Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Linkury smartbar problem. Please help! [Solved]


  • This topic is locked This topic is locked

#1
kerrykitten

kerrykitten

    Member

  • Member
  • PipPip
  • 10 posts
Hi

Please can you help ? :help:

Internet explorer 9 keeps hanging on me and I think I may be infected.

I did have ie10 but found it was quite slow so downgraded

Ive found an addon that I cant remove and think it may have something to do with that?

Its called Linkury community smartbar :angry:

Have you come across it before and can you help me remove it?

Thanks so much, any help would be appreciated :thumbsup:

Kerry

Win7 64bit

OTL logfile created on: 13/06/2013 08:30:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 51.11% Memory free
15.99 Gb Paging File | 13.52 Gb Available in Paging File | 84.56% Paging File free
Paging file location(s): C:\pagefile.sys 6141 6141F:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 168.60 Gb Free Space | 72.43% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 196.90 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
Drive H: | 149.05 Gb Total Space | 40.96 Gb Free Space | 27.48% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/13 08:28:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
PRC - [2013/06/12 00:17:38 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/06/06 23:06:24 | 001,641,896 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/06/06 23:06:24 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/05 23:16:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013/01/22 20:15:34 | 003,979,072 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe
PRC - [2013/01/15 19:47:12 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013/01/15 19:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/04/26 12:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
PRC - [2012/03/16 11:36:50 | 003,478,936 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2010/05/25 13:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/06 23:06:24 | 001,114,536 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/05/07 02:05:20 | 000,654,848 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/03/27 01:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/01/15 19:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 19:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 19:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 19:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
MOD - [2013/01/15 19:47:50 | 000,517,440 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\sqlite3.dll
MOD - [2013/01/15 19:47:44 | 001,230,144 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Scan.dll
MOD - [2012/12/11 18:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 18:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 18:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/03/29 02:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/11/08 00:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/04/26 12:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Running] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/12 01:16:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/06 23:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/05 23:16:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/01/15 19:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/29 03:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/03/29 02:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/03/06 20:00:40 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/03/06 20:00:39 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/02/14 12:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/12/10 15:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012/11/15 02:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/11/08 00:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/06/05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012/05/18 20:08:29 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/05/18 20:07:49 | 000,043,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/08 02:13:32 | 000,149,640 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/12/29 13:37:44 | 000,035,120 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2011/12/15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/10/20 11:24:06 | 000,157,696 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\MxEFUF64.sys -- (MxEFUF)
DRV:64bit: - [2011/09/20 09:28:18 | 000,183,104 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CC3.sys -- (SaiK0CC3)
DRV:64bit: - [2011/05/25 00:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/22 08:19:36 | 000,049,928 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010/04/22 08:19:36 | 000,022,664 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010/04/22 08:19:32 | 000,041,096 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CC3.sys -- (SaiU0CC3)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/07 23:38:18 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2008/12/07 12:44:56 | 000,035,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2008/07/02 14:58:50 | 000,031,624 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2008/03/13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008/01/21 09:20:50 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728)
DRV:64bit: - [2006/11/10 14:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 A9 01 4B D3 61 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.2
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.4.2
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.5.0.11422
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Jim\AppData\Roaming\IDM\idmmzcc5 [2013/06/12 13:25:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Jim\AppData\Roaming\IDM\idmmzcc5 [2013/06/12 13:25:25 | 000,000,000 | ---D | M]

[2013/03/07 19:05:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\17ndzi5h.default\extensions
[2013/03/07 14:34:06 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\17ndzi5h.default\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\17NDZI5H.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
File not found (No name found) -- C:\USERS\JIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\17NDZI5H.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2013/06/05 13:41:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] c:\program files\comodo\comodo internet security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [ProfilerU] c:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [Privacy Suite] C:\Program Files (x86)\CyberScrub Privacy Suite\CSPSeraser.exe (CyberScrub LLC)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSRiskMon - Shortcut.lnk = C:\Program Files (x86)\CyberScrub Privacy Suite\CSRiskMon.exe (CyberScrub LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16:64bit: - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bit...qsax/qsax64.cab (Bitdefender QuickScan Control)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F584DA98-5D22-46EF-ABDF-4CD83496DF16}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F584DA98-5D22-46EF-ABDF-4CD83496DF16}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/13 08:28:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2013/06/13 07:53:18 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/06/13 07:50:37 | 001,293,000 | ---- | C] (Reason Software Company Inc.) -- C:\Users\Jim\Desktop\ShouldIRemoveIt_Setup.exe
[2013/06/13 07:15:11 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\Re New Order 090613
[2013/06/12 13:25:24 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\IDM
[2013/06/12 13:25:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/12 13:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/06/12 13:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Download Manager
[2013/06/12 13:05:27 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\EQATEC Analytics
[2013/06/12 13:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2013/06/12 13:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedBit
[2013/06/09 20:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/06/08 13:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2013/06/08 12:28:47 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Diagnostics
[2013/06/07 14:50:46 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\VirtualStore
[2013/06/07 14:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2013/06/07 14:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Motive
[2013/06/07 14:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2013/06/05 16:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2013/06/05 13:48:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/05 13:41:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/28 17:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/05/28 17:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/05/16 18:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/16 17:59:42 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\COMODO
[13 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/13 08:41:48 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/06/13 08:28:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\OTL.exe
[2013/06/13 08:16:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/13 07:50:40 | 001,293,000 | ---- | M] (Reason Software Company Inc.) -- C:\Users\Jim\Desktop\ShouldIRemoveIt_Setup.exe
[2013/06/12 17:56:57 | 000,801,406 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/12 17:56:57 | 000,680,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/12 17:56:57 | 000,128,718 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/12 17:56:43 | 000,801,406 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/12 16:53:45 | 000,020,968 | ---- | M] () -- C:\Users\Jim\AppData\Local\recently-used.xbel
[2013/06/12 13:29:05 | 000,019,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 13:29:05 | 000,019,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/12 13:21:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/12 13:21:44 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/12 13:20:36 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2013/06/12 13:03:18 | 000,109,696 | ---- | M] () -- C:\Windows\SysWow64\EasyHook64.dll
[2013/06/12 13:03:18 | 000,091,264 | ---- | M] () -- C:\Windows\SysWow64\EasyHook32.dll
[2013/06/11 14:55:21 | 000,001,437 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/09 20:31:05 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/05 16:44:25 | 006,802,915 | ---- | M] () -- C:\Users\Jim\AppData\Local\census.cache
[2013/06/05 16:43:46 | 000,086,360 | ---- | M] () -- C:\Users\Jim\AppData\Local\ars.cache
[2013/06/05 13:41:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/29 17:05:48 | 000,311,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[13 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/12 16:53:45 | 000,020,968 | ---- | C] () -- C:\Users\Jim\AppData\Local\recently-used.xbel
[2013/06/12 13:20:35 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2013/06/12 13:03:48 | 000,109,696 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2013/06/12 13:03:48 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2013/06/11 14:55:21 | 000,001,409 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/06/09 20:31:05 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/05/29 17:05:38 | 000,311,416 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/18 13:34:05 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/29 03:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/29 03:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/03/23 12:51:53 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/03/23 12:51:52 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/02/14 11:11:40 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2013/02/14 11:10:43 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2013/02/08 15:09:02 | 000,000,113 | ---- | C] () -- C:\Windows\mgboss_reg.ini
[2013/02/08 15:05:11 | 000,000,021 | ---- | C] () -- C:\Windows\mgboss_win.ini
[2012/11/27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/06/24 18:21:13 | 000,000,032 | ---- | C] () -- C:\Users\Jim\.deskmetrics
[2012/06/23 11:56:35 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2012/06/23 11:56:35 | 000,000,025 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2012/03/30 10:52:01 | 000,000,700 | -HS- | C] () -- C:\Users\Jim\AppData\Local\systemFL7.dat
[2012/03/30 10:36:47 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nwsftUninstall.exe
[2012/03/28 09:05:28 | 000,801,406 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/10 14:07:29 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\PCProxyOff.ini
[2012/02/10 14:07:18 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\VistaInfo32.dll
[2012/02/03 09:55:49 | 000,003,203 | ---- | C] () -- C:\Windows\mozver.dat
[2012/01/24 11:53:08 | 000,002,496 | ---- | C] () -- C:\Windows\SysWow64\AVRedirector.ini
[2012/01/24 11:53:08 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\AVRedirectorOff.ini
[2012/01/20 13:28:58 | 006,802,915 | ---- | C] () -- C:\Users\Jim\AppData\Local\census.cache
[2012/01/20 13:25:25 | 000,086,360 | ---- | C] () -- C:\Users\Jim\AppData\Local\ars.cache
[2012/01/20 11:19:16 | 000,000,036 | ---- | C] () -- C:\Users\Jim\AppData\Local\housecall.guid.cache
[2012/01/20 10:23:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/20 10:23:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/20 10:23:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/20 10:23:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/20 10:23:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/14 15:22:30 | 000,005,632 | ---- | C] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/04 18:28:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/22 13:43:24 | 000,000,084 | ---- | C] () -- C:\Windows\csact.ini
[2011/07/22 13:33:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/09 22:10:55 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\A31DE1E9-CD4A-4992-B0E4-F62252B5DBBF
[2013/05/09 22:10:55 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Audacity
[2013/03/07 14:51:46 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\avidemux
[2013/02/14 11:24:46 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Babylon
[2011/07/22 13:43:49 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\CyberScrub
[2013/06/13 07:43:09 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DMCache
[2013/02/08 15:38:08 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DriverCure
[2013/06/12 13:06:24 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\EQATEC Analytics
[2013/03/18 16:23:43 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\EurekaLog
[2013/02/07 22:45:32 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GlarySoft
[2013/06/13 08:12:54 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\IDM
[2013/04/12 20:46:06 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\IObit
[2013/02/08 15:41:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Machete Lite
[2011/08/22 16:59:20 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\OpenOffice.org
[2013/03/07 14:51:46 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Orbit
[2013/04/04 20:48:31 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Origin
[2011/08/17 17:34:37 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\ProgSense
[2013/01/22 20:34:59 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\QuickScan
[2013/02/01 12:01:58 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\S.A.D
[2012/10/30 20:03:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Safe Folder
[2012/12/16 21:53:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Thinstall
[2012/10/25 12:52:03 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uninstaller Tool(Comodo Forums)
[2013/01/17 20:17:20 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\URSoft
[2013/06/12 13:01:59 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\uTorrent
[2013/06/12 16:45:43 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\VSO

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:B4AF47A7
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:B3D74A13
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56E2E879

< End of report >

OTL Extras logfile created on: 13/06/2013 08:30:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 51.11% Memory free
15.99 Gb Paging File | 13.52 Gb Available in Paging File | 84.56% Paging File free
Paging file location(s): C:\pagefile.sys 6141 6141F:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 168.60 Gb Free Space | 72.43% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 196.90 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
Drive H: | 149.05 Gb Total Space | 40.96 Gb Free Space | 27.48% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\RocketDock\RocketDock.exe" = C:\Program Files (x86)\RocketDock\RocketDock.exe:*:Enabled:ipsec -- ()
"C:\Program Files (x86)\RocketDock\RocketDock.exe" = C:\Program Files (x86)\RocketDock\RocketDock.exe:*:Enabled:ipsec -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F62B32-D799-477F-971F-0C51E376F059}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{06FF1A81-88D9-46A1-B323-960F2974873E}" = lport=139 | protocol=6 | dir=in | app=system |
"{0B7AEC42-AED0-4488-9AEA-107EB2966ACE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14FC5F91-BDEA-464D-87D4-71C9D0FF22B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42025DAD-A666-4A64-9D69-6D2C9EFE5FF8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4C3CCB98-AFE1-44BE-91C7-4C3A9D7CC070}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DEF059E-B512-4779-A529-1FA80D92DA97}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{59A80C45-568F-4850-8068-563568E913C3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BF1E164-0230-4DF6-A3E9-74C477161D46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FA27851-3223-4BB7-91A1-3D4BD410DF98}" = lport=445 | protocol=6 | dir=in | app=system |
"{6BBD9D6E-34EF-424C-AB52-8F70D9CBC1DC}" = lport=138 | protocol=17 | dir=in | app=system |
"{6C8B5046-372F-4AA0-BE52-061EDAA52982}" = rport=137 | protocol=17 | dir=out | app=system |
"{6D59E2AE-E058-4BCA-A42B-C13D18A4F8A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{874DCF6F-04C5-4DD5-8F63-836D2CF9EEE5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{97889B38-21FC-442A-BA3E-3D46D2C00F35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7124105-DCFD-4F8D-A360-51F967AC1CA1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF4F9E72-84A4-4889-B6E3-A0A26B78200A}" = rport=139 | protocol=6 | dir=out | app=system |
"{B145522A-4546-421C-8248-7A93D980212A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C8ACD28A-00FB-4416-93A0-86426085A07A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{CE50ED13-F032-4BD9-8CC3-5907794A4E58}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D0967A94-D186-4A8F-A13D-BA3514C3D4D4}" = rport=138 | protocol=17 | dir=out | app=system |
"{D706CB70-F824-425F-AF78-52FAC07CEABF}" = lport=137 | protocol=17 | dir=in | app=system |
"{E9176DFF-EF18-45FE-8400-2F5CDE192210}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7C9DB3C-AB65-4762-AB3B-74B62B140494}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC3EED7F-CDF0-4B34-9CF2-716EADB1FEDF}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0616A3FA-291E-4430-8EA3-3E12CE7FA8D9}" = protocol=17 | dir=in | app=c:\users\jim\documents\downloads\programs\utorrent.exe |
"{0B2D0E02-C07C-4AE4-9E12-CB7C84781CB7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0C155330-5484-4784-BC61-31C05507AEEB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2567DEC4-0187-49BF-B5DB-D69812629183}" = protocol=1 | dir=out | [email protected],-28544 |
"{290C2BFB-3CE7-458A-A821-427331F4020E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30B74745-76A5-44CE-ABFE-DB20B0E0C858}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37D8A9A7-F6B5-45D5-AC06-3140B9725DA9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{407A7A16-22FC-43E9-B5EE-ABDF6AFB4139}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44DDE207-8901-4145-81CF-708D478B96DB}" = protocol=6 | dir=out | app=system |
"{4A40EE4F-C3C6-436B-B259-4CFB262B1F83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64AFC433-A25A-4DC7-9149-6D9881F3EFE4}" = protocol=6 | dir=in | app=c:\users\jim\documents\downloads\programs\utorrent.exe |
"{6FBE02FA-ADBA-4720-84D1-0DAF859FB22C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{70A1EAF0-EB36-4806-A368-301EA303EB4D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72696860-5113-4C2D-B6D2-D0B0C36A6220}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86417016-7D28-4774-AFCC-19BD57CB1549}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8AACEBEE-EFCC-43CB-AF7B-BF833523CE67}" = protocol=58 | dir=in | [email protected],-28545 |
"{9894863A-ED1E-48E6-95C8-CD6A41D83518}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9D6A2578-76C5-4124-9D8E-0B738D9C47DA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A758584F-0C65-429D-874A-B3332C15F850}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEC662AB-1249-43A7-953B-6705702B66B1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{AFB92DEF-8FD0-461A-A23D-17CBD04C5F32}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B07398AB-6D9C-4DED-8A85-F55E6C39508E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B558918B-DDC4-497C-B43B-F0EAC443CADB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B5C7AC95-B71A-477B-AAD9-2CF6365B2AA5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{B6ECE2D8-FE60-4400-BF41-3C121EA1DD74}" = protocol=1 | dir=in | [email protected],-28543 |
"{B77174B6-1720-4E32-A589-D5E88C6FBC8B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BDEEBE2A-2583-4EB5-98D6-B5581A358172}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C04E968F-0E68-462F-AAFB-FC1FA66F6789}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2130377-33F0-4300-B75F-2CAC67293B32}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2F0F1B8-FA77-49F6-922E-0FC46A25A182}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{DB13A31E-FF0F-4430-BFA1-F05206906EA0}" = protocol=58 | dir=out | [email protected],-28546 |
"{E6B654EB-FFA5-4AB5-8AB9-2262D8E05AA4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{3F27159B-84E8-4389-A94D-31B64647EC6A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{49F99948-0DA7-4C4B-A53E-0DB9AE978685}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{A42EEC87-6927-4E7B-9062-0ED3074D3AC2}C:\program files (x86)\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dap\dap.exe |
"TCP Query User{C997198F-7A10-4B4A-A7E3-A3B72772A8BD}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{2C370F62-01DF-4469-9813-AE8C13E2C19D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{36CBE3AE-DEA5-4404-8E3E-D17ECD5AEE45}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{60AE1526-A64B-4705-8C13-F86904C2B16E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{ABB74595-B063-489D-855B-50A9DB154BC2}C:\program files (x86)\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dap\dap.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java™ 6 Update 30 (64-bit)
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B16730D8-C156-46DF-860F-C5489C5ADEC5}" = Smart Technology Programming Software 7.0.0.26
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 2.0.1.9
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian
"{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{63824BC0-B747-43F3-9863-1066D64AD919}" = Photo Gallery
"{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean
"{6A18FC1F-DFDC-4F76-96E0-58414F7C02EA}" = Contact Sheets 1.7.0.1
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai
"{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}" = Movie Maker
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese
"{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek
"{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian
"{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish
"{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German
"{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech
"{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common
"{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Internet Download Manager" = Internet Download Manager
"JBidwatcher_0" = JBidwatcher 2.5.3pre3
"OpenAL" = OpenAL
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 550" = Left 4 Dead 2
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.0
"Winrar 3.93" = Winrar 3.93

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/06/2013 14:41:18 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: MSHTML.dll, version: 10.0.9200.16576,
time stamp: 0x515e45ac Exception code: 0xc0000005 Fault offset: 0x009bf787 Faulting
process id: 0x638 Faulting application start time: 0x01ce621c2330a906 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 81ccfd75-ce0f-11e2-a7c3-6cf049dc5530

Error - 05/06/2013 14:42:12 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: MSHTML.dll, version: 10.0.9200.16576,
time stamp: 0x515e45ac Exception code: 0xc0000005 Fault offset: 0x009bf787 Faulting
process id: 0x1248 Faulting application start time: 0x01ce621c51a71be0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: a215ed9a-ce0f-11e2-a7c3-6cf049dc5530

Error - 05/06/2013 14:43:04 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: MSHTML.dll, version: 10.0.9200.16576,
time stamp: 0x515e45ac Exception code: 0xc0000005 Fault offset: 0x009bf787 Faulting
process id: 0x1540 Faulting application start time: 0x01ce621c7a6d7b08 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: c11d5859-ce0f-11e2-a7c3-6cf049dc5530

Error - 05/06/2013 14:46:19 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: MSHTML.dll, version: 10.0.9200.16576,
time stamp: 0x515e45ac Exception code: 0xc0000005 Fault offset: 0x009bf787 Faulting
process id: 0x17dc Faulting application start time: 0x01ce621ce3cc2331 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 3523d1b4-ce10-11e2-a7c3-6cf049dc5530

Error - 05/06/2013 14:52:09 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: MSHTML.dll, version: 10.0.9200.16576,
time stamp: 0x515e45ac Exception code: 0xc0000005 Fault offset: 0x009bf787 Faulting
process id: 0x2b0 Faulting application start time: 0x01ce621db964d8c8 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 060de1ce-ce11-11e2-a7c3-6cf049dc5530

Error - 05/06/2013 14:52:50 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: MSHTML.dll, version: 10.0.9200.16576,
time stamp: 0x515e45ac Exception code: 0xc0000005 Fault offset: 0x009bf787 Faulting
process id: 0xb68 Faulting application start time: 0x01ce621dd61eef87 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 1ead57da-ce11-11e2-a7c3-6cf049dc5530

Error - 05/06/2013 14:53:39 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: MSHTML.dll, version: 10.0.9200.16576,
time stamp: 0x515e45ac Exception code: 0xc0000005 Fault offset: 0x009bf787 Faulting
process id: 0x1070 Faulting application start time: 0x01ce621dee84de2b Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 3bdbdcfd-ce11-11e2-a7c3-6cf049dc5530

Error - 07/06/2013 08:13:01 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16576,
time stamp: 0x515e30fe Faulting module name: MSHTML.dll, version: 10.0.9200.16576,
time stamp: 0x515e45ac Exception code: 0xc0000005 Fault offset: 0x007cf5c8 Faulting
process id: 0x7e8 Faulting application start time: 0x01ce636ca6abe241 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Windows\system32\MSHTML.dll Report Id: 98e52315-cf6b-11e2-a7c3-6cf049dc5530

Error - 07/06/2013 09:51:00 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ProfilerU.exe, version: 7.0.0.26, time
stamp: 0x4bcf3037 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000022bfcf0 Faulting process id: 0x8ec Faulting
application start time: 0x01ce63860406cad2 Faulting application path: C:\Program
Files\Saitek\SD6\Software\ProfilerU.exe Faulting module path: unknown Report Id:
48bfa8c2-cf79-11e2-9aaf-6cf049dc5530

Error - 09/06/2013 14:47:27 | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ProfilerU.exe, version: 7.0.0.26, time
stamp: 0x4bcf3037 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000021bfd00 Faulting process id: 0x898 Faulting
application start time: 0x01ce6541c3f280a9 Faulting application path: C:\Program
Files\Saitek\SD6\Software\ProfilerU.exe Faulting module path: unknown Report Id:
076a04d4-d135-11e2-ade6-6cf049dc5530

[ Media Center Events ]
Error - 29/10/2011 03:49:22 | Computer Name = Jim-PC | Source = MCUpdate | ID = 0
Description = 08:49:22 - Error connecting to the internet. 08:49:22 - Unable
to contact server..

[ System Events ]
Error - 11/06/2013 11:43:53 | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 11/06/2013 12:19:10 | Computer Name = Jim-PC | Source = DCOM | ID = 10016
Description =

Error - 11/06/2013 14:20:52 | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 12/06/2013 05:42:55 | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 12/06/2013 07:07:19 | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 12/06/2013 07:18:22 | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 12/06/2013 07:43:50 | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 12/06/2013 08:22:00 | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 12/06/2013 13:42:07 | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 13/06/2013 02:42:19 | Computer Name = Jim-PC | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello XXX

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
kerrykitten

kerrykitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Thanks for getting back to me so quickly :thumbsup:

The toolbar has gone but ie is still a little slow to respond.

Here are the logs.

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 09:34:45
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jim - JIM-PC
# Boot Mode : Normal
# Running from : C:\Users\Jim\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Speedbit
Folder Deleted : C:\Users\Jim\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jim\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Jim\AppData\Roaming\DriverCure

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\17ndzi5h.default\prefs.js

C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\17ndzi5h.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://www.claro-search.com/?affID=120129&babsrc=NT_ss&mntrId=6abe4[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "Claro Search");
Deleted : user_pref("extensions.508588393355e.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=120129&babsrc[...]

*************************

AdwCleaner[S1].txt - [4275 octets] - [13/06/2013 09:34:45]

########## EOF - C:\AdwCleaner[S1].txt - [4335 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jim on 13/06/2013 at 9:44:25.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\linkurysmartbar.bandobjectattribute



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/06/2013 at 10:13:32.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kerrykitten

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
kerrykitten

kerrykitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo

Had some issues with Combofix. After switching off comodo antivirus defense+ and sandbox then closing the program down completly,
Combofix still said there was an active scanner :confused:

There was nothing showing in the task manager so I ran it.

Also when i opened ie it said that the registry key was marked for deletion and wouldnt open, I did a restart it it works fine now :thumbsup:

Pc seems to be running fine other than that.

Thanks

Kerry


ComboFix 13-06-12.02 - Jim 13/06/2013 14:15:23.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4094.2869 [GMT 1:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-05-13 to 2013-06-13 )))))))))))))))))))))))))))))))
.
.
2013-06-13 13:24 . 2013-06-13 13:24 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-06-13 13:24 . 2013-06-13 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-13 08:49 . 2013-06-13 08:49 -------- d-----w- c:\users\Jim\AppData\Local\ElevatedDiagnostics
2013-06-13 08:41 . 2013-06-13 08:41 -------- d-----w- c:\windows\ERUNT
2013-06-13 08:41 . 2013-06-13 08:44 -------- d-----w- C:\JRT
2013-06-12 12:25 . 2013-06-13 07:12 -------- d-----w- c:\users\Jim\AppData\Roaming\IDM
2013-06-12 12:25 . 2013-06-12 12:25 -------- d-----w- c:\program files (x86)\Internet Download Manager
2013-06-12 12:20 . 2013-06-12 12:20 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-06-12 12:05 . 2013-06-12 12:06 -------- d-----w- c:\users\Jim\AppData\Roaming\EQATEC Analytics
2013-06-12 12:03 . 2013-06-12 12:03 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-06-12 12:03 . 2013-06-12 12:03 109696 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2013-06-12 09:54 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 09:54 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 09:54 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 09:54 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 09:54 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 09:54 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 09:54 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-11 23:47 . 2013-06-11 23:47 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-11 23:47 . 2013-06-11 23:47 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-11 23:46 . 2013-06-11 23:46 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-11 23:46 . 2013-06-11 23:46 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-11 23:46 . 2013-06-11 23:46 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-11 23:46 . 2013-06-11 23:46 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-11 23:46 . 2013-06-11 23:46 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-11 23:46 . 2013-06-11 23:46 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-11 23:46 . 2013-06-11 23:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-11 23:46 . 2013-06-11 23:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-11 23:46 . 2013-06-11 23:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-11 23:46 . 2013-06-11 23:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-08 12:48 . 2013-06-08 12:49 -------- d-----w- c:\programdata\SUPERSetup
2013-06-08 11:28 . 2013-06-08 11:28 -------- d-----w- c:\users\Jim\AppData\Local\Diagnostics
2013-06-07 13:50 . 2013-06-07 13:50 -------- d-----w- c:\users\Jim\AppData\Local\VirtualStore
2013-06-07 13:47 . 2013-06-07 13:47 -------- d-----w- c:\programdata\Motive
2013-06-07 13:45 . 2013-06-07 13:45 -------- d-----w- c:\program files (x86)\Common Files\Motive
2013-06-07 13:38 . 2013-06-07 13:48 -------- d-----w- c:\program files\Common Files\Motive
2013-06-05 15:45 . 2013-06-05 15:45 -------- d-----w- c:\program files (x86)\Panda Security
2013-05-28 16:05 . 2013-05-28 16:06 -------- d-----w- c:\program files\CCleaner
2013-05-16 17:44 . 2013-05-16 17:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-16 17:44 . 2013-05-16 17:44 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-16 17:44 . 2013-05-16 17:44 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-16 16:59 . 2013-05-16 16:59 -------- d-----w- c:\users\Jim\AppData\Local\COMODO
2013-05-15 11:52 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 11:52 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 11:52 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 11:51 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 11:51 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 11:51 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 11:51 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 11:51 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 11:51 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 11:51 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 11:51 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 11:51 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 11:12 . 2011-07-22 13:12 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 00:16 . 2012-04-18 06:18 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 00:16 . 2011-07-22 13:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-05 12:41 . 2012-07-17 14:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 17:44 . 2011-07-25 06:45 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-30 10:49 . 2013-04-30 10:49 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-13 05:49 . 2013-05-15 11:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 11:52 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 11:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 11:52 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 11:52 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 11:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:31 . 2013-04-12 13:31 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-12 13:31 . 2013-04-12 13:31 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-12 13:31 . 2013-04-12 13:31 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-12 13:31 . 2013-04-12 13:31 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-12 13:31 . 2013-04-12 13:31 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-12 13:31 . 2013-04-12 13:31 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-12 13:31 . 2013-04-12 13:31 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-05 22:42 . 2013-03-23 15:43 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-04-05 22:42 . 2013-03-23 11:51 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-04-05 22:42 . 2013-03-23 11:51 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-04-05 22:16 . 2013-03-23 11:51 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-03-29 02:37 . 2011-04-20 00:21 139696 ----a-w- c:\windows\system32\atiuxp64.dll
2013-03-29 02:37 . 2013-03-29 02:37 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-03-29 02:37 . 2013-03-29 02:37 112440 ----a-w- c:\windows\system32\atiu9p64.dll
2013-03-29 02:37 . 2012-09-28 01:10 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-03-29 02:37 . 2012-09-28 01:41 1155264 ----a-w- c:\windows\system32\aticfx64.dll
2013-03-29 02:37 . 2012-09-28 01:43 970912 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-03-29 02:36 . 2012-09-28 01:22 8272136 ----a-w- c:\windows\system32\atidxx64.dll
2013-03-29 02:36 . 2013-03-29 02:36 7233336 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-03-29 02:36 . 2012-09-28 01:22 4450264 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-03-29 02:36 . 2012-09-28 02:23 5944264 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-03-29 02:36 . 2012-09-28 01:31 5000320 ----a-w- c:\windows\system32\atiumd6a.dll
2013-03-29 02:36 . 2012-09-28 01:25 6985624 ----a-w- c:\windows\system32\atiumd64.dll
2013-03-29 02:35 . 2013-03-29 02:35 11658752 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-03-29 02:13 . 2013-03-29 02:13 222720 ----a-w- c:\windows\system32\clinfo.exe
2013-03-29 02:13 . 2013-03-29 02:13 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13 . 2013-03-29 02:13 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-03-29 02:13 . 2013-03-29 02:13 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-03-29 02:13 . 2013-03-29 02:13 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13 . 2013-03-29 02:13 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-03-29 02:13 . 2013-03-29 02:13 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-03-29 02:13 . 2013-03-29 02:13 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2013-03-29 02:12 . 2013-03-29 02:12 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-03-29 02:12 . 2013-03-29 02:12 29150720 ----a-w- c:\windows\system32\amdocl64.dll
2013-03-29 02:10 . 2013-03-29 02:10 23810560 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-03-29 02:09 . 2013-03-29 02:09 54784 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-29 02:09 . 2013-03-29 02:09 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-03-29 02:04 . 2013-03-29 02:04 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2013-03-29 02:00 . 2013-03-29 02:00 76800 ----a-w- c:\windows\system32\coinst_12.104.dll
2013-03-29 01:57 . 2013-03-29 01:57 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-03-29 01:55 . 2013-03-29 01:55 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-03-29 01:55 . 2013-03-29 01:55 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-03-29 01:55 . 2013-03-29 01:55 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-03-29 01:55 . 2013-03-29 01:55 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-03-29 01:55 . 2013-03-29 01:55 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-03-29 01:51 . 2013-03-29 01:51 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-03-29 01:48 . 2013-03-29 01:48 19870720 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-03-29 01:35 . 2013-03-29 01:35 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-03-29 01:35 . 2013-03-29 01:35 562688 ----a-w- c:\windows\system32\atieclxx.exe
2013-03-29 01:34 . 2013-03-29 01:34 241152 ----a-w- c:\windows\system32\atiesrxx.exe
2013-03-29 01:33 . 2013-03-29 01:33 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-03-29 01:32 . 2013-03-29 01:32 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-03-29 01:32 . 2013-03-29 01:32 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-03-29 01:32 . 2013-03-29 01:32 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 636416 ----a-w- c:\windows\system32\atiadlxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 430080 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-03-29 01:10 . 2013-03-29 01:10 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 44032 ----a-w- c:\windows\system32\atig6txx.dll
2013-03-29 01:09 . 2013-03-29 01:09 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-03-29 01:09 . 2013-03-29 01:09 581120 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-03-29 01:07 . 2013-03-29 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-03-19 17:49 . 2013-03-19 17:49 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-03-16 3478936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CSRiskMon - Shortcut.lnk - c:\program files (x86)\CyberScrub Privacy Suite\CSRiskMon.exe [2011-10-7 2425072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R1 SASDIFSV;SASDIFSV; [x]
R1 SASKUTIL;SASKUTIL; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys;c:\windows\SYSNATIVE\DRIVERS\ManyCam_x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c:\windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0728.sys [x]
S3 SaiK0CC3;SaiK0CC3;c:\windows\system32\DRIVERS\SaiK0CC3.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CC3.sys [x]
S3 SaiU0CC3;SaiU0CC3;c:\windows\system32\DRIVERS\SaiU0CC3.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CC3.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 00:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProfilerU"="c:\program files\saitek\sd6\software\profileru.exe" [2010-04-21 378880]
"COMODO Internet Security"="c:\program files\comodo\comodo internet security\cfp.exe" [2012-11-07 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F584DA98-5D22-46EF-ABDF-4CD83496DF16}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4096445543-934598942-808191007-1001_Classes\Wow6432Node\CLSID\{3181d569-fb93-4d2e-852b-5378c8c43c07}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000114
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-4096445543-934598942-808191007-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):c0,11,eb,e3,75,00,47,16,ec,06,a1,b2,d2,bb,b9,84,cc,54,8c,69,6d,
03,0e,c4,a0,a8,02,cf,76,96,79,cd,81,3e,d0,a1,d6,d4,77,8e,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-06-13 14:32:25 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-13 13:32
.
Pre-Run: 177,234,227,200 bytes free
Post-Run: 177,347,211,264 bytes free
.
- - End Of File - - B03B9D5E6D39E0032D16DA2EF89C5205
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kerrykitten

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::



Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#7
kerrykitten

kerrykitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo

I was a little bit unclear about the last instruction, what I did was
created a notepad file containing:

ClearJavaCache::

Saved it to desktop as CFScript.txt and dragged it into Combofix.

Is that correct? If it is correct here is the log file.


Thankyou


ComboFix 13-06-13.01 - Jim 14/06/2013 6:14.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4094.2945 [GMT 1:00]
Running from: c:\users\Jim\Desktop\ComboFix.exe
Command switches used :: c:\users\Jim\Desktop\CFScript.txt
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-05-14 to 2013-06-14 )))))))))))))))))))))))))))))))
.
.
2013-06-14 05:24 . 2013-06-14 05:24 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-06-14 05:24 . 2013-06-14 05:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-13 08:49 . 2013-06-13 08:49 -------- d-----w- c:\users\Jim\AppData\Local\ElevatedDiagnostics
2013-06-13 08:41 . 2013-06-13 08:41 -------- d-----w- c:\windows\ERUNT
2013-06-13 08:41 . 2013-06-13 08:44 -------- d-----w- C:\JRT
2013-06-12 12:25 . 2013-06-13 07:12 -------- d-----w- c:\users\Jim\AppData\Roaming\IDM
2013-06-12 12:25 . 2013-06-12 12:25 -------- d-----w- c:\program files (x86)\Internet Download Manager
2013-06-12 12:20 . 2013-06-12 12:20 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2013-06-12 12:05 . 2013-06-12 12:06 -------- d-----w- c:\users\Jim\AppData\Roaming\EQATEC Analytics
2013-06-12 12:03 . 2013-06-12 12:03 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-06-12 12:03 . 2013-06-12 12:03 109696 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2013-06-12 09:54 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 09:54 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 09:54 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 09:54 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 09:54 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 09:54 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 09:54 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-11 23:47 . 2013-06-11 23:47 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-11 23:47 . 2013-06-11 23:47 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-11 23:46 . 2013-06-11 23:46 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-11 23:46 . 2013-06-11 23:46 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-11 23:46 . 2013-06-11 23:46 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-11 23:46 . 2013-06-11 23:46 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-11 23:46 . 2013-06-11 23:46 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-11 23:46 . 2013-06-11 23:46 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-11 23:46 . 2013-06-11 23:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-11 23:46 . 2013-06-11 23:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-11 23:46 . 2013-06-11 23:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-11 23:46 . 2013-06-11 23:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-08 12:48 . 2013-06-08 12:49 -------- d-----w- c:\programdata\SUPERSetup
2013-06-08 11:28 . 2013-06-08 11:28 -------- d-----w- c:\users\Jim\AppData\Local\Diagnostics
2013-06-07 13:50 . 2013-06-07 13:50 -------- d-----w- c:\users\Jim\AppData\Local\VirtualStore
2013-06-07 13:47 . 2013-06-07 13:47 -------- d-----w- c:\programdata\Motive
2013-06-07 13:45 . 2013-06-07 13:45 -------- d-----w- c:\program files (x86)\Common Files\Motive
2013-06-07 13:38 . 2013-06-07 13:48 -------- d-----w- c:\program files\Common Files\Motive
2013-06-05 15:45 . 2013-06-05 15:45 -------- d-----w- c:\program files (x86)\Panda Security
2013-05-28 16:05 . 2013-05-28 16:06 -------- d-----w- c:\program files\CCleaner
2013-05-16 17:44 . 2013-05-16 17:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-16 17:44 . 2013-05-16 17:44 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-16 17:44 . 2013-05-16 17:44 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-16 16:59 . 2013-05-16 16:59 -------- d-----w- c:\users\Jim\AppData\Local\COMODO
2013-05-15 11:52 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 11:52 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 11:52 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 11:51 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 11:51 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 11:51 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 11:51 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 11:51 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 11:51 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 11:51 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 11:51 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 11:51 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 11:12 . 2011-07-22 13:12 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 00:16 . 2012-04-18 06:18 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 00:16 . 2011-07-22 13:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-05 12:41 . 2012-07-17 14:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 17:44 . 2011-07-25 06:45 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-30 10:49 . 2013-04-30 10:49 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-13 05:49 . 2013-05-15 11:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 11:52 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 11:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 11:52 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 11:52 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 11:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:31 . 2013-04-12 13:31 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-12 13:31 . 2013-04-12 13:31 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-12 13:31 . 2013-04-12 13:31 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-12 13:31 . 2013-04-12 13:31 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-12 13:31 . 2013-04-12 13:31 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-12 13:31 . 2013-04-12 13:31 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-12 13:31 . 2013-04-12 13:31 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-05 22:42 . 2013-03-23 15:43 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-04-05 22:42 . 2013-03-23 11:51 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-03-29 02:37 . 2011-04-20 00:21 139696 ----a-w- c:\windows\system32\atiuxp64.dll
2013-03-29 02:37 . 2013-03-29 02:37 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-03-29 02:37 . 2013-03-29 02:37 112440 ----a-w- c:\windows\system32\atiu9p64.dll
2013-03-29 02:37 . 2012-09-28 01:10 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-03-29 02:37 . 2012-09-28 01:41 1155264 ----a-w- c:\windows\system32\aticfx64.dll
2013-03-29 02:37 . 2012-09-28 01:43 970912 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-03-29 02:36 . 2012-09-28 01:22 8272136 ----a-w- c:\windows\system32\atidxx64.dll
2013-03-29 02:36 . 2013-03-29 02:36 7233336 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-03-29 02:36 . 2012-09-28 01:22 4450264 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-03-29 02:36 . 2012-09-28 02:23 5944264 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-03-29 02:36 . 2012-09-28 01:31 5000320 ----a-w- c:\windows\system32\atiumd6a.dll
2013-03-29 02:36 . 2012-09-28 01:25 6985624 ----a-w- c:\windows\system32\atiumd64.dll
2013-03-29 02:35 . 2013-03-29 02:35 11658752 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-03-29 02:13 . 2013-03-29 02:13 222720 ----a-w- c:\windows\system32\clinfo.exe
2013-03-29 02:13 . 2013-03-29 02:13 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13 . 2013-03-29 02:13 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-03-29 02:13 . 2013-03-29 02:13 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-03-29 02:13 . 2013-03-29 02:13 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13 . 2013-03-29 02:13 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-03-29 02:13 . 2013-03-29 02:13 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-03-29 02:13 . 2013-03-29 02:13 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2013-03-29 02:12 . 2013-03-29 02:12 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-03-29 02:12 . 2013-03-29 02:12 29150720 ----a-w- c:\windows\system32\amdocl64.dll
2013-03-29 02:10 . 2013-03-29 02:10 23810560 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-03-29 02:09 . 2013-03-29 02:09 54784 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-29 02:09 . 2013-03-29 02:09 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-03-29 02:04 . 2013-03-29 02:04 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2013-03-29 02:00 . 2013-03-29 02:00 76800 ----a-w- c:\windows\system32\coinst_12.104.dll
2013-03-29 01:57 . 2013-03-29 01:57 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-03-29 01:55 . 2013-03-29 01:55 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-03-29 01:55 . 2013-03-29 01:55 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-03-29 01:55 . 2013-03-29 01:55 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-03-29 01:55 . 2013-03-29 01:55 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-03-29 01:55 . 2013-03-29 01:55 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-03-29 01:51 . 2013-03-29 01:51 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-03-29 01:48 . 2013-03-29 01:48 19870720 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-03-29 01:35 . 2013-03-29 01:35 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-03-29 01:35 . 2013-03-29 01:35 562688 ----a-w- c:\windows\system32\atieclxx.exe
2013-03-29 01:34 . 2013-03-29 01:34 241152 ----a-w- c:\windows\system32\atiesrxx.exe
2013-03-29 01:33 . 2013-03-29 01:33 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-03-29 01:32 . 2013-03-29 01:32 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-03-29 01:32 . 2013-03-29 01:32 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-03-29 01:32 . 2013-03-29 01:32 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 636416 ----a-w- c:\windows\system32\atiadlxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 430080 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-03-29 01:10 . 2013-03-29 01:10 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 44032 ----a-w- c:\windows\system32\atig6txx.dll
2013-03-29 01:09 . 2013-03-29 01:09 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-03-29 01:09 . 2013-03-29 01:09 581120 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-03-29 01:07 . 2013-03-29 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-03-19 17:49 . 2013-03-19 17:49 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-03-16 3478936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CSRiskMon - Shortcut.lnk - c:\program files (x86)\CyberScrub Privacy Suite\CSRiskMon.exe [2011-10-7 2425072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R1 SASDIFSV;SASDIFSV; [x]
R1 SASKUTIL;SASKUTIL; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys;c:\windows\SYSNATIVE\Drivers\btnetBus.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys;c:\windows\SYSNATIVE\Drivers\IvtBtBus.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys;c:\windows\SYSNATIVE\DRIVERS\ManyCam_x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys;c:\windows\SYSNATIVE\Drivers\BtHidBus.sys [x]
S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys;c:\windows\SYSNATIVE\DRIVERS\MxEFUF64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0728.sys [x]
S3 SaiK0CC3;SaiK0CC3;c:\windows\system32\DRIVERS\SaiK0CC3.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0CC3.sys [x]
S3 SaiU0CC3;SaiU0CC3;c:\windows\system32\DRIVERS\SaiU0CC3.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU0CC3.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 00:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProfilerU"="c:\program files\saitek\sd6\software\profileru.exe" [2010-04-21 378880]
"COMODO Internet Security"="c:\program files\comodo\comodo internet security\cfp.exe" [2012-11-07 9577680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F584DA98-5D22-46EF-ABDF-4CD83496DF16}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4096445543-934598942-808191007-1001_Classes\Wow6432Node\CLSID\{3181d569-fb93-4d2e-852b-5378c8c43c07}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000114
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-4096445543-934598942-808191007-1001_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):c0,11,eb,e3,75,00,47,16,ec,06,a1,b2,d2,bb,b9,84,cc,54,8c,69,6d,
03,0e,c4,a0,a8,02,cf,76,96,79,cd,81,3e,d0,a1,d6,d4,77,8e,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-14 06:27:25
ComboFix-quarantined-files.txt 2013-06-14 05:27
.
Pre-Run: 177,180,168,192 bytes free
Post-Run: 177,105,166,336 bytes free
.
- - End Of File - - 7C5A52750817C6B5B2C3E789BE328E56
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kerrykitten

You did very well!! Now I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#9
kerrykitten

kerrykitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo

Here's the report :thumbsup:

Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Advanced SystemCare 6
µTorrent
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Contact Sheets 1.7.0.1
D3DX10
Internet Download Manager
Java 7 Update 21
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 29
JBidwatcher 2.5.3pre3
Junk Mail filter update
Left 4 Dead 2
Microsoft Office Excel Viewer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA PhysX
OpenAL
Photo Common
Photo Gallery
Realtek HDMI Audio Driver for ATI
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
VLC media player 2.0.0
VSO Image Resizer 2.0.1.9
Windows Live Communications Platform
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Winrar 3.93
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld



These logs are looking allot better. But we still have some work to do.


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove


µTorrent
Java™ 6 Update 22
Java™ 6 Update 29


[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic



"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

Advertisements


#11
kerrykitten

kerrykitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Gringo

I had no problems and system seems to running fine now.

Thanks :thumbsup:


Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.14.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jim :: JIM-PC [administrator]

Protection: Disabled

14/06/2013 17:05:49
mbam-log-2013-06-14 (17-05-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232749
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Detected: 0
(No items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:12:55, on 14/06/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\CyberGhost VPN\CyberGhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Users\Jim\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\RunOnce: [Privacy Suite] "C:\Program Files (x86)\CyberScrub Privacy Suite\CSPSeraser.exe" "/R:C:\Users\Jim\AppData\Roaming\CyberScrub\Privacy Suite"
O4 - Startup: CSRiskMon - Shortcut.lnk = C:\Program Files (x86)\CyberScrub Privacy Suite\CSRiskMon.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bit...m/qsax/qsax.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F584DA98-5D22-46EF-ABDF-4CD83496DF16}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 7679 bytes
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
      O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#13
kerrykitten

kerrykitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hey Gringo

All done as instructed and eset found nothing :thumbsup:

Very happy :whistling:
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kerrykitten

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.



:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them
Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

As Java seems to get exploited on a daily basis I advise to disable java in your web browsers - How to disable java in your web browsers - Disable Java



The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
  • 0

#15
kerrykitten

kerrykitten

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hey Gringo

All done. Thankyou so much for your help you've been outstanding.

This thread can now be closed.

Thanks again

Kerry
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP