Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Free Ride Malware Problems [Solved]


  • This topic is locked This topic is locked

#1
Annoyance

Annoyance

    Member

  • Member
  • PipPip
  • 84 posts
Hi

This is rather annoying .. anyway seems I have been caught with this while trying to find something similar to firefox's adblock plus for my internet explorer i thought i had found one here :

http://download.cnet...4-75650179.html

**** WARNING DO NOT CLICK HERE INSTALLS MALWARE ****


That link then installs games and a whole lot of other junk : browser protect .. mixdj toolbar i think i called delta something but have no idea exactly I think the 2 scans i ran got most of it but how much is left i dunno that is why i am here :-)


run malwarebytes quick scan also ran AdwCleaner results below

Malwarebytes Anti-Malware 1.75.0.1300


OTL logfile created on: 19/04/13 01:59:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yy

1.75 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 42.44% Memory free
3.50 Gb Paging File | 2.14 Gb Available in Paging File | 61.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 219.25 Gb Free Space | 49.14% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 1332.92 Gb Free Space | 71.55% Space Free | Partition Type: NTFS

Computer Name: FAMILY2 | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/19 01:58:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2013/04/15 05:36:13 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/04/12 18:10:28 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/02/19 23:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2010/02/09 16:43:16 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/15 05:36:13 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/04/12 18:10:28 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/11/08 00:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/09/24 23:21:12 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/01/31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/12/13 15:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/12 18:10:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/09 04:16:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/06 03:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/19 23:32:20 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/05/04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/07 00:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/07 00:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/07 00:33:21 | 000,178,624 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/07 00:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/07 00:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/07 00:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/07 00:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/07 00:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/02/22 02:53:00 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/01/05 12:22:08 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/26 17:06:20 | 000,010,560 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gwmvid.sys -- (gwmvid)
DRV:64bit: - [2011/09/23 10:20:10 | 000,010,048 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gwrdmir.sys -- (gwrdmir)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/21 04:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/11 01:11:00 | 001,924,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2010/09/01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/08/12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/11 08:05:00 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV - [2012/08/02 14:57:30 | 000,056,136 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys -- (X5XSEx_Pr143)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
IE - HKLM\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://mixidj.delta-...0CCC43DC7C518F9
IE - HKCU\..\SearchScopes\{A648826E-EF48-42A2-BC78-71BBB329825F}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{F8305D7D-CF69-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{F8305D7D-CF79-465a-9003-813C6013A702}: "URL" = http://x2t.com/search/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: autorefresh%40plugin:1.0.2
FF - prefs.js..extensions.enabledAddons: CNT%40ednovak.net:1.6.5
FF - prefs.js..extensions.enabledAddons: extensionlistdumper%40sogame.cat:1.15.2
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:9.0
FF - prefs.js..extensions.enabledAddons: new-tabs-at-end%40forerunnerdesigns.com:1.0
FF - prefs.js..extensions.enabledAddons: %7BE10A6337-382E-4FE6-96DE-936ADC34DD04%7D:1.4.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Paul\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/23 00:29:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/23 00:29:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/15 05:36:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/15 05:36:09 | 000,000,000 | ---D | M]

[2011/09/27 20:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2013/04/19 01:45:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions
[2013/04/16 20:12:54 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013/04/16 20:24:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/04/19 01:23:53 | 000,000,000 | ---D | M] (MixiDJ Toolbar) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
[2013/04/16 20:00:58 | 000,036,763 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
[2013/04/16 20:01:53 | 000,006,329 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
[2013/04/16 20:06:44 | 000,075,035 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
[2013/04/16 20:20:58 | 000,001,316 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
[2013/04/18 22:32:11 | 000,340,614 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
[2013/04/16 20:14:34 | 000,091,139 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
[2013/04/19 01:11:00 | 000,082,702 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
[2013/04/16 19:59:41 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/16 20:21:47 | 000,048,903 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
[2013/04/16 22:28:52 | 000,002,613 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\searchplugins\amazon-united-kingdom-search-suggestions.xml
[2013/04/19 01:23:55 | 000,001,296 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\searchplugins\mixidj.xml
[2013/04/15 05:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/15 05:36:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/23 00:28:35 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/06/20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013/03/27 03:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/27 03:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/03 02:20:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2B171655-A70C-5C18-B693-6CB5DC269D41} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {76392179-60A8-462D-8961-B95C14DAADF4} https://billcentre.v...printengine.cab (PrintEngine ActiveX Control v4.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44055834-2D33-4D31-9C31-EF5A32CB5F17}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\SYSTEM32\GUARD64.DLL) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\syswow64\guard32.dll) - c:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/29 06:52:30 | 000,000,035 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/19 01:58:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2013/04/19 01:24:26 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[2013/04/19 01:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MGTEK
[2013/04/19 01:24:18 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\CRMixiDJTB
[2013/04/19 01:24:11 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2013/04/19 01:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mixidj
[2013/04/19 01:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
[2013/04/19 01:23:47 | 000,057,824 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
[2013/04/19 01:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Ride Games
[2013/04/19 00:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/18 00:13:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\GoforFiles
[2013/04/17 20:17:55 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{9D6FE59B-EEB6-42D4-8FC5-4A5B01FCBFBF}
[2013/04/16 23:53:54 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Opera
[2013/04/16 23:53:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Opera
[2013/04/16 23:47:13 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{E87F7F12-F08E-40A0-A299-5E09094CF56B}
[2013/04/16 23:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TubeDigger
[2013/04/16 23:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TubeDigger
[2013/04/16 19:56:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Old Firefox Data
[2013/04/16 19:26:55 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{FEF00C07-BA25-4084-BD9E-D742FE663BD4}
[2013/04/15 19:27:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{7454153E-29ED-471C-AAC4-3442668B5A19}
[2013/04/15 05:36:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/15 00:20:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Adobe
[2013/04/14 20:59:17 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{BF97622A-26C3-45F6-8979-D04F63027F39}
[2013/04/13 07:41:41 | 000,944,640 | ---- | C] (Parmavex Services) -- C:\Users\Paul\Desktop\WinAudit.exe
[2013/04/12 03:34:39 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\aignes
[2013/04/12 03:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AM-DeadLink
[2013/04/12 03:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AM-DeadLink
[2013/04/11 17:30:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Sidebar
[2013/04/11 17:25:43 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{2F936D93-96CE-4ED1-802F-38108328C27D}
[2013/04/07 16:58:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{D2ED6022-EA67-4DE1-80AD-D5A551459EC5}
[2013/04/07 04:18:07 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{8911B142-F560-4152-B45E-9ADBFE09E2CE}
[2013/04/06 15:09:43 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{8973C417-C230-4D08-AA9D-1A9823C6C8C4}
[2013/04/05 14:17:50 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{11D80FAA-4973-496C-B4E6-436914212D96}
[2013/04/04 22:49:08 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{3BF673BF-C92E-4921-8581-15BE7EDC6739}
[2013/04/03 15:15:22 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{F7550417-112F-45E9-9FAC-197C2A81BFE9}
[2013/04/02 22:49:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{C797CA92-EF67-49C0-BCAD-B1160DA9A04D}
[2013/03/31 22:59:58 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{BBA346C4-A63E-44E5-BB78-831CDADA6529}
[2013/03/30 03:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/03/29 20:39:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{8CEC2FBC-F868-4A1F-AA25-EFB0B9ECE357}
[2013/03/28 18:57:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{A3419758-5F86-470F-8EA6-172A224A31EC}
[2013/03/27 15:29:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Sensory
[2013/03/27 15:29:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Sensory
[2013/03/27 00:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2013/03/27 00:11:09 | 000,145,448 | ---- | C] (SafeNet, Inc.) -- C:\Windows\SysNative\drivers\sentinel64.sys
[2013/03/27 00:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel
[2013/03/27 00:11:01 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/03/27 00:10:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\HJSMEM
[2013/03/27 00:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\Freedom Scientific
[2013/03/26 22:09:48 | 000,056,320 | ---- | C] (The Linux Foundation) -- C:\Windows\SysWow64\iaccessible2proxy.dll
[2013/03/25 23:47:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{323E1109-9006-481F-84C8-5F69A5E4E5DD}
[2013/03/25 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{06E36BF6-ECBE-4C40-AE10-240A09E0DA14}
[2013/03/25 00:04:44 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{C4B66A8C-E482-4D37-975C-9E144BB95021}
[2013/03/24 02:07:46 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{D4FF415E-4C91-46A8-BFE2-5BBC27A8E69D}
[2013/03/23 02:09:28 | 000,354,656 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2013/03/23 00:30:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\RealNetworks
[2013/03/23 00:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/03/23 00:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/03/23 00:28:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared

========== Files - Modified Within 30 Days ==========

[2013/04/19 01:58:37 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/19 01:58:37 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/19 01:58:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2013/04/19 01:53:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/19 01:53:18 | 1408,786,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/19 01:52:00 | 000,001,089 | ---- | M] () -- C:\Users\Paul\Desktop\Play 7 Wonders II.lnk
[2013/04/19 01:43:31 | 000,613,083 | ---- | M] () -- C:\Users\Paul\Desktop\AdwCleaner.exe
[2013/04/19 01:29:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/19 01:24:18 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Play Free Games.lnk
[2013/04/19 01:24:18 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\More FREE games.lnk
[2013/04/19 01:24:16 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2013/04/19 01:04:02 | 519,327,351 | ---- | M] () -- C:\Users\Paul\Desktop\By.Rulez.WM.2013.04.17.HDTV.mp4
[2013/04/19 00:51:28 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/19 00:10:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000UA.job
[2013/04/18 00:33:32 | 000,000,222 | ---- | M] () -- C:\Users\Paul\.swfinfo
[2013/04/16 23:43:22 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\TubeDigger.lnk
[2013/04/16 15:10:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000Core.job
[2013/04/15 19:26:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/04/15 08:30:35 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/15 08:30:35 | 000,664,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/15 08:30:35 | 000,125,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/15 06:10:29 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/15 05:47:36 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/15 05:47:36 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/15 05:35:02 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/15 05:04:04 | 000,001,401 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/15 04:54:26 | 000,001,426 | ---- | M] () -- C:\Users\Paul\Desktop\Internet Explorer.lnk
[2013/04/15 01:45:17 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/04/15 01:45:17 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/15 01:44:57 | 000,061,447 | ---- | M] () -- C:\Users\Paul\Desktop\Step 3.jpg
[2013/04/15 01:43:51 | 000,063,620 | ---- | M] () -- C:\Users\Paul\Desktop\Step 2.jpg
[2013/04/15 01:39:45 | 000,043,176 | ---- | M] () -- C:\Users\Paul\Desktop\Step 1.jpg
[2013/04/14 00:28:38 | 513,447,468 | ---- | M] () -- C:\Users\Paul\Desktop\By.Rulez.T.X.N.2013.04.11.HDTV.mp4
[2013/04/13 07:13:31 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/04/12 03:33:35 | 000,000,992 | ---- | M] () -- C:\Users\Paul\Desktop\AM-DeadLink.lnk
[2013/04/10 21:20:54 | 000,347,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/05 00:32:30 | 500,669,759 | ---- | M] () -- C:\Users\Paul\Desktop\By.Rulez.T.X.N.2013.04.04.HDTV.mp4
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/31 22:11:44 | 000,000,196 | ---- | M] () -- C:\Users\Paul\Desktop\Tesco Groceries.url
[2013/03/30 03:13:20 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/03/28 20:43:41 | 000,000,192 | ---- | M] () -- C:\Users\Paul\Desktop\My Fitness Pal.url
[2013/03/27 15:28:13 | 000,742,333 | ---- | M] () -- C:\Users\Paul\Documents\Thunder Manual Large.pdf
[2013/03/27 00:29:20 | 000,000,218 | ---- | M] () -- C:\Windows\SysWow64\nfmonko.tgz
[2013/03/24 21:43:05 | 100,540,239 | ---- | M] () -- C:\Users\Paul\Desktop\Eastenders 7th January 2013.mp4
[2013/03/23 02:09:28 | 000,354,656 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2013/03/23 00:29:41 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/03/23 00:28:27 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

========== Files Created - No Company Name ==========

[2013/04/19 01:43:31 | 000,613,083 | ---- | C] () -- C:\Users\Paul\Desktop\AdwCleaner.exe
[2013/04/19 01:24:26 | 000,001,089 | ---- | C] () -- C:\Users\Paul\Desktop\Play 7 Wonders II.lnk
[2013/04/19 01:24:18 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Play Free Games.lnk
[2013/04/19 01:24:18 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\More FREE games.lnk
[2013/04/19 01:24:16 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/04/19 00:51:28 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/19 00:44:29 | 519,327,351 | ---- | C] () -- C:\Users\Paul\Desktop\By.Rulez.WM.2013.04.17.HDTV.mp4
[2013/04/17 00:31:03 | 000,000,222 | ---- | C] () -- C:\Users\Paul\.swfinfo
[2013/04/16 23:43:22 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\TubeDigger.lnk
[2013/04/15 05:47:36 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/15 05:47:36 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/15 01:44:57 | 000,061,447 | ---- | C] () -- C:\Users\Paul\Desktop\Step 3.jpg
[2013/04/15 01:43:51 | 000,063,620 | ---- | C] () -- C:\Users\Paul\Desktop\Step 2.jpg
[2013/04/15 01:39:45 | 000,043,176 | ---- | C] () -- C:\Users\Paul\Desktop\Step 1.jpg
[2013/04/14 00:06:48 | 513,447,468 | ---- | C] () -- C:\Users\Paul\Desktop\By.Rulez.T.X.N.2013.04.11.HDTV.mp4
[2013/04/12 03:33:35 | 000,000,992 | ---- | C] () -- C:\Users\Paul\Desktop\AM-DeadLink.lnk
[2013/04/11 17:30:31 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2013/04/05 00:15:06 | 500,669,759 | ---- | C] () -- C:\Users\Paul\Desktop\By.Rulez.T.X.N.2013.04.04.HDTV.mp4
[2013/03/31 22:09:22 | 000,000,196 | ---- | C] () -- C:\Users\Paul\Desktop\Tesco Groceries.url
[2013/03/30 03:13:20 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/03/28 20:40:01 | 000,000,192 | ---- | C] () -- C:\Users\Paul\Desktop\My Fitness Pal.url
[2013/03/27 15:28:12 | 000,742,333 | ---- | C] () -- C:\Users\Paul\Documents\Thunder Manual Large.pdf
[2013/03/24 21:38:54 | 100,540,239 | ---- | C] () -- C:\Users\Paul\Desktop\Eastenders 7th January 2013.mp4
[2013/03/23 00:29:41 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/02/10 10:25:18 | 000,001,488 | ---- | C] () -- C:\Users\Paul\AppData\Local\recently-used.xbel
[2013/01/09 09:37:16 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\tcjpaut.dll
[2013/01/09 09:37:16 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\nfmonko.dll
[2013/01/09 09:37:16 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\v8sos1h.dll
[2012/09/11 23:37:27 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/07/22 02:46:04 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/03/29 14:53:06 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\MobOlExt.dll
[2012/03/19 15:24:47 | 000,020,992 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/22 14:43:51 | 000,000,288 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\.backup.dm
[2011/09/29 17:13:13 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/29 17:08:52 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/09/28 21:31:14 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/09/28 21:31:14 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/09/28 21:19:10 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/09/28 11:48:24 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\532E1276CB.sys
[2011/09/28 11:48:22 | 000,005,018 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/09/27 23:37:41 | 000,764,774 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/12 03:34:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\aignes
[2011/09/28 08:18:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AnvSoft
[2013/01/31 00:32:25 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Audacity
[2012/08/31 18:25:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\calibre
[2013/04/19 01:24:19 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CRMixiDJTB
[2013/02/06 00:19:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DVDVideoSoft
[2013/02/07 09:06:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FLVPlayer4Free
[2012/04/05 05:03:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FVDIEPlugin
[2011/11/02 08:06:46 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo
[2013/04/18 00:24:01 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GoforFiles
[2012/01/15 08:53:03 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\IrfanView
[2011/09/27 14:27:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OEM
[2013/04/17 00:12:30 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Opera
[2013/02/28 04:06:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Orbit
[2013/02/28 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ProgSense
[2012/05/02 00:03:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\SanDisk SecureAccess
[2012/05/13 19:00:43 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ScanSoft
[2013/03/27 15:29:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Sensory
[2011/10/11 21:45:34 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Thunderbird
[2013/04/14 21:31:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\uTorrent
[2011/10/04 00:10:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Windows Live Writer
[2012/03/29 03:24:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Xilisoft Corporation
[2012/05/13 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 19/04/13 01:59:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yy

1.75 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 42.44% Memory free
3.50 Gb Paging File | 2.14 Gb Available in Paging File | 61.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 219.25 Gb Free Space | 49.14% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 1332.92 Gb Free Space | 71.55% Space Free | Partition Type: NTFS

Computer Name: FAMILY2 | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0163D49C-D3BD-4E15-A621-720056421B14}" = rport=139 | protocol=6 | dir=out | app=system |
"{02702671-4B50-4EF8-840F-8A7EE2929F35}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BEC96EB-125E-410D-9ABD-70977EAB5E67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FF0FCB4-15DB-4CAA-A260-5EE0F65DA340}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A76CE91-8249-47F0-BADD-D44A8D423854}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5461BAE0-0CA4-40A7-899A-7624228BC808}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6B39A4FF-D2C4-4C8E-8275-43628C2AFB6B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71A94DF5-A26E-41F0-8DEA-08654B295312}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{73631E04-1E92-4C86-9D22-48CC8AAD4045}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{75FF0530-8CA7-49DC-B49E-E49DEF6A75D7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{78D4A119-E0E7-4480-95DB-095D96B24FCF}" = lport=137 | protocol=17 | dir=in | app=system |
"{7C1E75FB-8C54-4C08-94C7-310AEF361490}" = lport=139 | protocol=6 | dir=in | app=system |
"{7D688CF9-771D-49AC-9602-5FD8BEB5ACD7}" = lport=138 | protocol=17 | dir=in | app=system |
"{83D00D4D-5257-4032-B857-18E2E6A9A73F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8956BAE2-7D35-446F-9190-3D8D8ECE6FD6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B2EEFEB-1958-4BC4-82F2-3CE2A74F5829}" = rport=138 | protocol=17 | dir=out | app=system |
"{A9ACF53C-073D-4D60-9947-A86E3ADDAD23}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B82EF25D-1563-4276-B9BD-364025AB7DD6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BACC00E9-AC28-4BFB-B9B2-7E45BB70CA34}" = rport=445 | protocol=6 | dir=out | app=system |
"{BC994478-27B3-4FF6-84D2-E2B011CC80AB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C92A5CBF-5930-4180-BCF2-1109DAA58B20}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9133506-F517-4968-8ECE-87881D170422}" = lport=445 | protocol=6 | dir=in | app=system |
"{E8308B3F-16CF-4E8D-994A-5B6DE9B0F2A6}" = rport=137 | protocol=17 | dir=out | app=system |
"{F1082783-051D-47E8-91EE-D52400A7E25C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013FD2B7-C642-4974-96B5-E2DFE048A6F1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{03B46737-A0E7-4BB0-828B-1F6EB34CC213}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0C03303D-1750-4362-9A5A-BCE4932BDF4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0CCDBC61-BBCE-4A4A-9CF1-74CF6CFA40CB}" = dir=in | app=c:\users\paul\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{15D36DE8-5DF7-4573-89A5-FF5DBE741E65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{246216D7-3D5C-4861-A135-81996157A837}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2E64C241-870C-492B-96AE-BED84AA37C90}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{3DF89E6D-E488-4FA2-BDCB-C754544549C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{488A4E50-791E-487B-952B-E18D76B8BCE9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{49B87C34-B333-4A69-9833-AB4AF3F146C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4FED6BD9-6BA8-4616-A979-ADD2761E23A0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{524B32E3-CCBE-4B34-9C4F-C23BB86195D2}" = protocol=58 | dir=in | [email protected],-28545 |
"{528F2994-236E-415D-A554-E70F91AB6C77}" = protocol=1 | dir=out | [email protected],-28544 |
"{57D7CC2F-BB0B-4522-825B-2FD3A6616294}" = protocol=6 | dir=out | app=system |
"{5A4B5C34-DBD8-4557-B7FB-02A254B1835F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{689025ED-251D-4D90-BDFF-9020CE4E113F}" = protocol=58 | dir=out | [email protected],-28546 |
"{6C1BEB8A-3289-42D0-9A31-B1008325E92E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{73DC9721-0AD6-4DDF-BD4B-9638E962FC18}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{74F9A5C4-011E-43AD-9308-CB2984ED05F3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{785AE3D4-1D00-4CC8-97BF-47D27A85D6A3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{790A81CC-11C1-4D55-A9ED-AECA0F17ACB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CB18418-BCCF-4CD7-A6F5-CA29E1E84C08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{865FF30D-0FF7-4804-850D-444F89D6868A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8EFEAA31-0B34-45A6-9255-F7FF0E11AF11}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{920F30A2-8628-4A29-9AF3-0C5E9C497A43}" = protocol=17 | dir=in | app=c:\program files (x86)\tubedigger\tubedigger.exe |
"{A663F15C-A7F5-47AF-9629-3C5A9EBD5F63}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A7D5EAB6-310E-4D40-85CE-A154CC21C68F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{AFDCCF08-CC07-4B07-8DEA-78899F2737FA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{C10887A3-71BE-44E1-818E-DE8BBF33D004}" = protocol=6 | dir=in | app=c:\program files (x86)\tubedigger\tubedigger.exe |
"{CAE9E145-BEB2-4F96-A4B2-AC8E29ECB6CA}" = protocol=17 | dir=in | app=c:\program files\freedom scientific\activator\1.1\fsactivate.exe |
"{CBDE7260-3528-45CC-AB78-8795F2199FD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0ACE433-9AA4-427E-A346-79517270E5C1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{D0AEC83C-E9C3-4715-86F2-090C221903F7}" = protocol=1 | dir=in | [email protected],-28543 |
"{D881DAEA-1E28-4943-8872-3F695F486116}" = protocol=6 | dir=in | app=c:\program files\freedom scientific\activator\1.1\fsactivate.exe |
"{E341C8C0-71CA-4A59-BDC8-B0268B7AD2C2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{E8FE8C34-4F1F-4BEB-A553-36994A7A140E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3AD0662-3D0E-4034-B138-0AF66B131023}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4D1DFE4-036A-42EB-9375-541B65250CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{F566D95F-C54C-4D00-A5BF-54A5A3751C4A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{FABA302A-A46F-4D31-BED0-C4799370D672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEF3BDB1-1126-4359-8971-8843663A0763}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D617DF82-6046-44EB-AD4A-D3423319E12C}" = Geosense for Windows
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E3745C1-674D-4B2E-B8F7-3F4088950ED7}_is1" = TubeDigger 4.4.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite DCP-J715W
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B49962AF-CAB9-44DE-8729-A4369F44BA0D}" = MixiDJ Chrome Toolbar
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}" = Sentinel System Driver Installer 7.5.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"aignesamdeadlink_is1" = AM-DeadLink 4.6
"ALCATEL PC Suite_is1" = ALCATEL PC Suite V6.3.28
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"DVDStyler_is1" = DVDStyler v2.3
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"ESET Online Scanner" = ESET Online Scanner v3
"exent_586350" = 7 Wonders II
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 4.8.0.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"mixidj" = MixiDJ Toolbar
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"sl-dlca" = SelectionLinks
"SnagIt7" = SnagIt 7
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16/04/13 07:01:07 | Computer Name = Family2 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 17/04/13 13:56:11 | Computer Name = Family2 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 17/04/13 13:57:19 | Computer Name = Family2 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 17/04/13 13:57:28 | Computer Name = Family2 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 17/04/13 22:46:26 | Computer Name = Family2 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 17/04/13 22:47:44 | Computer Name = Family2 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 17/04/13 22:47:54 | Computer Name = Family2 | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 18/04/13 20:24:27 | Computer Name = Family2 | Source = Application on Demand - GPlayer | ID = 0
Description =

Error - 18/04/13 20:53:55 | Computer Name = Family2 | Source = ESENT | ID = 494
Description = taskhost (2920) WebCacheLocal: Database recovery failed with error
-1216 because it encountered references to a database, 'C:\Users\Paul\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat',
which is no longer present. The database was not brought to a Clean Shutdown state
before it was removed (or possibly moved or renamed). The database engine will
not permit recovery to complete for this instance until the missing database is
re-instated. If the database is truly no longer available and no longer required,
procedures for recovering from this error are available in the Microsoft Knowledge
Base or by following the "more information" link at the bottom of this message.

Error - 18/04/13 20:53:55 | Computer Name = Family2 | Source = ESENT | ID = 454
Description = taskhost (2920) WebCacheLocal: Database recovery/restore failed with
unexpected error -1216.

[ System Events ]
Error - 18/04/13 20:38:07 | Computer Name = Family2 | Source = Service Control Manager | ID = 7003
Description = The Net.Msmq Listener Adapter service depends the following service:
msmq. This service might not be installed.

Error - 18/04/13 20:38:07 | Computer Name = Family2 | Source = Service Control Manager | ID = 7003
Description = The Net.Pipe Listener Adapter service depends the following service:
was. This service might not be installed.

Error - 18/04/13 20:38:07 | Computer Name = Family2 | Source = Service Control Manager | ID = 7001
Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
Service service which failed to start because of the following error: %%1058

Error - 18/04/13 20:46:34 | Computer Name = Family2 | Source = Service Control Manager | ID = 7003
Description = The Net.Msmq Listener Adapter service depends the following service:
msmq. This service might not be installed.

Error - 18/04/13 20:46:34 | Computer Name = Family2 | Source = Service Control Manager | ID = 7003
Description = The Net.Pipe Listener Adapter service depends the following service:
was. This service might not be installed.

Error - 18/04/13 20:46:34 | Computer Name = Family2 | Source = Service Control Manager | ID = 7001
Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
Service service which failed to start because of the following error: %%1058

Error - 18/04/13 20:53:20 | Computer Name = Family2 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 01:51:37 on ?19/?04/?2013 was unexpected.

Error - 18/04/13 20:53:22 | Computer Name = Family2 | Source = Service Control Manager | ID = 7003
Description = The Net.Msmq Listener Adapter service depends the following service:
msmq. This service might not be installed.

Error - 18/04/13 20:53:22 | Computer Name = Family2 | Source = Service Control Manager | ID = 7003
Description = The Net.Pipe Listener Adapter service depends the following service:
was. This service might not be installed.

Error - 18/04/13 20:53:22 | Computer Name = Family2 | Source = Service Control Manager | ID = 7001
Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
Service service which failed to start because of the following error: %%1058


< End of report >

www.malwarebytes.org

Database version: v2013.04.18.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Paul :: FAMILY2 [administrator]

19/04/13 01:26:53
mbam-log-2013-04-19 (01-26-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262533
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\CLSID\{2A28729E-2280-4986-BDB4-EC2623EAFBA4} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\CLSID\{29AAADC9-DA30-4264-BCC4-D447F7146FC1} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29AAADC9-DA30-4264-BCC4-D447F7146FC1} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{29AAADC9-DA30-4264-BCC4-D447F7146FC1} (PUP.FaceThemes) -> Delete on reboot.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29AAADC9-DA30-4264-BCC4-D447F7146FC1} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29AAADC9-DA30-4264-BCC4-D447F7146FC1} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{29AAADC9-DA30-4264-BCC4-D447F7146FC1} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\SelectionLinks.SelectionLinksBHO.1 (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\SelectionLinks.SelectionLinksBHO (PUP.FaceThemes) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files (x86)\OApps\SelectionLinks.dll (PUP.FaceThemes) -> Quarantined and deleted successfully.
C:\Users\Paul\AppData\Local\Temp\pricepeep_1.exe (Adware.Shopper) -> Quarantined and deleted successfully.

# AdwCleaner v2.200 - Logfile created 04/19/2013 at 01:45:02
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Paul - FAMILY2
# Boot Mode : Normal
# Running from : C:\Users\Paul\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BrowserProtect

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\BrowserProtect
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\bprotector_extensions.sqlite
File Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\bprotector_prefs.js
File Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\PricePeep
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Paul\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\868d8abc69ed12
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Wow6432Node\868d8abc69ed12
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKU\S-1-5-21-1253406721-2315796278-1497747152-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKU\S-1-5-21-1253406721-2315796278-1497747152-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{0F827075-B026-42F3-885D-98981EE7B1AE}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\prefs.js

C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mixidj.delta-search.com/?affID=121136&tt=180413_ctrl&babsrc=[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://mixidj.delta-search.com/?affID=121136&tt=180413_ctrl&b[...]

File : C:\Users\Shona\AppData\Roaming\Mozilla\Firefox\Profiles\2telh2h7.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5679 octets] - [19/04/2013 01:44:12]
AdwCleaner[S1].txt - [5862 octets] - [19/04/2013 01:45:02]

########## EOF - C:\AdwCleaner[S1].txt - [5922 octets] ##########
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Pauldoc1975

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
Annoyance

Annoyance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi Gringo

Thanks for your prompt reply... here is the logs you requested

Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Spybot - Search & Destroy
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java version out of Date!
Adobe Flash Player 11.7.700.169
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Paul [Admin rights]
Mode : Remove -- Date : 04/19/2013 03:39:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[TASK][SUSP PATH] {CDB7BD61-8539-4AEE-9BAD-1F29775866D4} : C:\Users\Paul\Desktop\TFC.exe [x] -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKX-221CA SCSI Disk Device +++++
--- User ---
[MBR] 054084b740f9856ab99868f89389181a
[BSP] da986eff135fd6a3a758d7f3bf2f4e17 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40962048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41166848 | Size: 456838 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_04192013_02d0339.txt >>
RKreport[1]_S_04192013_02d0338.txt ; RKreport[2]_D_04192013_02d0339.txt


I had already ran adwcleaner and was not going but thought you would most likely know that so I ran it again and looks like I glad I did so here is that log:

# AdwCleaner v2.200 - Logfile created 04/19/2013 at 03:40:15
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Paul - FAMILY2
# Boot Mode : Normal
# Running from : C:\Users\Paul\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKU\S-1-5-21-1253406721-2315796278-1497747152-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\prefs.js

[OK] File is clean.

File : C:\Users\Shona\AppData\Roaming\Mozilla\Firefox\Profiles\2telh2h7.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5679 octets] - [19/04/2013 01:44:12]
AdwCleaner[S1].txt - [5983 octets] - [19/04/2013 01:45:02]
AdwCleaner[S2].txt - [1579 octets] - [19/04/2013 03:40:15]

########## EOF - C:\AdwCleaner[S2].txt - [1639 octets] ##########

I now have folder RK_Quarintine & my user folder on my desktop also I got 2 reports 1 before deletion and 1 after the one I have posted is after deletion as written on your post.

Regards
Paul

Edited by Pauldoc1975, 18 April 2013 - 08:55 PM.

  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Pauldoc1975

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
Annoyance

Annoyance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
ComboFix 13-04-18.03 - Paul 19/04/13 4:28.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1791.842 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-03-19 to 2013-04-19 )))))))))))))))))))))))))))))))
.
.
2013-04-19 03:36 . 2013-04-19 03:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-19 03:36 . 2013-04-19 03:36 -------- d-----w- c:\users\Shona\AppData\Local\temp
2013-04-19 03:36 . 2013-04-19 03:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-19 00:24 . 2013-04-19 00:24 -------- d-----w- c:\programdata\MGTEK
2013-04-19 00:24 . 2013-04-19 00:24 -------- d-----w- c:\users\Paul\AppData\Roaming\CRMixiDJTB
2013-04-19 00:24 . 2013-04-19 00:24 -------- d-----w- C:\Remote Programs
2013-04-19 00:23 . 2013-04-19 00:23 -------- d-----w- c:\program files (x86)\mixidj
2013-04-19 00:23 . 2013-04-19 00:24 -------- d-----w- c:\programdata\Free Ride Games
2013-04-19 00:23 . 2012-12-04 15:48 57824 ------w- c:\windows\ExentInfo.exe
2013-04-19 00:23 . 2013-04-19 00:52 -------- d-----w- c:\program files (x86)\Free Ride Games
2013-04-17 23:13 . 2013-04-17 23:24 -------- d-----w- c:\users\Paul\AppData\Roaming\GoforFiles
2013-04-16 22:53 . 2013-04-16 23:12 -------- d-----w- c:\users\Paul\AppData\Local\Opera
2013-04-16 22:43 . 2013-04-16 22:43 -------- d-----w- c:\program files (x86)\TubeDigger
2013-04-16 10:05 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15DF446E-C7E5-4BB3-867D-DC0EECFD0A40}\mpengine.dll
2013-04-15 05:04 . 2013-04-15 05:04 -------- d-----w- c:\users\Shona\AppData\Roaming\RealNetworks
2013-04-14 23:20 . 2013-04-14 23:20 -------- d-----w- c:\users\Paul\AppData\Local\Adobe
2013-04-14 23:18 . 2013-04-14 23:18 -------- d-----w- c:\users\Shona\AppData\Local\Adobe
2013-04-12 02:34 . 2013-04-12 02:34 -------- d-----w- c:\users\Paul\AppData\Roaming\aignes
2013-04-12 02:33 . 2013-04-12 02:33 -------- d-----w- c:\program files (x86)\AM-DeadLink
2013-04-11 16:30 . 2013-04-11 16:30 -------- d-----w- c:\program files (x86)\Windows Sidebar
2013-04-10 20:12 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 20:12 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 20:12 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 20:12 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 20:12 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 20:12 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 20:12 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 20:12 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 20:12 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-30 02:13 . 2013-03-30 02:13 -------- d-----w- c:\programdata\Licenses
2013-03-27 14:29 . 2013-03-27 14:29 -------- d-----w- c:\users\Paul\AppData\Roaming\Sensory
2013-03-27 14:29 . 2013-03-27 14:29 -------- d-----w- c:\users\Paul\AppData\Local\Sensory
2013-03-26 23:30 . 2013-03-26 23:30 -------- d-----w- c:\programdata\Nuance
2013-03-26 23:30 . 2013-03-26 23:30 -------- d-----w- c:\users\Shona\AppData\Roaming\Nuance
2013-03-26 23:30 . 2013-03-26 23:30 -------- d-----w- c:\users\Shona\AppData\Roaming\Freedom Scientific
2013-03-26 23:11 . 2008-07-11 07:05 145448 ----a-w- c:\windows\system32\drivers\sentinel64.sys
2013-03-26 23:11 . 2013-03-26 23:11 -------- d-----w- c:\program files (x86)\Common Files\SafeNet Sentinel
2013-03-26 23:11 . 2013-03-26 23:11 -------- d-----w- c:\windows\Downloaded Installations
2013-03-26 23:10 . 2013-03-26 23:40 -------- d-----w- c:\windows\system32\HJSMEM
2013-03-26 23:10 . 2013-03-27 00:04 -------- d-----w- c:\program files\Freedom Scientific
2013-03-26 21:09 . 2011-05-10 11:00 56320 ----a-w- c:\windows\SysWow64\iaccessible2proxy.dll
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-22 23:30 . 2013-03-22 23:30 -------- d-----w- c:\users\Paul\AppData\Roaming\RealNetworks
2013-03-22 23:29 . 2013-03-22 23:29 -------- d-----w- c:\program files (x86)\RealNetworks
2013-03-22 23:29 . 2013-03-22 23:29 -------- d-----w- c:\programdata\RealNetworks
2013-03-22 23:28 . 2013-03-22 23:28 -------- d-----w- c:\program files (x86)\Common Files\xing shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 17:10 . 2012-12-30 03:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 17:10 . 2012-12-30 03:17 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 20:16 . 2011-09-27 19:02 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-07 23:33 . 2012-06-14 21:26 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-07 23:33 . 2011-09-27 20:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-04 13:50 . 2012-03-15 22:14 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-22 23:28 . 2012-12-22 01:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-03-22 23:28 . 2012-12-22 01:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-03-12 00:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-06 23:33 . 2013-02-28 13:53 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-02-28 13:53 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-02-12 22:55 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2013-02-12 22:55 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2013-02-12 22:55 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2013-02-12 22:55 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2013-02-12 22:55 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2013-02-12 22:55 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2013-02-12 22:55 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2013-02-12 22:55 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-22 01:53 . 2013-02-22 01:53 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-22 01:43 . 2013-02-22 01:43 46280 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-02-19 22:32 . 2013-02-19 22:32 15413704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-19 22:32 . 2013-02-19 22:32 25256736 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-19 22:32 . 2013-02-19 22:32 2222880 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-19 22:32 . 2011-03-18 04:13 18376008 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-19 22:32 . 2013-02-19 22:32 2749216 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-19 22:32 . 2013-02-19 22:32 1802528 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-19 22:32 . 2013-02-19 22:32 7457968 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-19 22:32 . 2013-02-19 22:32 26341664 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-19 22:32 . 2013-02-19 22:32 2446416 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-19 22:32 . 2011-03-18 04:13 2752880 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-19 22:32 . 2013-02-19 22:32 6162704 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-19 22:32 . 2013-02-19 22:32 13531936 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-19 22:32 . 2013-02-19 22:32 7754560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-19 22:32 . 2013-02-19 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-19 22:32 . 2013-02-19 22:32 2577184 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-19 22:32 . 2013-02-19 22:32 1869088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-19 22:32 . 2013-02-19 22:32 19915552 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-19 22:32 . 2013-02-19 22:32 9184760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-19 22:32 . 2013-02-19 22:32 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-12 16:33 . 2013-02-12 16:10 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-02-12 05:45 . 2013-03-12 20:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-12 20:53 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-12 20:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-12 20:53 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-12 20:53 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-12 20:53 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-12 21:15 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-31 09:25 . 2010-07-09 16:27 6207776 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-31 09:25 . 2010-07-09 16:27 3300640 ----a-w- c:\windows\system32\nvsvc64.dll
2013-01-31 09:24 . 2010-07-09 16:27 878368 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-31 09:24 . 2010-07-09 16:27 118560 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-31 09:24 . 2010-02-17 09:47 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-01-31 09:24 . 2010-02-17 09:47 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-29 23:48 . 2013-01-29 23:48 46880 ----a-w- c:\windows\system32\drivers\fsbrldsp.sys
2013-01-29 23:47 . 2013-01-29 23:47 139744 ----a-w- c:\windows\system32\fsbrldspapi.dll
2013-01-21 11:12 . 2013-01-21 11:12 2177664 ----a-w- c:\windows\system32\coin93.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}]
2012-11-13 07:23 263136 ----a-w- c:\program files (x86)\mixidj\mixidj\1.8.4.1\bh\mixidj.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}"= "c:\program files (x86)\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll" [2012-11-13 337376]
.
[HKEY_CLASSES_ROOT\clsid\{ca9b9c89-4662-4adc-9c23-a452becd5d19}]
[HKEY_CLASSES_ROOT\mixidj.mixidjdskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\mixidj.mixidjdskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-06 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files (x86)\Free Ride Games\GPlayer.exe" [2012-12-04 4936152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 gwmvid;gwmvid;c:\windows\system32\DRIVERS\gwmvid.sys [2011-10-26 10560]
R3 gwrdmir;gwrdmir;c:\windows\system32\DRIVERS\gwrdmir.sys [2011-09-23 10048]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 42184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-27 1255736]
R4 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
R4 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 244624]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-24 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2008-07-11 145448]
S2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [2012-08-02 56136]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-10-11 1924096]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-05 50800]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 17:10]
.
2013-04-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000Core.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-06 15:05]
.
2013-04-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000UA.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-06 15:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cab
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\
FF - prefs.js: browser.search.selectedEngine - Amazon (United Kingdom) Search Suggestions
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - ExtSQL: 2013-04-16 19:59; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-16 20:00; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:01; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:06; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:12; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - ExtSQL: 2013-04-16 20:13; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:14; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:20; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:21; {E10A6337-382E-4FE6-96DE-936ADC34DD04}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
FF - ExtSQL: 2013-04-16 20:24; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-04-19 01:11; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-19 01:23; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DivXMediaServer - c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-exent_586350 - h:\remote programs\7 Wonders 2\GPlrLanc.exe
AddRemove-sl-dlca - c:\program files (x86)\OApps\sl-dlca_uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-04-19 04:40:34
ComboFix-quarantined-files.txt 2013-04-19 03:40
ComboFix2.txt 2013-03-03 01:23
.
Pre-Run: 236,634,542,080 bytes free
Post-Run: 236,496,949,248 bytes free
.
- - End Of File - - 8CD8DF8A26CC544221D62E13709112C0


I still have some of these programs installed on my computer in uninstall or change a program list those are:

MixiDJ Chrome Toolbar
Free Ride Games Player
SelectionLinks
MixiDJ Toolbar
7 Wonders II

Should uninstall those using revo uninstaller or some other program

other than that to me everything seems fine

Regards
Paul
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
yes go ahead and uninstall them and then rerun combofix for me and I will look for anything left over


If something does not uninstall then just skip it
  • 0

#7
Annoyance

Annoyance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi

All went well with the uninstalls

Here is the combofix log:


ComboFix 13-04-18.03 - Paul 19/04/13 5:44.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1791.824 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-19 to 2013-04-19 )))))))))))))))))))))))))))))))
.
.
2013-04-19 04:52 . 2013-04-19 04:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-19 04:52 . 2013-04-19 04:52 -------- d-----w- c:\users\Shona\AppData\Local\temp
2013-04-19 04:52 . 2013-04-19 04:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-19 04:52 . 2013-04-19 04:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-19 00:24 . 2013-04-19 00:24 -------- d-----w- c:\programdata\MGTEK
2013-04-19 00:24 . 2013-04-19 00:24 -------- d-----w- c:\users\Paul\AppData\Roaming\CRMixiDJTB
2013-04-17 23:13 . 2013-04-17 23:24 -------- d-----w- c:\users\Paul\AppData\Roaming\GoforFiles
2013-04-16 22:53 . 2013-04-16 23:12 -------- d-----w- c:\users\Paul\AppData\Local\Opera
2013-04-16 22:43 . 2013-04-16 22:43 -------- d-----w- c:\program files (x86)\TubeDigger
2013-04-16 10:05 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15DF446E-C7E5-4BB3-867D-DC0EECFD0A40}\mpengine.dll
2013-04-15 05:04 . 2013-04-15 05:04 -------- d-----w- c:\users\Shona\AppData\Roaming\RealNetworks
2013-04-14 23:20 . 2013-04-14 23:20 -------- d-----w- c:\users\Paul\AppData\Local\Adobe
2013-04-14 23:18 . 2013-04-14 23:18 -------- d-----w- c:\users\Shona\AppData\Local\Adobe
2013-04-12 02:34 . 2013-04-12 02:34 -------- d-----w- c:\users\Paul\AppData\Roaming\aignes
2013-04-12 02:33 . 2013-04-12 02:33 -------- d-----w- c:\program files (x86)\AM-DeadLink
2013-04-11 16:30 . 2013-04-11 16:30 -------- d-----w- c:\program files (x86)\Windows Sidebar
2013-04-10 20:12 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 20:12 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 20:12 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 20:12 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 20:12 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 20:12 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 20:12 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 20:12 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 20:12 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-30 02:13 . 2013-03-30 02:13 -------- d-----w- c:\programdata\Licenses
2013-03-27 14:29 . 2013-03-27 14:29 -------- d-----w- c:\users\Paul\AppData\Roaming\Sensory
2013-03-27 14:29 . 2013-03-27 14:29 -------- d-----w- c:\users\Paul\AppData\Local\Sensory
2013-03-26 23:30 . 2013-03-26 23:30 -------- d-----w- c:\programdata\Nuance
2013-03-26 23:30 . 2013-03-26 23:30 -------- d-----w- c:\users\Shona\AppData\Roaming\Nuance
2013-03-26 23:30 . 2013-03-26 23:30 -------- d-----w- c:\users\Shona\AppData\Roaming\Freedom Scientific
2013-03-26 23:11 . 2008-07-11 07:05 145448 ----a-w- c:\windows\system32\drivers\sentinel64.sys
2013-03-26 23:11 . 2013-03-26 23:11 -------- d-----w- c:\program files (x86)\Common Files\SafeNet Sentinel
2013-03-26 23:11 . 2013-03-26 23:11 -------- d-----w- c:\windows\Downloaded Installations
2013-03-26 23:10 . 2013-03-26 23:40 -------- d-----w- c:\windows\system32\HJSMEM
2013-03-26 23:10 . 2013-03-27 00:04 -------- d-----w- c:\program files\Freedom Scientific
2013-03-26 21:09 . 2011-05-10 11:00 56320 ----a-w- c:\windows\SysWow64\iaccessible2proxy.dll
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-22 23:30 . 2013-03-22 23:30 -------- d-----w- c:\users\Paul\AppData\Roaming\RealNetworks
2013-03-22 23:29 . 2013-03-22 23:29 -------- d-----w- c:\program files (x86)\RealNetworks
2013-03-22 23:29 . 2013-03-22 23:29 -------- d-----w- c:\programdata\RealNetworks
2013-03-22 23:28 . 2013-03-22 23:28 -------- d-----w- c:\program files (x86)\Common Files\xing shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 17:10 . 2012-12-30 03:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 17:10 . 2012-12-30 03:17 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 20:16 . 2011-09-27 19:02 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-07 23:33 . 2012-06-14 21:26 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-07 23:33 . 2011-09-27 20:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-04 13:50 . 2012-03-15 22:14 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-22 23:28 . 2012-12-22 01:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-03-22 23:28 . 2012-12-22 01:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-03-12 00:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-06 23:33 . 2013-02-28 13:53 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-02-28 13:53 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-02-12 22:55 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2013-02-12 22:55 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2013-02-12 22:55 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2013-02-12 22:55 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2013-02-12 22:55 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2013-02-12 22:55 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2013-02-12 22:55 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2013-02-12 22:55 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-22 01:53 . 2013-02-22 01:53 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-22 01:43 . 2013-02-22 01:43 46280 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-02-19 22:32 . 2013-02-19 22:32 15413704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-19 22:32 . 2013-02-19 22:32 25256736 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-19 22:32 . 2013-02-19 22:32 2222880 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-19 22:32 . 2011-03-18 04:13 18376008 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-19 22:32 . 2013-02-19 22:32 2749216 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-19 22:32 . 2013-02-19 22:32 1802528 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-19 22:32 . 2013-02-19 22:32 7457968 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-19 22:32 . 2013-02-19 22:32 26341664 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-19 22:32 . 2013-02-19 22:32 2446416 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-19 22:32 . 2011-03-18 04:13 2752880 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-19 22:32 . 2013-02-19 22:32 6162704 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-19 22:32 . 2013-02-19 22:32 13531936 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-19 22:32 . 2013-02-19 22:32 7754560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-19 22:32 . 2013-02-19 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-19 22:32 . 2013-02-19 22:32 2577184 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-19 22:32 . 2013-02-19 22:32 1869088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-19 22:32 . 2013-02-19 22:32 19915552 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-19 22:32 . 2013-02-19 22:32 9184760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-19 22:32 . 2013-02-19 22:32 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-12 16:33 . 2013-02-12 16:10 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-02-12 05:45 . 2013-03-12 20:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-12 20:53 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-12 20:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-12 20:53 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-12 20:53 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-12 20:53 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-12 21:15 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-31 09:25 . 2010-07-09 16:27 6207776 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-31 09:25 . 2010-07-09 16:27 3300640 ----a-w- c:\windows\system32\nvsvc64.dll
2013-01-31 09:24 . 2010-07-09 16:27 878368 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-31 09:24 . 2010-07-09 16:27 118560 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-31 09:24 . 2010-02-17 09:47 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-01-31 09:24 . 2010-02-17 09:47 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-29 23:48 . 2013-01-29 23:48 46880 ----a-w- c:\windows\system32\drivers\fsbrldsp.sys
2013-01-29 23:47 . 2013-01-29 23:47 139744 ----a-w- c:\windows\system32\fsbrldspapi.dll
2013-01-21 11:12 . 2013-01-21 11:12 2177664 ----a-w- c:\windows\system32\coin93.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-06 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 gwmvid;gwmvid;c:\windows\system32\DRIVERS\gwmvid.sys [2011-10-26 10560]
R3 gwrdmir;gwrdmir;c:\windows\system32\DRIVERS\gwrdmir.sys [2011-09-23 10048]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 42184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-27 1255736]
R4 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
R4 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 244624]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-24 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2008-07-11 145448]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-10-11 1924096]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-05 50800]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 17:10]
.
2013-04-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000Core.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-06 15:05]
.
2013-04-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000UA.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-06 15:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cab
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\
FF - prefs.js: browser.search.selectedEngine - Amazon (United Kingdom) Search Suggestions
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - ExtSQL: 2013-04-16 19:59; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-16 20:00; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:01; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:06; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:12; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - ExtSQL: 2013-04-16 20:13; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:14; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:20; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:21; {E10A6337-382E-4FE6-96DE-936ADC34DD04}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
FF - ExtSQL: 2013-04-16 20:24; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-04-19 01:11; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-19 01:23; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-04-19 05:55:17
ComboFix-quarantined-files.txt 2013-04-19 04:55
ComboFix2.txt 2013-04-19 03:40
ComboFix3.txt 2013-03-03 01:23
.
Pre-Run: 236,761,645,056 bytes free
Post-Run: 236,325,502,976 bytes free
.
- - End Of File - - D8B74F4B0736D70A8175E4C3F1C9F7E3
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Pauldoc1975

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Paul\AppData\Roaming\CRMixiDJTB
c:\programdata\MGTEK

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#9
Annoyance

Annoyance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
ComboFix 13-04-18.03 - Paul 19/04/13 6:30.8.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1791.615 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
Command switches used :: c:\users\Paul\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\MGTEK
c:\programdata\MGTEK\Installer Cache\adblockie_2.2.1524_x64.msi
c:\users\Paul\AppData\Roaming\CRMixiDJTB
c:\users\Paul\AppData\Roaming\CRMixiDJTB\MixiDJ.crx
.
.
((((((((((((((((((((((((( Files Created from 2013-03-19 to 2013-04-19 )))))))))))))))))))))))))))))))
.
.
2013-04-19 05:38 . 2013-04-19 05:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-19 05:38 . 2013-04-19 05:38 -------- d-----w- c:\users\Shona\AppData\Local\temp
2013-04-19 05:38 . 2013-04-19 05:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-19 05:38 . 2013-04-19 05:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-17 23:13 . 2013-04-17 23:24 -------- d-----w- c:\users\Paul\AppData\Roaming\GoforFiles
2013-04-16 22:53 . 2013-04-16 23:12 -------- d-----w- c:\users\Paul\AppData\Local\Opera
2013-04-16 22:43 . 2013-04-16 22:43 -------- d-----w- c:\program files (x86)\TubeDigger
2013-04-16 10:05 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{15DF446E-C7E5-4BB3-867D-DC0EECFD0A40}\mpengine.dll
2013-04-15 05:04 . 2013-04-15 05:04 -------- d-----w- c:\users\Shona\AppData\Roaming\RealNetworks
2013-04-14 23:20 . 2013-04-14 23:20 -------- d-----w- c:\users\Paul\AppData\Local\Adobe
2013-04-14 23:18 . 2013-04-14 23:18 -------- d-----w- c:\users\Shona\AppData\Local\Adobe
2013-04-12 02:34 . 2013-04-12 02:34 -------- d-----w- c:\users\Paul\AppData\Roaming\aignes
2013-04-12 02:33 . 2013-04-12 02:33 -------- d-----w- c:\program files (x86)\AM-DeadLink
2013-04-11 16:30 . 2013-04-11 16:30 -------- d-----w- c:\program files (x86)\Windows Sidebar
2013-04-10 20:12 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 20:12 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 20:12 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 20:12 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 20:12 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 20:12 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 20:12 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 20:12 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 20:12 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-30 02:13 . 2013-03-30 02:13 -------- d-----w- c:\programdata\Licenses
2013-03-27 14:29 . 2013-03-27 14:29 -------- d-----w- c:\users\Paul\AppData\Roaming\Sensory
2013-03-27 14:29 . 2013-03-27 14:29 -------- d-----w- c:\users\Paul\AppData\Local\Sensory
2013-03-26 23:30 . 2013-03-26 23:30 -------- d-----w- c:\programdata\Nuance
2013-03-26 23:30 . 2013-03-26 23:30 -------- d-----w- c:\users\Shona\AppData\Roaming\Nuance
2013-03-26 23:30 . 2013-03-26 23:30 -------- d-----w- c:\users\Shona\AppData\Roaming\Freedom Scientific
2013-03-26 23:11 . 2008-07-11 07:05 145448 ----a-w- c:\windows\system32\drivers\sentinel64.sys
2013-03-26 23:11 . 2013-03-26 23:11 -------- d-----w- c:\program files (x86)\Common Files\SafeNet Sentinel
2013-03-26 23:11 . 2013-03-26 23:11 -------- d-----w- c:\windows\Downloaded Installations
2013-03-26 23:10 . 2013-03-26 23:40 -------- d-----w- c:\windows\system32\HJSMEM
2013-03-26 23:10 . 2013-03-27 00:04 -------- d-----w- c:\program files\Freedom Scientific
2013-03-26 21:09 . 2011-05-10 11:00 56320 ----a-w- c:\windows\SysWow64\iaccessible2proxy.dll
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-22 23:30 . 2013-03-22 23:30 -------- d-----w- c:\users\Paul\AppData\Roaming\RealNetworks
2013-03-22 23:29 . 2013-03-22 23:29 -------- d-----w- c:\program files (x86)\RealNetworks
2013-03-22 23:29 . 2013-03-22 23:29 -------- d-----w- c:\programdata\RealNetworks
2013-03-22 23:28 . 2013-03-22 23:28 -------- d-----w- c:\program files (x86)\Common Files\xing shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 17:10 . 2012-12-30 03:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 17:10 . 2012-12-30 03:17 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 20:16 . 2011-09-27 19:02 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-07 23:33 . 2012-06-14 21:26 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-07 23:33 . 2011-09-27 20:23 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-04 13:50 . 2012-03-15 22:14 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-22 23:28 . 2012-12-22 01:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-03-22 23:28 . 2012-12-22 01:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-03-12 00:10 . 2010-11-21 03:27 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-06 23:33 . 2013-02-28 13:53 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-02-28 13:53 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2013-02-12 22:55 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2013-02-12 22:55 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2013-02-12 22:55 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2013-02-12 22:55 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2013-02-12 22:55 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2013-02-12 22:55 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2013-02-12 22:55 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2013-02-12 22:55 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-22 01:53 . 2013-02-22 01:53 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-22 01:43 . 2013-02-22 01:43 46280 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-02-19 22:32 . 2013-02-19 22:32 15413704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-19 22:32 . 2013-02-19 22:32 25256736 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-19 22:32 . 2013-02-19 22:32 2222880 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-19 22:32 . 2011-03-18 04:13 18376008 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-19 22:32 . 2013-02-19 22:32 2749216 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-19 22:32 . 2013-02-19 22:32 1802528 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-19 22:32 . 2013-02-19 22:32 7457968 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-19 22:32 . 2013-02-19 22:32 26341664 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-19 22:32 . 2013-02-19 22:32 2446416 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-19 22:32 . 2011-03-18 04:13 2752880 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-19 22:32 . 2013-02-19 22:32 6162704 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-19 22:32 . 2013-02-19 22:32 13531936 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-19 22:32 . 2013-02-19 22:32 7754560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-19 22:32 . 2013-02-19 22:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-19 22:32 . 2013-02-19 22:32 2577184 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-19 22:32 . 2013-02-19 22:32 1869088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-19 22:32 . 2013-02-19 22:32 19915552 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-19 22:32 . 2013-02-19 22:32 9184760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-19 22:32 . 2013-02-19 22:32 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-12 16:33 . 2013-02-12 16:10 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-02-12 05:45 . 2013-03-12 20:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-12 20:53 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-12 20:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-12 20:53 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-12 20:53 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-12 20:53 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-12 21:15 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-31 09:25 . 2010-07-09 16:27 6207776 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-31 09:25 . 2010-07-09 16:27 3300640 ----a-w- c:\windows\system32\nvsvc64.dll
2013-01-31 09:24 . 2010-07-09 16:27 878368 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-31 09:24 . 2010-07-09 16:27 118560 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-31 09:24 . 2010-02-17 09:47 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-01-31 09:24 . 2010-02-17 09:47 2558240 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-29 23:48 . 2013-01-29 23:48 46880 ----a-w- c:\windows\system32\drivers\fsbrldsp.sys
2013-01-29 23:47 . 2013-01-29 23:47 139744 ----a-w- c:\windows\system32\fsbrldspapi.dll
2013-01-21 11:12 . 2013-01-21 11:12 2177664 ----a-w- c:\windows\system32\coin93.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-06 138096]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 gwmvid;gwmvid;c:\windows\system32\DRIVERS\gwmvid.sys [2011-10-26 10560]
R3 gwrdmir;gwrdmir;c:\windows\system32\DRIVERS\gwrdmir.sys [2011-09-23 10048]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-22 42184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-27 1255736]
R4 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
R4 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 244624]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-24 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2008-07-11 145448]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-10-11 1924096]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2013-01-05 50800]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-30 17:10]
.
2013-04-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000Core.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-06 15:05]
.
2013-04-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000UA.job
- c:\users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-06 15:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {76392179-60A8-462D-8961-B95C14DAADF4} - hxxps://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cab
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\
FF - prefs.js: browser.search.selectedEngine - Amazon (United Kingdom) Search Suggestions
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - ExtSQL: 2013-04-16 19:59; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-16 20:00; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:01; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:06; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:12; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - ExtSQL: 2013-04-16 20:13; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:14; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:20; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
FF - ExtSQL: 2013-04-16 20:21; {E10A6337-382E-4FE6-96DE-936ADC34DD04}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
FF - ExtSQL: 2013-04-16 20:24; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-04-19 01:11; [email protected]; c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\vnbg9xzk.default-1366138591957\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-04-19 06:41:00
ComboFix-quarantined-files.txt 2013-04-19 05:41
ComboFix2.txt 2013-04-19 04:55
ComboFix3.txt 2013-04-19 03:40
ComboFix4.txt 2013-03-03 01:23
.
Pre-Run: 236,395,175,936 bytes free
Post-Run: 236,317,782,016 bytes free
.
- - End Of File - - 1479BE00C6B271194F90DB5E5A288BC5


Script ran with no problems.

Computer seems to be running slightly better

only things left that I can see it the rk quarantine folder and my user folder and other cleanup things like logs and programs etc etc

that is if you consider me clean now

Regards
Paul
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Pauldoc1975

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

Advertisements


#11
Annoyance

Annoyance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi

Here is the report:

Update for Microsoft Office 2007 (KB2508958)
AC3Filter 1.63b
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.6
Adobe Shockwave Player 12.0
ALCATEL PC Suite V6.3.28
AM-DeadLink 4.6
Any Video Converter 3.2.7
Apple Application Support
Apple Software Update
µTorrent
Audacity 1.3.13 (Unicode)
avast! Free Antivirus
Brother MFL-Pro Suite DCP-J715W
D3DX10
DVDStyler v2.3
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287
FLVPlayer4Free Free FLV Player 4.8.0.0
Hotkey Utility
Identity Card
IrfanView (remove only)
JavaFX 2.1.1
Junk Mail filter update
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Messenger Companion
Microsoft Corporation
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NVIDIA ForceWare Network Access Manager
PhotoNow! 1.0
PowerDirector Express
PowerProducer
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.94
ScanSoft PaperPort 11
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Sentinel System Driver Installer 7.5.0
Skype™ 6.0
SnagIt 7
Spybot - Search & Destroy
SpywareBlaster 5.0
swMSM
TubeDigger 4.4.4
Tweaking.com - Windows Repair (All in One)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.6
Welcome Center
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Xvid Video Codec


Regards
Paul
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


Adobe Reader X (10.1.6)
µTorrent
JavaFX 2.1.1

[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.



: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#13
Annoyance

Annoyance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi

uninstalled JavaFX
Uninstalled/updated Adobe Reader
Keeping the other

Did the other things on list

Here is the logs:

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Paul :: FAMILY2 [administrator]

19/04/13 20:52:36
mbam-log-2013-04-19 (20-52-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264757
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:59:06, on 19/04/13
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Paul\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-1253406721-2315796278-1497747152-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1253406721-2315796278-1497747152-1004\..\Run: [Facebook Update] "C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1253406721-2315796278-1497747152-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {76392179-60A8-462D-8961-B95C14DAADF4} (PrintEngine ActiveX Control v4.2) - https://billcentre.v...printengine.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\Windows\SysWOW64\guard32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9787 bytes
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKUS\S-1-5-21-1253406721-2315796278-1497747152-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1253406721-2315796278-1497747152-1004\..\Run: [Facebook Update] "C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1253406721-2315796278-1497747152-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#15
Annoyance

Annoyance

    Member

  • Topic Starter
  • Member
  • PipPip
  • 84 posts
Hi

Completed the Hijackthis fixes and ran the Eset Online Scanner with No Threats Found :thumbsup:

aswell as the Rk_Quarintine folder and My User Folder i now have a folder named backups I assume this was normal and will be fixed cleared during cleanup :rolleyes:

Regards
Paul
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP