Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP: INFECTED BADLY [Closed]


  • This topic is locked This topic is locked

#1
Asentrik

Asentrik

    Member

  • Member
  • PipPip
  • 19 posts
Okay so I am infected badly and am thinking about reformatting :S

Heres OTL log

OTL logfile created on: 4/2/2013 19:34:37 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 47.77% Memory free
5.50 Gb Paging File | 3.10 Gb Available in Paging File | 56.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 316.60 Gb Total Space | 3.11 Gb Free Space | 0.98% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 442.17 Gb Free Space | 94.94% Space Free | Partition Type: NTFS

Computer Name: TOUCH-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/02 12:45:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
PRC - [2013/03/12 02:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/02/26 07:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/02/14 17:24:45 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013/01/21 03:31:06 | 001,251,064 | ---- | M] (Bogdan Sharkov) -- C:\Program Files (x86)\Clownfish\Clownfish.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/11/21 05:32:28 | 004,074,600 | ---- | M] (Initex) -- C:\Program Files (x86)\Proxifier\Proxifier.exe
PRC - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/24 15:32:10 | 000,404,848 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012/07/24 15:28:22 | 000,387,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012/07/24 15:26:42 | 000,474,992 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/05/03 09:56:10 | 033,837,056 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Home\Desktop\All\ProjSkype\skype55_59_deobfuscated\skype59_patched.exe
PRC - [2012/04/17 10:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/05/05 15:05:19 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/01/30 11:23:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/12/01 09:26:40 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/01/07 17:11:28 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/05/27 23:17:49 | 000,003,584 | ---- | M] () -- C:\Users\Home\Downloads\SmitfraudFix\Policies.exe
PRC - [2008/05/24 15:02:50 | 000,417,792 | ---- | M] () -- C:\Program Files (x86)\Icecast2 Win32\icecastService.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/21 17:50:33 | 000,390,096 | ---- | M] () -- C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
MOD - [2013/03/21 17:50:31 | 004,050,896 | ---- | M] () -- C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
MOD - [2013/03/21 17:49:41 | 000,598,480 | ---- | M] () -- C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll
MOD - [2013/03/21 17:49:40 | 000,124,368 | ---- | M] () -- C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll
MOD - [2013/03/21 17:49:38 | 001,606,096 | ---- | M] () -- C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll
MOD - [2012/11/22 19:57:06 | 000,056,424 | ---- | M] () -- C:\Windows\SysWOW64\PrxerNsp.dll
MOD - [2012/04/05 01:14:26 | 000,469,880 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/09/14 06:13:48 | 001,437,184 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2011/09/14 06:13:04 | 002,128,384 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/26 11:37:42 | 003,622,128 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\plugin\libbizlplugin.dll
MOD - [2010/12/01 09:26:38 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
MOD - [2010/12/01 09:26:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
MOD - [2010/12/01 09:26:36 | 000,375,808 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
MOD - [2010/12/01 09:26:36 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
MOD - [2010/12/01 09:26:36 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
MOD - [2010/12/01 09:26:35 | 002,452,992 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
MOD - [2010/12/01 09:26:35 | 001,008,640 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
MOD - [2010/12/01 09:26:34 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
MOD - [2008/05/27 23:17:49 | 000,003,584 | ---- | M] () -- C:\Users\Home\Downloads\SmitfraudFix\Policies.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/13 01:54:06 | 000,141,464 | ---- | M] (BiniSoft.org) [Auto | Running] -- C:\Program Files\Windows Firewall Control\wfcs.exe -- (wfcs)
SRV:64bit: - [2012/06/17 02:52:14 | 000,098,576 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011/10/12 04:55:12 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 20:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2007/11/07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2013/03/12 23:36:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 01:04:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/26 07:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/10/02 17:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/25 15:23:44 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/07/24 15:36:22 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2012/07/24 15:32:10 | 000,404,848 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/07/24 15:28:22 | 000,387,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/07/24 15:26:42 | 000,474,992 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/04/22 22:21:25 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/09/26 12:17:16 | 009,665,536 | ---- | M] () [Auto | Stopped] -- c:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/09/26 12:06:54 | 000,021,504 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/01/30 11:23:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/24 15:02:50 | 000,417,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Icecast2 Win32\icecastService.exe -- (Icecast-trunk)
SRV - [1998/06/06 01:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/06 16:28:46 | 000,221,720 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2013/01/04 22:48:36 | 000,042,328 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/16 02:59:22 | 000,101,376 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/04 14:29:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/09/25 14:57:09 | 000,021,608 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cv2k1.sys -- (CV2K1)
DRV:64bit: - [2012/09/24 17:41:35 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/24 15:11:54 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/07/24 15:11:52 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/07/15 12:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2012/06/27 16:22:55 | 000,026,256 | ---- | M] (TamoSoft) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tsvp.sys -- (TsVp)
DRV:64bit: - [2012/06/17 02:52:12 | 000,166,576 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/06/04 16:16:36 | 000,067,368 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 01:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/12/15 12:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 14:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/04/21 15:14:04 | 000,022,120 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsvlb.sys -- (TsVlb)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:10 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\loop.sys -- (msloop)
DRV:64bit: - [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 01:47:48 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2010/01/07 17:11:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/03/14 10:08:56] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/09/14 01:21:54 | 000,002,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\LENDIG.sys -- (LENDIG)
DRV - [1998/05/07 01:00:00 | 000,000,111 | ---- | M] () [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\WINSOCK.SRG -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 9221036
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 9F 07 0C 59 2C CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {FA00F2F0-1C38-4D44-BE4F-42BE62E794AF}
IE - HKCU\..\SearchScopes\{4260182C-53DC-5177-430F-D0D732B41839}: "URL" = http://ib.startnow.c...eferrer:source}
IE - HKCU\..\SearchScopes\{65C466CC-786F-414C-AC05-DC95D5A03175}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...arcSearchScopes
IE - HKCU\..\SearchScopes\{83B5DC4E-8B4C-4CD3-A48A-5FD9F95CC34F}: "URL" = http://websearch.ask...4A-971987119EA4
IE - HKCU\..\SearchScopes\{C138E836-7A11-45FB-BFBC-6E8DA804570A}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{FA00F2F0-1C38-4D44-BE4F-42BE62E794AF}: "URL" = http://searchou.com/...f6d68bda8&r=783
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "http://searchou.com/...0000ff6d68bda8"
FF - prefs.js..extensions.enabledAddons: afurladvisor%40anchorfree.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "http://searchou.com/...0000ff6d68bda8"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Home\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/08/09 20:30:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 01:04:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 01:04:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2012/03/25 10:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Extensions
[2011/01/31 22:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\extensions
[2011/01/31 22:27:59 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2013/04/02 12:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\l18miaid.default\extensions
[2012/11/27 20:36:01 | 000,000,000 | ---D | M] (WindowShopper) -- C:\Users\Home\AppData\Roaming\mozilla\Firefox\Profiles\l18miaid.default\extensions\superfish@superfish.com
[2013/02/16 06:26:57 | 000,204,940 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\l18miaid.default\extensions\OneClickDownload@OneClickDownload.com.xpi
[2012/04/15 16:55:32 | 000,004,546 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\l18miaid.default\extensions\support@super-hide-ip.com.xpi
[2013/04/01 19:51:08 | 000,001,378 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\l18miaid.default\searchplugins\privitize.xml
[2013/03/08 01:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 01:04:41 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2013/03/08 01:04:52 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/28 10:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/07/08 00:02:24 | 000,003,659 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/06 16:37:53 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/05/24 18:41:10 | 000,001,847 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
[2013/02/20 06:47:14 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search The Web (privitize) (Enabled)
CHR - default_search_provider: search_url = http://searchou.com/...00000ff6d68bda8
CHR - default_search_provider: suggest_url =
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Home\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Home\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Free Realms Installer (Enabled) = C:\Windows\Downloaded Program Files\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - Extension: Adblock Plus = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Crackle = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Abstract-Blue = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa\1.0_0\

O1 HOSTS File: ([2013/04/02 12:23:58 | 000,444,852 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15276 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (privitize Helper Object) - {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - C:\Program Files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll (Industriya LLC)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Panopreter Toolbar) - {4ED07CEF-6970-48F6-A457-BC93B0C6BB46} - C:\Program Files (x86)\Panopreter Plus\IEToolbar.dll (Panopreter.com)
O3 - HKLM\..\Toolbar: (no name) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30AA252E-B1DF-4AA2-9C5E-194C67A7C623} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui File not found
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Clownfish] C:\Program Files (x86)\Clownfish\Clownfish.exe (Bogdan Sharkov)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Proxifier] c:\program files (x86)\proxifier\proxifier.exe (Initex)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Tango] C:\Program Files (x86)\Tango\Tango.exe -r File not found
O4 - HKCU..\Run: [uTorrent] C:\Users\Home\Downloads\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [RunOnceEx] C:\Windows\SysWow64\iernonce.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce\Setup: [Configuring Data Access Components] C:\Windows\SysWOW64\odbcconf.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Home\Documents\Startup\Dropbox.lnk = C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download with &Media Finder - Reg Error: Value error. File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with &Media Finder - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Windows\SysNative\PrxerNsp.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\PrxerDrv.dll (Initex)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\PrxerNsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freer...ller.cab?v=1054 (SonyOnlineInstallerX)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} https://a248.e.akama...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D68BDA8-556C-4F96-B5C2-C69D3E49446C}: DhcpNameServer = 10.2.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78B3C496-7BF3-40B9-B0D9-216202DEA90E}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F1685DD-9669-4EBA-ADD2-120338D4DA6B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7B971B5-A392-424F-85A9-FE0BFDB94422}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3EABA83-73B3-49EA-BFB3-27EA048C2BD6}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\System Files 32\winupdate.exe) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) - File not found
O20 - Winlogon\Notify\WB: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/06 08:16:25 | 000,000,000 | ---D | M] - E:\autorun -- [ NTFS ]
O33 - MountPoints2\{236c7d27-415a-11e1-80bb-ef95088a48f7}\Shell - "" = AutoRun
O33 - MountPoints2\{236c7d27-415a-11e1-80bb-ef95088a48f7}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{37908492-9678-11e2-ae53-cf51464323d9}\Shell - "" = AutoRun
O33 - MountPoints2\{37908492-9678-11e2-ae53-cf51464323d9}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{42092d41-063f-11e2-a3b9-b5ccdc1b4aa4}\Shell - "" = AutoRun
O33 - MountPoints2\{42092d41-063f-11e2-a3b9-b5ccdc1b4aa4}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{a0a3156c-fa8a-11e1-b41c-00160f10903f}\Shell - "" = AutoRun
O33 - MountPoints2\{a0a3156c-fa8a-11e1-b41c-00160f10903f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Setup.exe
O33 - MountPoints2\{e80f1912-66db-11e1-99b7-cea52c0380ee}\Shell - "" = AutoRun
O33 - MountPoints2\{e80f1912-66db-11e1-99b7-cea52c0380ee}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\setup.hta
O33 - MountPoints2\{e80f19d5-66db-11e1-99b7-cea52c0380ee}\Shell - "" = AutoRun
O33 - MountPoints2\{e80f19d5-66db-11e1-99b7-cea52c0380ee}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{e80f19d8-66db-11e1-99b7-cea52c0380ee}\Shell - "" = AutoRun
O33 - MountPoints2\{e80f19d8-66db-11e1-99b7-cea52c0380ee}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{e80f19d8-66db-11e1-99b7-cea52c0380ee}\Shell\setup\command - "" = H:\setup.exe
O33 - MountPoints2\{ef1223b6-f5d5-11e1-9821-cbb7b9ee24a6}\Shell - "" = AutoRun
O33 - MountPoints2\{ef1223b6-f5d5-11e1-9821-cbb7b9ee24a6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/02 19:30:45 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2013/04/02 19:30:45 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2013/04/02 19:30:45 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2013/04/02 19:30:45 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2013/04/02 19:30:45 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2013/04/02 19:30:45 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2013/04/02 19:30:45 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2013/04/02 19:30:45 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2013/04/02 19:30:45 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2013/04/02 19:30:45 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2013/04/02 19:30:45 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2013/04/02 13:12:36 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\ElevatedDiagnostics
[2013/04/02 12:45:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2013/04/02 12:26:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/02 12:26:26 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/02 02:09:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/04/02 01:57:32 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\rkill
[2013/04/01 22:49:25 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\RK_Quarantine
[2013/04/01 19:50:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Industriya
[2013/04/01 19:50:23 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Industriya
[2013/03/31 15:22:32 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\website
[2013/03/28 18:14:25 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\dnb [bleep]
[2013/03/26 00:46:33 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Zephex
[2013/03/24 04:23:28 | 000,000,000 | ---D | C] -- C:\[bleep]
[2013/03/24 04:00:47 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\gnupg
[2013/03/24 04:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\GNU
[2013/03/24 03:41:39 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013/03/21 22:49:15 | 000,000,000 | ---D | C] -- C:\Cookiesvampirefreaks.com
[2013/03/21 20:53:55 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\test
[2013/03/20 23:27:17 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\AESIS OpenSrc
[2013/03/20 21:34:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\VPNium
[2013/03/20 21:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPNium
[2013/03/20 21:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VPNium
[2013/03/16 01:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOVE
[2013/03/16 01:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOVE
[2013/03/15 23:54:29 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\My RAT
[2013/03/15 04:58:38 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Process Hacker 2
[2013/03/15 04:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2013/03/15 04:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2013/03/15 04:56:18 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\QFX Software
[2013/03/15 04:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2013/03/15 04:56:13 | 000,221,720 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2013/03/15 04:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2013/03/15 04:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyScrambler
[2013/03/15 04:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DarkComet RAT Remover
[2013/03/15 04:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhrozenSoft
[2013/03/15 04:20:01 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\darkcomet remover
[2013/03/15 00:24:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\aPjaReoYXLwYuHVDUG
[2013/03/14 22:19:16 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\HSSS
[2013/03/14 22:09:36 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\X-Chat 2
[2013/03/14 22:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XChat
[2013/03/14 22:09:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xchat
[2013/03/14 22:06:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Hotspot Shield
[2013/03/13 22:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Hide IP
[2013/03/13 22:54:35 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Super Hide IP v3.0.6.8 + Crack [broadway24™]
[2013/03/13 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\join.me
[2013/03/13 03:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/13 03:03:01 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/03/13 03:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 03:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/12 02:50:29 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Garena
[2013/03/09 01:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
[2013/03/09 01:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
[2013/03/09 00:35:11 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Massive 1.3 Sounds
[2013/03/08 01:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/06 13:53:38 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Vengeance.Essential.Dubstep.Vol.1.WAV-Samples
[2013/03/03 23:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Tools
[2013/03/03 23:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/03/03 23:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express
[2013/03/03 23:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express
[2013/03/03 23:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WCF Data Services
[2013/03/03 23:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2013/03/03 23:02:35 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Console Biased Tools
[2013/03/03 23:00:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer
[2013/03/03 22:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
[2013/03/03 22:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 11.0
[2012/08/07 21:45:27 | 016,956,856 | ---- | C] (PremiumSoft CyberTech Ltd. ) -- C:\Users\Home\AppData\Roaming\navicat100_mysql_en.exe
[5 C:\Users\Home\*.tmp files -> C:\Users\Home\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/02 19:35:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/02 19:34:34 | 000,003,624 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2013/04/02 19:32:45 | 000,000,035 | ---- | M] () -- C:\Users\Home\AppData\Roaming\SetValue.bat
[2013/04/02 19:32:44 | 000,000,691 | ---- | M] () -- C:\Users\Home\AppData\Roaming\GetValue.vbs
[2013/04/02 19:30:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3394970204-3036101845-2700764691-1001UA.job
[2013/04/02 19:23:29 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Home.job
[2013/04/02 19:14:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 19:14:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 19:13:01 | 002,309,838 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/02 19:13:01 | 000,681,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/02 19:13:01 | 000,006,672 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/02 19:09:49 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Home.job
[2013/04/02 19:09:47 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Home.job
[2013/04/02 19:09:40 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/02 19:05:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/02 19:05:38 | 3019,296,768 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/02 17:59:54 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/02 17:59:54 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/02 17:51:40 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/02 12:45:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2013/04/02 12:23:58 | 000,444,852 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/04/02 01:00:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3394970204-3036101845-2700764691-1001UA.job
[2013/04/02 01:00:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3394970204-3036101845-2700764691-1001Core.job
[2013/04/01 22:51:10 | 000,001,016 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130402-122357.backup
[2013/04/01 20:58:42 | 000,021,359 | ---- | M] () -- C:\Users\Home\Documents\Wolfattackrecords.png
[2013/04/01 20:58:41 | 000,000,132 | ---- | M] () -- C:\Users\Home\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/04/01 20:58:34 | 000,242,826 | ---- | M] () -- C:\Users\Home\Documents\Wolfattackrecords.psd
[2013/04/01 16:30:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3394970204-3036101845-2700764691-1001Core.job
[2013/04/01 16:02:01 | 001,275,737 | ---- | M] () -- C:\Users\Home\Desktop\839B5198-962A-448A-A7E4-BCCCE28103B9.jpg
[2013/03/29 18:42:02 | 000,002,952 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013/03/29 11:45:50 | 006,488,710 | ---- | M] () -- C:\Users\Home\Desktop\Synchronize 2.mp3
[2013/03/28 12:08:08 | 006,488,710 | ---- | M] () -- C:\Users\Home\Desktop\Synchronize.mp3
[2013/03/28 12:00:08 | 000,356,680 | ---- | M] () -- C:\Users\Home\Desktop\bassstorm.png
[2013/03/28 12:00:02 | 003,059,727 | ---- | M] () -- C:\Users\Home\Desktop\bassstorm.psd
[2013/03/26 19:54:43 | 000,001,062 | ---- | M] () -- C:\Users\Home\Documents\Startup\Dropbox.lnk
[2013/03/25 00:49:01 | 000,000,065 | ---- | M] () -- C:\Users\Home\Desktop\config.ini
[2013/03/25 00:46:13 | 000,379,655 | ---- | M] () -- C:\Users\Home\Desktop\beard.exe
[2013/03/24 03:41:39 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013/03/23 23:54:01 | 000,073,020 | ---- | M] () -- C:\Users\Home\Desktop\ANIME.psd
[2013/03/22 23:11:52 | 002,735,553 | ---- | M] () -- C:\Users\Home\Desktop\Chiefkeef.psd
[2013/03/22 21:57:33 | 003,132,550 | ---- | M] () -- C:\Users\Home\Desktop\TradgiK & SOTW 2013 DnB Mix.mp3
[2013/03/22 05:51:55 | 000,000,001 | ---- | M] () -- C:\Users\Home\random.dat
[2013/03/22 05:46:52 | 000,000,043 | ---- | M] () -- C:\Users\Home\jagex_cl_runescape_LIVE.dat
[2013/03/22 02:58:59 | 005,090,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/22 00:27:19 | 000,014,914 | ---- | M] () -- C:\Users\Home\Desktop\derp.php
[2013/03/22 00:05:18 | 000,101,416 | ---- | M] () -- C:\Users\Home\Desktop\MyriadPro-SemiboldIt.otf
[2013/03/21 15:10:50 | 000,024,779 | ---- | M] () -- C:\Users\Home\Documents\IMG_21032013_151205.png
[2013/03/21 03:00:06 | 000,059,125 | ---- | M] () -- C:\Users\Home\Documents\asian.jpg
[2013/03/21 02:36:22 | 000,001,885 | ---- | M] () -- C:\Users\Home\Desktop\Process Hacker 2.lnk
[2013/03/20 21:34:38 | 000,000,983 | ---- | M] () -- C:\Users\Home\Desktop\VPNium.lnk
[2013/03/16 01:45:14 | 000,000,955 | ---- | M] () -- C:\Users\Home\Desktop\LOVE.lnk
[2013/03/16 00:17:26 | 000,271,872 | ---- | M] (The UPX Team http://upx.sf.net) -- C:\Windows\SysWow64\upx.exe
[2013/03/16 00:02:29 | 000,235,056 | ---- | M] () -- C:\Windows\Discon.wav
[2013/03/16 00:02:29 | 000,087,600 | ---- | M] () -- C:\Windows\comp.wav
[2013/03/16 00:02:29 | 000,068,016 | ---- | M] () -- C:\Windows\Growl.wav
[2013/03/16 00:02:29 | 000,032,304 | ---- | M] () -- C:\Windows\broke.wav
[2013/03/16 00:02:28 | 002,014,348 | ---- | M] () -- C:\Windows\op.wav
[2013/03/16 00:02:28 | 000,412,672 | ---- | M] (JB) -- C:\Windows\SysWow64\vbskpro.ocx
[2013/03/15 04:20:39 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\DarkComet Remover.lnk
[2013/03/14 23:18:40 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013/03/14 22:09:35 | 000,001,833 | ---- | M] () -- C:\Users\Home\Desktop\XChat.lnk
[2013/03/13 22:54:54 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Super Hide IP.lnk
[2013/03/13 22:23:40 | 000,001,061 | ---- | M] () -- C:\Users\Home\Desktop\join.me.lnk
[2013/03/13 18:17:03 | 000,000,142 | ---- | M] () -- C:\Users\Home\Desktop\SkypeProxySettings.reg
[2013/03/12 21:09:53 | 000,000,137 | ---- | M] () -- C:\Users\Home\Desktop\SkypeRemoveProxy.reg
[2013/03/10 03:44:40 | 000,000,000 | ---- | M] () -- C:\Users\Home\Documents\ts3_clientui-win32-1351504843-2013-03-10 03_44_40.133000.dmp
[2013/03/09 01:56:11 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Massive.lnk
[2013/03/09 01:55:08 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk
[2013/03/03 22:54:57 | 000,207,766 | ---- | M] () -- C:\Users\Home\AppData\Local\debuggee.mdmp
[5 C:\Users\Home\*.tmp files -> C:\Users\Home\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/02 19:32:45 | 000,000,035 | ---- | C] () -- C:\Users\Home\AppData\Roaming\SetValue.bat
[2013/04/02 19:32:44 | 000,000,691 | ---- | C] () -- C:\Users\Home\AppData\Roaming\GetValue.vbs
[2013/04/02 19:31:02 | 000,003,624 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2013/04/02 19:30:45 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2013/04/02 19:30:45 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2013/04/02 19:30:45 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2013/04/02 19:09:46 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Home.job
[2013/04/02 19:09:43 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Home.job
[2013/04/02 19:09:40 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Home.job
[2013/04/02 17:59:54 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/02 17:59:54 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/02 17:44:14 | 000,002,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2013/04/02 17:44:14 | 000,000,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2013/04/01 20:58:39 | 000,021,359 | ---- | C] () -- C:\Users\Home\Documents\Wolfattackrecords.png
[2013/04/01 20:58:33 | 000,242,826 | ---- | C] () -- C:\Users\Home\Documents\Wolfattackrecords.psd
[2013/04/01 15:29:19 | 001,275,737 | ---- | C] () -- C:\Users\Home\Desktop\839B5198-962A-448A-A7E4-BCCCE28103B9.jpg
[2013/03/29 11:43:55 | 006,488,710 | ---- | C] () -- C:\Users\Home\Desktop\Synchronize 2.mp3
[2013/03/28 12:00:06 | 000,356,680 | ---- | C] () -- C:\Users\Home\Desktop\bassstorm.png
[2013/03/28 12:00:01 | 003,059,727 | ---- | C] () -- C:\Users\Home\Desktop\bassstorm.psd
[2013/03/28 11:51:32 | 006,488,710 | ---- | C] () -- C:\Users\Home\Desktop\Synchronize.mp3
[2013/03/25 00:49:01 | 000,000,065 | ---- | C] () -- C:\Users\Home\Desktop\config.ini
[2013/03/25 00:43:03 | 000,379,655 | ---- | C] () -- C:\Users\Home\Desktop\beard.exe
[2013/03/23 23:54:00 | 000,073,020 | ---- | C] () -- C:\Users\Home\Desktop\ANIME.psd
[2013/03/22 21:57:00 | 003,132,550 | ---- | C] () -- C:\Users\Home\Desktop\TradgiK & SOTW 2013 DnB Mix.mp3
[2013/03/22 00:27:14 | 000,014,914 | ---- | C] () -- C:\Users\Home\Desktop\derp.php
[2013/03/22 00:09:48 | 002,735,553 | ---- | C] () -- C:\Users\Home\Desktop\Chiefkeef.psd
[2013/03/22 00:05:09 | 000,101,416 | ---- | C] () -- C:\Users\Home\Desktop\MyriadPro-SemiboldIt.otf
[2013/03/21 15:10:34 | 000,024,779 | ---- | C] () -- C:\Users\Home\Documents\IMG_21032013_151205.png
[2013/03/21 02:59:31 | 000,059,125 | ---- | C] () -- C:\Users\Home\Documents\asian.jpg
[2013/03/20 21:34:38 | 000,000,983 | ---- | C] () -- C:\Users\Home\Desktop\VPNium.lnk
[2013/03/16 01:45:14 | 000,000,955 | ---- | C] () -- C:\Users\Home\Desktop\LOVE.lnk
[2013/03/15 04:57:27 | 000,001,885 | ---- | C] () -- C:\Users\Home\Desktop\Process Hacker 2.lnk
[2013/03/15 04:20:39 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\DarkComet Remover.lnk
[2013/03/14 22:09:35 | 000,001,833 | ---- | C] () -- C:\Users\Home\Desktop\XChat.lnk
[2013/03/13 22:54:54 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Super Hide IP.lnk
[2013/03/13 22:23:40 | 000,001,061 | ---- | C] () -- C:\Users\Home\Desktop\join.me.lnk
[2013/03/12 21:09:43 | 000,000,137 | ---- | C] () -- C:\Users\Home\Desktop\SkypeRemoveProxy.reg
[2013/03/10 03:44:40 | 000,000,000 | ---- | C] () -- C:\Users\Home\Documents\ts3_clientui-win32-1351504843-2013-03-10 03_44_40.133000.dmp
[2013/03/09 01:56:11 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Massive.lnk
[2013/03/09 01:55:08 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk
[2013/03/03 22:54:47 | 000,207,766 | ---- | C] () -- C:\Users\Home\AppData\Local\debuggee.mdmp
[2013/02/21 20:30:47 | 000,056,424 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll
[2012/12/21 17:30:03 | 000,000,041 | ---- | C] () -- C:\Users\Home\matrix_cl_zenith_LIVE.dat
[2012/12/19 23:18:12 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/12/14 19:04:17 | 000,000,000 | ---- | C] () -- C:\Users\Home\Paradox_runescape_preferences.dat
[2012/12/09 23:49:52 | 000,581,642 | ---- | C] () -- C:\Users\Home\AppData\Roaming\technic-launcher.jar
[2012/11/30 18:20:02 | 000,000,631 | ---- | C] () -- C:\Users\Home\openvpn-connect.json
[2012/11/25 23:05:34 | 000,000,043 | ---- | C] () -- C:\Users\Home\jagex_cl_runescape_LIVE.dat
[2012/11/17 14:07:16 | 000,000,113 | ---- | C] () -- C:\Windows\SysWow64\SVG Drawer.ini
[2012/10/16 21:57:20 | 000,000,045 | ---- | C] () -- C:\Users\Home\jagex_cl_loginapplet_LIVE.dat
[2012/10/16 21:57:20 | 000,000,001 | ---- | C] () -- C:\Users\Home\random.dat
[2012/10/11 16:00:28 | 000,000,000 | ---- | C] () -- C:\Users\Home\jagex__preferences3.dat
[2012/10/11 16:00:25 | 000,000,099 | ---- | C] () -- C:\Users\Home\jagex_Runescape_preferences2.dat
[2012/10/11 16:00:08 | 000,000,046 | ---- | C] () -- C:\Users\Home\jagex_Runescape_preferences.dat
[2012/10/03 20:55:01 | 000,000,159 | ---- | C] () -- C:\Users\Home\AppData\Roaming\net.telestream.producer.xml
[2012/09/26 19:41:40 | 000,601,088 | ---- | C] () -- C:\Users\Home\AppData\Roaming\SharedSettings.ccs
[2012/09/26 18:40:19 | 000,000,104 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2012/07/15 00:28:54 | 000,000,171 | ---- | C] () -- C:\Windows\icecast2.ini
[2012/07/10 08:17:29 | 000,002,952 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/07/07 13:08:33 | 000,001,263 | ---- | C] () -- C:\Program Files (x86)\Spybot - Search & Destroy - Shortcut.lnk
[2012/06/17 19:40:44 | 000,001,456 | ---- | C] () -- C:\Users\Home\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/06/17 19:28:35 | 000,000,132 | ---- | C] () -- C:\Users\Home\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2012/06/10 05:25:15 | 000,000,132 | ---- | C] () -- C:\Users\Home\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2012/05/10 19:23:04 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\minimp3.exe
[2012/04/22 15:29:52 | 000,000,091 | ---- | C] () -- C:\Users\Home\AppData\Local\NWUserDefault.ini
[2012/04/11 23:34:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/04/02 17:04:39 | 000,000,185 | ---- | C] () -- C:\Windows\mdm.ini
[2012/04/02 17:04:33 | 000,000,760 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/04/02 17:04:33 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/02 15:52:33 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2012/03/25 10:24:56 | 000,005,890 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/11 12:44:08 | 000,006,656 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/11 11:59:45 | 000,000,600 | ---- | C] () -- C:\Users\Home\AppData\Local\PUTTY.RND
[2012/03/07 20:37:13 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/03/06 23:22:22 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/03/06 23:22:21 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/03/06 23:22:21 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/03/06 16:59:24 | 000,077,517 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012/01/31 22:38:05 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2012/01/30 21:26:09 | 000,001,806 | ---- | C] () -- C:\Windows\TSearch.INI
[2012/01/03 22:04:06 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/01/01 11:57:51 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{C906B360-2338-4A7F-BBF7-13DE2F40B573}
[2011/12/29 17:58:09 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2011/10/14 21:32:55 | 000,221,179 | ---- | C] () -- C:\Users\Home\AppData\Roaming\UserTile.png
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/09 19:47:29 | 000,012,794 | --S- | C] () -- C:\Users\Home\AppData\Local\4kevyrk2a6v3ct6no2nj87x5vb840rrg23v3b5q10dw6tw
[2011/08/09 19:47:29 | 000,012,794 | --S- | C] () -- C:\ProgramData\4kevyrk2a6v3ct6no2nj87x5vb840rrg23v3b5q10dw6tw
[2011/06/29 19:03:02 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/09 11:31:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/18 21:29:50 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/30 21:54:10 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2010/03/21 14:29:48 | 000,007,602 | ---- | C] () -- C:\Users\Home\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/27 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.3.14
[2012/03/17 21:55:30 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.Epsilon
[2013/04/01 17:49:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.minecraft
[2012/06/06 12:31:13 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.spoutcraft
[2012/12/11 18:54:22 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\.techniclauncher
[2012/04/13 11:48:55 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Ableton
[2013/03/15 00:24:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\aPjaReoYXLwYuHVDUG
[2013/02/22 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Audacity
[2013/02/16 06:18:10 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\AutoHideIP
[2011/01/30 11:06:58 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\AVG10
[2011/11/09 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Azureus
[2011/02/20 14:52:08 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Barnes & Noble
[2012/07/11 03:04:33 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Bertware
[2012/08/13 00:02:15 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Cobalt
[2013/02/16 23:27:35 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/03/24 00:10:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DAEMON Tools Lite
[2012/06/24 05:52:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DAEMON Tools Pro
[2012/07/11 22:34:01 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Deckadance16
[2013/04/02 19:11:45 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Dropbox
[2011/08/05 15:23:29 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ESET
[2013/03/31 15:27:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\FileZilla
[2011/12/25 21:36:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GameRanger
[2012/12/04 17:40:38 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\GetRight
[2013/03/24 04:02:35 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\gnupg
[2011/10/17 07:27:04 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\go
[2012/08/14 01:54:20 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\gtk-2.0
[2013/03/14 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Hotspot Shield
[2012/07/18 00:36:12 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\IcoFX2X
[2012/03/03 13:16:59 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Image-Line
[2013/04/01 19:50:23 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Industriya
[2012/12/11 18:52:28 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\logs
[2012/04/11 17:07:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ManyCam
[2012/07/13 07:04:15 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Minecraft
[2011/04/29 10:36:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Mumble
[2012/07/08 00:04:09 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\MySQL
[2012/05/02 15:44:36 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Notepad++
[2013/02/11 20:29:11 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Ohm Force
[2011/06/25 16:38:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Philipp Winterberg
[2013/01/02 17:05:57 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\PrivateTunnel
[2013/03/15 04:58:38 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Process Hacker 2
[2013/02/21 20:30:53 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Proxifier
[2013/03/15 04:56:18 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\QFX Software
[2013/02/13 22:54:35 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\RobotSoft
[2012/06/30 20:35:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Screaming Bee
[2013/02/25 03:57:07 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Soldat
[2012/11/15 00:50:39 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Spadille
[2012/07/10 14:40:59 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/03/03 14:16:29 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Stardock
[2012/03/13 10:30:24 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Steinberg
[2012/10/13 02:19:19 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Subversion
[2012/04/13 17:29:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SuperHideIP
[2012/03/02 14:14:43 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\SynthMaker
[2012/10/12 01:16:18 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Tangible Software Solutions Inc
[2013/03/10 02:30:37 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TeamViewer
[2013/03/24 00:10:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TS3Client
[2012/09/25 22:53:56 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Tunngle
[2012/10/03 20:55:06 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Ustream Producer
[2013/04/01 21:34:35 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\uTorrent
[2011/04/03 13:12:51 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WhiteSmoke
[2012/08/07 15:39:57 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\wsInspector
[2013/03/15 21:40:47 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\X-Chat 2

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:AFC66739

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Asentrik

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
Asentrik

Asentrik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Lavasoft Ad-Aware
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft VM for Java
JavaFX 2.1.1
JavaFX 2.1.1 SDK
Java™ 7 Update 5
Java™ SE Development Kit 6 Update 21
Java™ SE Development Kit 7 Update 2
Java SE Development Kit 7 Update 5
Visual Studio Extensions for Windows Library for JavaScript
Java version out of Date!
Adobe Flash Player 11.6.602.180
Mozilla Firefox (19.0.2)
Google Chrome 25.0.1364.172
Google Chrome 26.0.1410.43
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
  • 0

#4
Asentrik

Asentrik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
# AdwCleaner v2.200 - Logfile created 04/02/2013 at 21:49:05
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Home - TOUCH-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Home\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Users\Home\AppData\Local\APN
Folder Deleted : C:\Users\Home\AppData\Local\PackageAware
Folder Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\l18miaid.default\jetpack
Folder Deleted : C:\Users\Splaph-PC\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Splaph-PC\AppData\LocalLow\Searchqutoolbar

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll
Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
Key Deleted : HKCU\Software\AppDataLow\Software\XfireXO
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\FCSB000062385
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\Software\XfireXO
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\l18miaid.default\prefs.js

Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.value", "%22/**/%22");
Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.code", "(function(){var b=\"cr_\"+a[...]

File : C:\Users\Splaph-PC\AppData\Roaming\Mozilla\Firefox\Profiles\pbho1057.default\prefs.js

Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [418 octets] - [02/04/2013 12:25:22]
AdwCleaner[S1].txt - [341 octets] - [02/04/2013 21:46:54]
AdwCleaner[S2].txt - [20492 octets] - [02/04/2013 21:49:05]

########## EOF - C:\AdwCleaner[S2].txt - [20553 octets] ##########
  • 0

#5
Asentrik

Asentrik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Home [Admin rights]
Mode : Remove -- Date : 04/02/2013 22:02:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4574 : wscript.exe C:\Users\Home\AppData\Local\Temp\launchie.vbs //B -> DELETED
[TASK][SUSP PATH] Updater21804.exe : C:\Users\Home\AppData\Local\Updater21804\Updater21804.exe /extensionid=21804 /extensionname="Coupon Companion Plugin" /chromeid=jneaojaoiajhnemidnjhoempalnidbhj [x] -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD502IJ SCSI Disk Device +++++
--- User ---
[MBR] 5c0e84bfa4a3cc814e6f8ce6cb497185
[BSP] 4a91582a53e97278bb1754051a00314f : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 324195 Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 664160254 | Size: 152642 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[7]_D_04022013_02d2202.txt >>
RKreport[1]_S_04012013_02d2251.txt ; RKreport[2]_H_04012013_02d2251.txt ; RKreport[3]_PR_04012013_02d2251.txt ; RKreport[4]_DN_04012013_02d2251.txt ; RKreport[5]_SC_04012013_02d2300.txt ;
RKreport[6]_S_04022013_02d2200.txt ; RKreport[7]_D_04022013_02d2202.txt
  • 0

#6
Asentrik

Asentrik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I've also yet to mention that svchost.exe is acting strange. and so is cssrs.exe.
---ALSO---
I can't open windows firewall it give me this error below.
"Windows Firewall can't change some of your settings. Error code 0x8007042c"

Edited by Asentrik, 02 April 2013 - 09:25 PM.

  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Asentrik

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#8
Asentrik

Asentrik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello Gringo, I scanned at first and everything was okay I did a reboot It had trouble rebooting so I held the button down and tried again it booted then combofix came up and finished it gave me the log but i lost it due to it saying c:\windows\explorer.exe or anything i tried to pull up to save the text was marked for deletion. After I had logged in a minute ago spybot came up with over 20 different changes to the computer and it asked me to accept or decline i declined most of them, due to the unknown process.
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Asentrik

I would like to see the report so lets see if we can find the report this way.

Extra Combofix Report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok
  • copy and paste the report into this topic for me to review

Gringo
  • 0

#10
Asentrik

Asentrik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ComboFix 13-04-02.01 - Home 04/03/2013 14:43:20.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2116 [GMT -5:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20110311.txt
c:\cflog\CrashLog_20110313.txt
c:\cflog\CrashLog_20110316.txt
c:\cflog\CrashLog_20110317.txt
c:\cflog\CrashLog_20110321.txt
c:\cflog\CrashLog_20110323.txt
c:\cflog\CrashLog_20110329.txt
c:\cflog\CrashLog_20110405.txt
c:\cflog\CrashLog_20110406.txt
c:\cflog\CrashLog_20110408.txt
c:\cflog\CrashLog_20110413.txt
c:\cflog\CrashLog_20110414.txt
c:\cflog\CrashLog_20110415.txt
c:\cflog\CrashLog_20110417.txt
c:\cflog\CrashLog_20110425.txt
c:\cflog\CrashLog_20110703.txt
c:\cflog\CrashLog_20111116.txt
c:\cflog\CrashLog_20111129.txt
c:\cflog\CrashLog_20111208.txt
C:\install.exe
c:\users\Home\AppData\Local\assembly\tmp
c:\users\Home\AppData\Roaming\GetValue.vbs
c:\users\Home\FAP3BE2.tmp
c:\users\Home\FAPCCFD.tmp
c:\users\Home\FAPD22E.tmp
c:\users\Home\FAPFA0C.tmp
c:\users\Home\FAPFA8B.tmp
c:\windows\system\VI30AUT.DLL
c:\windows\SysWow64\html
c:\windows\SysWow64\images
c:\windows\SysWow64\System Files 32
.
.
((((((((((((((((((((((((( Files Created from 2013-03-03 to 2013-04-03 )))))))))))))))))))))))))))))))
.
.
2013-04-03 19:54 . 2013-04-03 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-03 19:54 . 2013-04-03 19:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-03 19:54 . 2013-04-03 19:54 -------- d-----w- c:\users\Splaph-PC\AppData\Local\temp
2013-04-03 00:32 . 2013-04-03 00:32 35 ----a-w- c:\users\Home\AppData\Roaming\SetValue.bat
2013-04-03 00:31 . 2013-04-03 00:34 3624 ----a-w- c:\windows\SysWow64\tmp.reg
2013-04-03 00:30 . 2009-06-02 16:17 75776 ----a-w- c:\windows\SysWow64\WS2Fix.exe
2013-04-03 00:30 . 2008-12-12 06:57 78336 ----a-w- c:\windows\SysWow64\Agent.OMZ.Fix.exe
2013-04-03 00:30 . 2008-11-29 23:58 82944 ----a-w- c:\windows\SysWow64\IEDFix.C.exe
2013-04-03 00:30 . 2008-10-01 20:51 87552 ----a-w- c:\windows\SysWow64\VACFix.exe
2013-04-03 00:30 . 2008-09-20 17:45 80384 ----a-w- c:\windows\SysWow64\o4Patch.exe
2013-04-03 00:30 . 2008-08-18 17:19 82432 ----a-w- c:\windows\SysWow64\404Fix.exe
2013-04-03 00:30 . 2008-05-19 02:40 82944 ----a-w- c:\windows\SysWow64\IEDFix.exe
2013-04-03 00:30 . 2007-09-06 05:22 289144 ----a-w- c:\windows\SysWow64\VCCLSID.exe
2013-04-03 00:30 . 2006-04-27 22:49 288417 ----a-w- c:\windows\SysWow64\SrchSTS.exe
2013-04-03 00:30 . 2004-07-31 23:50 51200 ----a-w- c:\windows\SysWow64\dumphive.exe
2013-04-03 00:30 . 2003-06-06 02:13 53248 ----a-w- c:\windows\SysWow64\Process.exe
2013-04-02 22:57 . 2013-04-02 22:57 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 18:12 . 2013-04-02 18:12 -------- d-----w- c:\users\Home\AppData\Local\ElevatedDiagnostics
2013-04-02 17:26 . 2013-04-02 17:26 -------- d-----w- c:\windows\ERUNT
2013-04-02 17:26 . 2013-04-02 17:26 -------- d-----w- C:\JRT
2013-04-02 07:09 . 2013-04-02 23:00 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-02 00:50 . 2013-04-02 00:50 -------- d-----w- c:\program files (x86)\Industriya
2013-04-02 00:50 . 2013-04-02 00:50 -------- d-----w- c:\users\Home\AppData\Roaming\Industriya
2013-03-29 08:01 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-03-24 09:23 . 2013-03-24 09:27 -------- d-----w- C:\[bleep]
2013-03-24 09:00 . 2013-03-24 09:02 -------- d-----w- c:\users\Home\AppData\Roaming\gnupg
2013-03-24 09:00 . 2013-03-24 09:00 -------- d-----w- c:\programdata\GNU
2013-03-24 08:41 . 2013-03-24 08:41 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-03-22 03:49 . 2013-03-22 10:57 -------- d-----w- C:\Cookiesvampirefreaks.com
2013-03-21 02:34 . 2013-03-21 02:34 -------- d-----w- c:\users\Home\AppData\Local\VPNium
2013-03-21 02:34 . 2013-04-02 22:48 -------- d-----w- c:\program files (x86)\VPNium
2013-03-20 22:02 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-16 06:45 . 2013-03-16 06:45 -------- d-----w- c:\program files (x86)\LOVE
2013-03-15 09:58 . 2013-03-15 09:58 -------- d-----w- c:\users\Home\AppData\Roaming\Process Hacker 2
2013-03-15 09:57 . 2013-03-15 09:57 -------- d-----w- c:\program files\Process Hacker 2
2013-03-15 09:56 . 2013-03-15 09:56 -------- d-----w- c:\users\Home\AppData\Roaming\QFX Software
2013-03-15 09:56 . 2013-03-15 09:56 -------- d-----w- c:\programdata\QFX Software
2013-03-15 09:56 . 2013-02-06 21:28 221720 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2013-03-15 09:56 . 2013-03-15 09:56 -------- d-----w- c:\program files (x86)\KeyScrambler
2013-03-15 09:20 . 2013-03-15 09:20 -------- d-----w- c:\program files (x86)\PhrozenSoft
2013-03-15 05:24 . 2013-03-15 05:24 -------- d-----w- c:\users\Home\AppData\Roaming\aPjaReoYXLwYuHVDUG
2013-03-15 03:09 . 2013-03-16 02:40 -------- d-----w- c:\users\Home\AppData\Roaming\X-Chat 2
2013-03-15 03:09 . 2013-03-15 03:09 -------- d-----w- c:\program files (x86)\xchat
2013-03-15 03:06 . 2013-03-15 03:06 -------- d-----w- c:\users\Home\AppData\Roaming\Hotspot Shield
2013-03-14 03:23 . 2013-04-03 01:35 -------- d-----w- c:\users\Home\AppData\Local\join.me
2013-03-13 08:03 . 2013-03-13 08:03 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-03-13 08:02 . 2013-03-13 08:02 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 08:02 . 2013-03-13 08:02 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-12 07:50 . 2013-03-12 07:50 -------- d-----w- c:\users\Home\AppData\Local\Garena
2013-03-09 06:56 . 2013-03-09 06:56 -------- dc----w- c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2013-03-09 06:55 . 2013-03-09 06:55 -------- dc----w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2013-03-09 01:19 . 2013-03-09 01:19 -------- d-----w- c:\users\Splaph-PC\AppData\Roaming\DAEMON Tools Lite
2013-03-09 01:18 . 2013-03-09 01:18 -------- d-----w- c:\users\Splaph-PC\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 05:17 . 2012-07-09 04:46 271872 ----a-w- c:\windows\SysWow64\upx.exe
2013-03-16 05:02 . 2012-07-09 04:42 412672 ----a-w- c:\windows\SysWow64\vbskpro.ocx
2013-03-13 08:06 . 2009-12-24 19:19 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 04:36 . 2012-06-15 12:32 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 04:36 . 2011-10-04 12:32 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-05 09:06 . 2012-06-30 04:32 2562208 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-03-04 05:32 . 2012-06-29 06:18 2479136 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-02-12 05:45 . 2013-03-13 02:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 02:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 02:33 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 02:33 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 02:33 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 02:33 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-10 13:47 . 2013-02-10 13:47 120976 ----a-w- c:\windows\system32\KeyScramblerLogon.dll
2013-01-17 06:28 . 2009-12-24 17:49 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-12 01:12 . 2013-01-12 01:12 35840 ----a-w- c:\windows\SysWow64\comdlg32.oca
2013-01-09 02:02 . 2013-01-09 02:02 267776 ----a-w- c:\windows\SysWow64\Mscomctl.oca
2013-01-09 01:58 . 2013-01-09 01:58 240128 ----a-w- c:\windows\SysWow64\comctl32.oca
2013-01-09 01:58 . 2013-01-09 01:58 64000 ----a-w- c:\windows\SysWow64\RICHTX32.oca
2013-01-09 01:46 . 2013-01-09 01:46 22016 ----a-w- c:\windows\SysWow64\Mswinsck.oca
2013-01-05 05:53 . 2013-02-13 01:16 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 01:16 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 01:16 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-05 03:48 . 2013-01-05 03:48 42328 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-01-04 05:46 . 2013-02-13 01:01 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 01:01 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 01:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 01:09 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 01:01 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 01:01 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 01:01 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 01:01 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}]
2013-03-25 15:14 251288 ----a-w- c:\program files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{4ED07CEF-6970-48F6-A457-BC93B0C6BB46}"= "c:\program files (x86)\Panopreter Plus\IEToolbar.dll" [2011-01-04 1658880]
.
[HKEY_CLASSES_ROOT\clsid\{4ed07cef-6970-48f6-a457-bc93b0c6bb46}]
[HKEY_CLASSES_ROOT\IEToolbar.StockBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{C0C9EB39-D9A2-4121-9605-309E28D80F55}]
[HKEY_CLASSES_ROOT\IEToolbar.StockBar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2013-01-21 1251064]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\users\Home\Downloads\uTorrent.exe" [2012-06-10 880528]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-15 1597864]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-06-17 694032]
"Proxifier"="c:\program files (x86)\proxifier\proxifier.exe" [2012-11-21 4074600]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2013-02-10 534160]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-05-05 1306]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
.
c:\users\Home\Documents\Startup\
Dropbox.lnk - c:\users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2011-2-2 738968]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-6-4 6271376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"NoControlPanel"="0"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\Home\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2012-09-25 21608]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 LENDIG;LENDIG;c:\windows\LENDIG.sys [2006-09-14 2240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [2010-04-21 22120]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-09-25 743320]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1255736]
R3 X6va003;X6va003;c:\users\Home\AppData\Local\Temp\0031B0E.tmp [x]
R3 X6va005;X6va005;c:\users\Home\AppData\Local\Temp\005C7E1.tmp [x]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-06-05 28192]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-10-04 834544]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-24 283200]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-24 41704]
S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [2012-06-27 26256]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/03/14 10:08];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-01-07 22:11 146928]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-07-24 474992]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-07-24 387440]
S2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files (x86)\Icecast2 Win32\icecastService.exe [2008-05-24 417792]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-10-12 5739008]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-02-26 3560800]
S2 wfcs;Windows Firewall Control Service;c:\program files\Windows Firewall Control\wfcs.exe [2012-08-13 141464]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-12-16 101376]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2013-02-06 221720]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-05 42328]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 04:36]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 13:10]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-03 13:10]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3394970204-3036101845-2700764691-1001Core.job
- c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 19:18]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3394970204-3036101845-2700764691-1001UA.job
- c:\users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 19:18]
.
2013-04-03 c:\windows\Tasks\ReclaimerUpdateFiles_Home.job
- c:\users\Home\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-02 22:47]
.
2013-04-03 c:\windows\Tasks\ReclaimerUpdateXML_Home.job
- c:\users\Home\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-02 22:47]
.
2013-04-03 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Home.job
- c:\users\Home\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-04-02 22:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Home\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-06-04 21:17 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-06-04 21:17 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with &Media Finder
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: Interfaces\{78B3C496-7BF3-40B9-B0D9-216202DEA90E}: NameServer = 8.8.8.8
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\l18miaid.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://searchou.com/?id=287e896100000000000000ff6d68bda8
FF - prefs.js: keyword.URL - hxxp://searchou.com/?q={searchTerms}&id=287e896100000000000000ff6d68bda8
FF - ExtSQL: 2013-02-20 18:11; afurladvisor@anchorfree.com; c:\program files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Tango - c:\program files (x86)\Tango\Tango.exe
Wow6432Node-HKCU-Run-Skype - c:\program files (x86)\Skype\Phone\Skype.exe
Wow6432Node-HKLM-Run-RoxWatchTray - c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
Wow6432Node-HKLM-Run-avast - c:\program files\AVAST Software\Avast\avastUI.exe
Wow6432Node-HKLM-Run-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
Notify-WB - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{30AA252E-B1DF-4AA2-9C5E-194C67A7C623} - (no file)
WebBrowser-{51FCF544-34E1-47E6-B661-FBC5280C2E74} - (no file)
AddRemove-Coupon Companion Plugin - c:\program files (x86)\Coupon Companion Plugin\Uninstall.exe
AddRemove-FL Studio 10 - c:\program files (x86)\Image-Line\FL Studio 10\uninstall.exe
AddRemove-GetSavin - c:\users\Home\AppData\Local\getsavin\uninst.exe
AddRemove-IL Download Manager - c:\program files (x86)\Image-Line\Downloader\uninstall.exe
AddRemove-SP_008a99b9 - c:\program files (x86)\MagniPic\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Home\AppData\Local\Temp\0031B0E.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Home\AppData\Local\Temp\005C7E1.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14,
9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,38,12,ab,c5,1e,
a0,e2,37,c6,09,de,93,cc,b9,8c,f1,55,01
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:90,ba,d1,3f,45,44,cd,01
.
[HKEY_USERS\S-1-5-21-3394970204-3036101845-2700764691-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3394970204-3036101845-2700764691-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3394970204-3036101845-2700764691-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3394970204-3036101845-2700764691-1001)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\notepad++.exe"
.
[HKEY_USERS\S-1-5-21-3394970204-3036101845-2700764691-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3394970204-3036101845-2700764691-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3394970204-3036101845-2700764691-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-3394970204-3036101845-2700764691-1001)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\Photoshop.exe"
.
[HKEY_USERS\S-1-5-21-3394970204-3036101845-2700764691-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3394970204-3036101845-2700764691-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3394970204-3036101845-2700764691-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3394970204-3036101845-2700764691-1001)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3394970204-3036101845-2700764691-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-3394970204-3036101845-2700764691-1001)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\notepad++.exe"
.
[HKEY_USERS\S-1-5-21-3394970204-3036101845-2700764691-1001\Software\SecuROM\License information*]
"datasecu"=hex:d8,5a,ef,c5,ff,a9,ec,92,f6,13,a1,c6,f3,98,91,b7,ca,54,62,b8,68,
ed,b9,17,fd,39,09,02,bf,12,4d,8a,65,5d,a8,1a,5b,dc,2d,43,55,2b,2c,0f,a4,cd,\
"rkeysecu"=hex:a8,a4,38,57,17,6e,d3,d2,ff,ed,ef,f5,73,3a,50,41
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-04-03 15:07:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-03 20:07
.
Pre-Run: 7,672,901,632 bytes free
Post-Run: 7,059,812,352 bytes free
.
- - End Of File - - 2D84F9C6E338B153E611E4F76CF08715
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Asentrik

after each step please give me a status update so I have an idea of how things are going

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

When you are complete please send me both reports

Gringo
  • 0

#12
Asentrik

Asentrik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.1 (04.03.2013:1)
OS: Windows 7 Home Premium x64
Ran by Home on Wed 04/03/2013 at 22:48:42.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{4ed07cef-6970-48f6-a457-bc93b0c6bb46}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{5911488e-9d1e-40ec-8cbb-06b231cc153f}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{9d425283-d487-4337-bab6-ab8354a81457}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\download with &media finder
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{1acb5abe-4890-4747-952c-f13bdb93fb75}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{1acb5abe-4890-4747-952c-f13bdb93fb75}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{4ed07cef-6970-48f6-a457-bc93b0c6bb46}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{c138e836-7a11-45fb-bfbc-6e8da804570a}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{f9e4a054-e9b1-4bc3-83a3-76a1ae736170}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{fa00f2f0-1c38-4d44-be4f-42be62e794af}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{83b5dc4e-8b4c-4cd3-a48a-5fd9f95cc34f}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Home\AppData\Roaming\industriya"
Successfully deleted: [Folder] "C:\Users\Home\appdata\locallow\industriya"
Successfully deleted: [Folder] "C:\Program Files (x86)\industriya"
Successfully deleted: [Folder] "C:\Program Files (x86)\panopreter plus"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\privatesearch.xml"
Successfully deleted: [File] C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\l18miaid.default\searchplugins\privitize.xml
Successfully deleted: [Folder] C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\l18miaid.default\extensions\superfish@superfish.com
Successfully deleted the following from C:\Users\Home\AppData\Roaming\mozilla\firefox\profiles\l18miaid.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://searchou.com/?id=287e896100000000000000ff6d68bda8");
user_pref("keyword.URL", "hxxp://searchou.com/?q={searchTerms}&id=287e896100000000000000ff6d68bda8");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/03/2013 at 23:00:46.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
did you run the second scan and how are things doing now?


gringo
  • 0

#14
Asentrik

Asentrik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-03 23:41:25
-----------------------------
23:41:25.248 OS Version: Windows x64 6.1.7601 Service Pack 1
23:41:25.248 Number of processors: 4 586 0x170A
23:41:25.249 ComputerName: TOUCH-PC UserName: Home
23:41:29.045 Initialize success
00:04:17.872 AVAST engine defs: 13040301
00:07:53.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000008f
00:07:53.795 Disk 0 Vendor: SAMSUNG_ 1AA0 Size: 476940MB BusType: 3
00:07:53.807 Disk 0 MBR read successfully
00:07:53.809 Disk 0 MBR scan
00:07:53.813 Disk 0 unknown MBR code
00:07:53.822 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:07:53.833 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 324195 MB offset 206848
00:07:53.838 Disk 0 Partition - 00 05 Extended 152642 MB offset 664160254
00:07:53.858 Disk 0 Partition 3 00 83 Linux 148804 MB offset 664160256
00:07:53.863 Disk 0 Partition - 00 05 Extended 3837 MB offset 968912280
00:07:53.910 Disk 0 scanning C:\Windows\system32\drivers
00:08:03.933 Service scanning
00:08:29.725 Modules scanning
00:08:29.726 Disk 0 trace - called modules:
00:08:29.734 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80043dd2c0]<<spgk.sys storport.sys hal.dll nvstor64.sys
00:08:29.735 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004766060]
00:08:29.735 3 CLASSPNP.SYS[fffff88001b6d43f] -> nt!IofCallDriver -> [0xfffffa80044bbe40]
00:08:29.735 5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\0000008f[0xfffffa80044bc060]
00:08:29.735 \Driver\nvstor64[0xfffffa8004493570] -> IRP_MJ_CREATE -> 0xfffffa80043dd2c0
00:08:31.253 AVAST engine scan C:\Windows
00:08:35.945 AVAST engine scan C:\Windows\system32
00:14:49.100 AVAST engine scan C:\Windows\system32\drivers
00:15:01.731 AVAST engine scan C:\Users\Home
00:23:37.819 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
00:23:37.828 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
  • 0

#15
Asentrik

Asentrik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I'd also like to mention I have dual booted Linux mint on my harddrive.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP