Report Id: cfaaeeec-3145-11e2-a3e9-0025118a17d9

Log: 'Application' Date/Time: 18/11/2012 6:04:50 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 9.0.8112.16455 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1964 Start Time: 01cdc5525fff1cea Termination Time: 140 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id:

Log: 'Application' Date/Time: 18/11/2012 5:34:04 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 9.0.8112.16455 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ae4 Start Time: 01cdc53c9804eb6d Termination Time: 5294 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 6f3ecc0d-3141-11e2-a3e9-0025118a17d9

Log: 'Application' Date/Time: 18/11/2012 4:08:39 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program RealPlay.exe version 15.0.6.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ce4 Start Time: 01cdc50b334919df Termination Time: 1692 Application Path: c:\program files (x86)\real\realplayer\RealPlay.exe Report Id:

Log: 'Application' Date/Time: 18/11/2012 4:06:59 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 9.0.8112.16455 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 444 Start Time: 01cdc541e2be4ce5 Termination Time: 10 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id:

Log: 'Application' Date/Time: 18/11/2012 4:04:58 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 9.0.8112.16455 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: f04 Start Time: 01cdc53ca7096864 Termination Time: 3497 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id:

Log: 'Application' Date/Time: 18/11/2012 3:41:37 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 18/11/2012 12:14:50 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 9.0.8112.16455 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1754 Start Time: 01cdc52081f75e90 Termination Time: 613 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id:

Log: 'Application' Date/Time: 17/11/2012 9:14:37 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/11/2012 7:21:47 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/11/2012 5:41:54 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 17/11/2012 4:31:04 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 9.0.8112.16455 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 600 Start Time: 01cdc4ddac00f7bd Termination Time: 889 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id:

Log: 'Application' Date/Time: 17/11/2012 3:54:26 PM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{A88E1685-1986-4A86-8E88-5FE1E727D026}\recordingmanager.exe". Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/11/2012 3:03:34 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 18/11/2012 2:01:19 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3423992899-3802321084-3640386065-1004}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 18/11/2012 1:01:19 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3423992899-3802321084-3640386065-1004}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 18/11/2012 1:01:19 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-3423992899-3802321084-3640386065-1004}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
(HRESULT : 0x80004005) (0x80004005)


Log: 'Application' Date/Time: 18/11/2012 12:59:21 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 18/11/2012 4:26:33 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 18/11/2012 1:13:54 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3423992899-3802321084-3640386065-1004}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)


Log: 'Application' Date/Time: 17/11/2012 8:26:57 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 17/11/2012 7:32:11 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3423992899-3802321084-3640386065-1004:
Process 1896 (\Device\HarddiskVolume2\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe) has opened key \REGISTRY\USER\S-1-5-21-3423992899-3802321084-3640386065-1004


Log: 'Application' Date/Time: 17/11/2012 7:27:51 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 17/11/2012 7:18:35 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3423992899-3802321084-3640386065-1004}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)


Log: 'Application' Date/Time: 17/11/2012 4:17:25 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3423992899-3802321084-3640386065-1004}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)


Log: 'Application' Date/Time: 17/11/2012 3:16:58 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3423992899-3802321084-3640386065-1004}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)


Log: 'Application' Date/Time: 17/11/2012 3:14:58 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3423992899-3802321084-3640386065-1004}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
A server error occurred. Check that the server is available. (HRESULT : 0x80041206) (0x80041206)


Log: 'Application' Date/Time: 17/11/2012 3:14:12 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-3423992899-3802321084-3640386065-1004}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
No protocol handler is available. Install a protocol handler that can process this URL type. (HRESULT : 0x80040d37) (0x80040d37)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/11/2012 12:58:30 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/11/2012 8:13:21 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/11/2012 4:38:29 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/11/2012 4:00:20 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/11/2012 4:59:16 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/11/2012 6:44:03 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 14/11/2012 7:24:41 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 12/11/2012 8:26:18 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 09/11/2012 5:36:54 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 08/11/2012 4:23:33 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 08/11/2012 3:05:24 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/11/2012 6:30:45 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/11/2012 6:23:47 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 05/11/2012 6:38:18 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/11/2012 10:33:37 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/11/2012 3:05:31 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HP Network Devices Support service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 18/11/2012 3:03:48 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140995069

Log: 'System' Date/Time: 18/11/2012 3:03:48 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140995069

Log: 'System' Date/Time: 18/11/2012 3:03:48 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140995069

Log: 'System' Date/Time: 18/11/2012 3:03:48 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140995069

Log: 'System' Date/Time: 18/11/2012 3:03:48 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.

Log: 'System' Date/Time: 18/11/2012 3:03:48 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.

Log: 'System' Date/Time: 18/11/2012 3:03:31 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140995069

Log: 'System' Date/Time: 18/11/2012 3:03:31 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140995069

Log: 'System' Date/Time: 18/11/2012 3:03:31 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.

Log: 'System' Date/Time: 18/11/2012 3:01:05 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140995069

Log: 'System' Date/Time: 18/11/2012 3:00:55 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Peer Name Resolution Protocol service terminated with the following error: %%-2140995069

Log: 'System' Date/Time: 18/11/2012 3:00:55 PM
Type: Error Category: 0
Event: 102 Source: Microsoft-Windows-PNRPSvc
The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630203.

Log: 'System' Date/Time: 18/11/2012 3:00:39 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 9:57:30 AM on ?11/?18/?2012 was unexpected.

Log: 'System' Date/Time: 18/11/2012 1:01:09 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The HP Network Devices Support service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/11/2012 6:14:48 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.aviationearth.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/11/2012 7:32:17 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 17/11/2012 3:20:55 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/11/2012 3:20:40 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/11/2012 3:19:23 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/11/2012 3:19:10 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/11/2012 3:18:29 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name ipv6.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/11/2012 3:17:47 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dnl-03.geo.kaspersky.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/11/2012 3:17:23 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dnl-01.geo.kaspersky.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/11/2012 4:02:03 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dnl-01.geo.kaspersky.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/11/2012 12:33:34 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name csi.gstatic.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/11/2012 12:33:03 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name talk.google.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/11/2012 12:32:36 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dnl-01.geo.kaspersky.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/11/2012 12:32:17 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dnl-02.geo.kaspersky.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/11/2012 12:32:06 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.
  • 0

#14
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi again,
I would like to see more info about the trojan that was found by kaspersky, can you show me the log file from kaspersky?
Open the main kaspersky window, but double clicking on the K icon in the system tray.
Click on Reports

Posted Image

Select the date that the program found the trojan

Posted Image

Click on the Detailed Report button on the bottom right

Posted Image


Highlight the report
Click on Save on the bottom left side of the window, it will prompt for a file name and location(put it on the desktop), then save to a text file.
Open that .txt file and paste in the contents in your next reply.

From looking at your event logs, it seems that the Real Player is acting up, and this may be causing your browser issues.

You say you ran MalwareBytes and it was clean, I would like you to run an online virus scan also, and let me know the results
Step 1
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Step 2
Please uninstall Real Player and any components of it that you may see in Uninstall a Program.
Proceed to the next step before reinstalling it - if you never use it, then you don't need to reinstall

Step 3
Download Repair Internet Explorer from here
Make sure the browser is closed, right click on the icon and select Run as Administrator
When the program is running, click on the Start button to begin the fix

After the program completes, you can reinstall Real Player if needed.


In your next reply I would like to see:
  • Kaspersky log file
  • How is the computer running at this point? Browsers still crashing?

  • 0

#15
Diedre

Diedre

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hello Crowbar,

The Kaspersky log file was only one line and I received a warning yesterday morning about a keylogger so I included that as well. The internet explorer repair tool didn't have any effect on IE9. This morning IE9 crashed immediately when usually it works for an hour or two before crashing. I was using Chrome until it started crashing too. Now, I use Firefox. I almost forgot to mention I didn't want delete my library from realplayer when I uninstalled it so I didn't.

• Kaspersky log file

Type: Trojan program (1)
Trojan-Downloader.Win32.Genome.ddxs Inactive 11/18/2012 12:32:09 AM


Type: legal software that can be used by criminals for damaging your computer or personal data (1)
PDM.Keylogger Inactive 11/19/2012 10:01:21 AM

• Eset log file

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=66cca8f0970e8a4d86b2f33e16cd2ad9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-03 06:46:44
# local_time=2012-11-03 02:46:44 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 30416803 30416803 0 0
# compatibility_mode=5893 16776574 100 94 0 103508994 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=158035
# found=3
# cleaned=3
# scan_time=2860
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DIOOLR53\0[2].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T24PKPJ4\The_Magic_of_Belle_Isle[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\IE NET\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T24PKPJ4\tubeplus_me[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=66cca8f0970e8a4d86b2f33e16cd2ad9
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-03 08:15:20
# local_time=2012-11-03 04:15:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 30423971 30423971 0 0
# compatibility_mode=5893 16776574 100 94 0 103516162 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=66055
# found=0
# cleaned=0
# scan_time=1007
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=66cca8f0970e8a4d86b2f33e16cd2ad9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-06 05:49:49
# local_time=2012-11-06 12:49:49 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 30672340 30672340 0 0
# compatibility_mode=5893 16776574 100 94 0 103764531 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=164044
# found=0
# cleaned=0
# scan_time=3108
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=66cca8f0970e8a4d86b2f33e16cd2ad9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-06 06:53:02
# local_time=2012-11-06 01:53:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 30675626 30675626 0 0
# compatibility_mode=5893 16776574 100 94 0 103767817 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=165431
# found=1
# cleaned=1
# scan_time=3615
C:\Users\IE NET\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00053d HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=66cca8f0970e8a4d86b2f33e16cd2ad9
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-20 12:44:15
# local_time=2012-11-19 07:44:15 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 31816387 31816387 0 0
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 104908578 0 0
# compatibility_mode=8192 67108863 100 0 661168 661168 0 0
# scanned=171007
# found=0
# cleaned=0
# scan_time=7123
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP