Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Quick Screen flashes, maxxed out, can't run otl even is safemode.

Started by cradl , Jun 07 2011 10:35 PM

  • This topic is locked This topic is locked

#16
cradl
Posted 10 June 2011 - 02:26 AM

cradl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 279 posts
FIREFOX is slower than normal
  • 0

Advertisements

#17
Essexboy
Posted 10 June 2011 - 04:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For the associations go to this page

And from the table select the associations that you need to repair
This will download a small reg file
Right click and select run as administrator

[attachment=50731:Capture.GIF]

Once done we will then look at the speed problem
  • 0

#18
cradl
Posted 10 June 2011 - 04:30 AM

cradl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 279 posts
OK I will be home today about 11am my time
  • 0

#19
cradl
Posted 10 June 2011 - 11:16 AM

cradl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 279 posts
Ok looks like I took care of them. Would you like to do a HJT file?
  • 0

#20
Essexboy
Posted 10 June 2011 - 11:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No need for that as the last OTL looked good :)

What problems remain now ?
  • 0

#21
cradl
Posted 10 June 2011 - 11:45 AM

cradl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 279 posts
Well it seems to be pretty good. Mouse a little quirky, like a mind of its own sometimes, 72 Processes, CPU at 1%, Phys Memory at 50% but it doesn't seem to be spinning up like before. These are some that I was wondering about? The others I saw are gone now.I'am still seeing a screen flash flicker On both screens R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) Don't have sidebar (I'm assuming Gadgets?" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') These because of the funky -res://C:\ and & symbols, noname, {267xxxxxx} - C type entry "I do use bluetooth, adobe and micro" O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
  • 0

#22
cradl
Posted 10 June 2011 - 11:56 AM

cradl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 279 posts
Sorry...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
  • 0

#23
Essexboy
Posted 10 June 2011 - 11:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets go through them - You have windows 7 so it will keep as much data in memory as possible. this makes for a smoother running system

Dual monitor flicker, do you have the latest video drivers ?

Sidebar and mctadmin will always run but use no memory

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

These are just options for IE and are not in use


IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local

These can be removed with OTL but are of no import
  • 0

#24
cradl
Posted 10 June 2011 - 12:09 PM

cradl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 279 posts
Ok how to remove with OTL, I'm used to HJT. Yes I have updated drivers, just that it never flickered before until this. Same with mouse funniness. I just remember back in 2006 my first virus, it was doing kinda the same thing. It took crustyoldblot and me like a month.
  • 0

#25
Essexboy
Posted 10 June 2011 - 12:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Although I feel there is nothing left lets run one more programme

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()


    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

Advertisements

#26
cradl
Posted 10 June 2011 - 02:04 PM

cradl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 279 posts
Ok I ran OTL done with log. Then ran combofix, witch I didn't know was still around for 7... use to use that myself. the thing is on reboot and creating log it has hung up. I did this as soon as you posted. So not sure of time difference your last post was 133pm it is now 403pm my time. What should I do. "Preparing log report, do not run any programs until finished" its been like that for at least an hour. Also it deleted three files. Oh also I'm on my laptop...
  • 0

#27
cradl
Posted 10 June 2011 - 03:07 PM

cradl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 279 posts
Ok here it is. OTL and combo

All processes killed
Error: Unable to interpret <IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-2792430508-956531303-3221676133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()> in the current context!
Error: Unable to interpret <O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\AMUN-RE\Desktop\cmd.bat deleted successfully.
C:\Users\AMUN-RE\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: AMUN-RE
->Temp folder emptied: 1107 bytes
->Temporary Internet Files folder emptied: 596890 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 180836228 bytes
->Google Chrome cache emptied: 69137899 bytes
->Flash cache emptied: 899 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 541759 bytes
RecycleBin emptied: 114712 bytes

Total Files Cleaned = 240.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: AMUN-RE
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.23.0 log created on 06102011_144158

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


ComboFix 11-06-10.05 - AMUN-RE 06/10/2011 14:56:34.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1902 [GMT -4:00]
Running from: c:\users\AMUN-RE\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AMUN-RE\AppData\Roaming\inst.exe
M:\Autorun.inf
M:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-10 19:10 . 2011-06-10 19:11 -------- d-----w- c:\users\AMUN-RE\AppData\Local\temp
2011-06-10 19:10 . 2011-06-10 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-10 19:10 . 2011-06-10 19:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-06-10 18:50 . 2011-06-10 18:52 -------- d-----w- C:\32788R22FWJFW
2011-06-10 18:41 . 2011-06-10 18:41 -------- d-----w- C:\_OTL
2011-06-09 21:56 . 2011-05-09 17:46 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1B37CDA-FF42-4BC0-8C95-C1B0E088E099}\mpengine.dll
2011-06-08 21:48 . 2011-06-08 21:48 -------- d-----w- C:\_OTS
2011-06-07 02:10 . 2010-11-09 18:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-07 02:10 . 2010-11-09 18:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-06-07 00:06 . 2011-06-07 00:10 -------- d-----w- c:\program files\SpywareBlaster
2011-06-06 20:11 . 2011-06-06 20:11 -------- d-----w- c:\program files\ESET
2011-06-06 19:32 . 2011-06-06 19:32 -------- d-----w- c:\program files\Trend Micro
2011-06-05 14:20 . 2011-06-05 14:20 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2011-06-05 03:39 . 2011-06-05 03:39 -------- d-----w- c:\users\AMUN-RE\AppData\Roaming\SUPERAntiSpyware.com
2011-06-05 03:39 . 2011-06-05 03:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-05 03:38 . 2011-06-05 03:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-31 09:11 . 2011-05-31 09:18 -------- d-----w- c:\program files\FileZilla Server
2011-05-30 11:37 . 2011-05-30 11:38 -------- d-----w- c:\users\Default\AppData\Roaming\onOne Software
2011-05-30 11:34 . 2011-05-30 11:35 -------- d-----w- c:\users\Administrator\AppData\Roaming\onOne Software
2011-05-30 11:24 . 2011-05-17 14:13 227840 ----a-w- c:\windows\system32\Deco_32.dll
2011-05-30 11:22 . 2011-05-17 14:17 66560 ----a-w- c:\windows\system32\nlssrv32.exe
2011-05-30 01:55 . 2011-05-30 01:55 -------- d-----w- c:\users\Administrator\AppData\Local\LogMeIn
2011-05-27 17:34 . 2011-05-27 17:34 -------- d-----w- C:\androidsdk
2011-05-26 05:11 . 2011-05-30 12:00 -------- d-----w- c:\users\AMUN-RE\AppData\Roaming\Alien Skin
2011-05-26 04:35 . 2011-05-30 12:00 -------- d-----w- c:\users\AMUN-RE\AppData\Local\Alien Skin
2011-05-25 04:21 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-25 00:13 . 2011-05-25 00:13 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2
2011-05-25 00:03 . 2011-06-07 16:32 -------- d-----w- c:\users\AMUN-RE\SecurityScans
2011-05-23 23:28 . 2011-05-23 23:28 -------- d-----w- c:\programdata\ATI
2011-05-23 23:27 . 2011-05-23 23:27 -------- d-----w- c:\program files\AMD APP
2011-05-21 05:14 . 2011-01-30 04:35 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7E7B6B15-BCAD-48C1-99D7-ABF558A5197F}\gapaengine.dll
2011-05-20 05:07 . 2011-06-10 18:48 -------- d-----r- c:\users\AMUN-RE\Dropbox
2011-05-20 02:54 . 2011-05-20 02:55 -------- d-----w- c:\programdata\Alien Skin
2011-05-20 02:49 . 2011-05-26 04:32 -------- d-----w- c:\program files\Alien Skin
2011-05-17 17:55 . 2011-05-17 17:55 -------- d-----w- c:\users\AMUN-RE\AppData\Roaming\Laconic Software
2011-05-16 21:58 . 2011-05-31 15:15 -------- d-----w- c:\users\AMUN-RE\AppData\Local\eSupport.com
2011-05-16 17:27 . 2011-05-16 17:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-15 22:33 . 2011-05-15 22:33 -------- d-----w- c:\users\AMUN-RE\AppData\Local\Broadcom
2011-05-15 22:30 . 2011-05-15 22:24 20008 ----a-w- c:\windows\system32\btwcoins.dll
2011-05-15 22:30 . 2011-05-15 22:24 93224 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2011-05-15 22:30 . 2011-05-15 22:24 33832 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2011-05-15 22:30 . 2011-05-15 22:24 302120 ----a-w- c:\windows\system32\drivers\btwampfl.sys
2011-05-15 22:30 . 2011-05-15 22:24 114728 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2011-05-15 22:30 . 2011-05-15 22:24 18728 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2011-05-15 22:26 . 2011-05-15 22:26 -------- d-----w- c:\program files\WIDCOMM
2011-05-15 20:29 . 2011-05-15 20:33 -------- d-----w- c:\windows\WindowsMobile
2011-05-14 08:11 . 2011-05-14 08:11 -------- d-----w- c:\users\AMUN-RE\AppData\Roaming\Mael
2011-05-14 07:27 . 2011-05-14 07:27 -------- d-----w- c:\program files\HxD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2011-02-08 19:33 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-02-08 19:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-09 17:46 . 2011-01-06 22:34 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-30 19:26 . 2011-04-30 19:34 6904040 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-04-26 19:28 . 2008-08-14 11:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2011-04-21 09:46 . 2011-04-21 09:48 16791288 ----a-w- c:\users\AMUN-RE\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox\Dropbox 1.1.24.exe
2011-04-21 07:58 . 2011-04-21 07:58 3584 ----a-r- c:\users\AMUN-RE\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-04-20 02:43 . 2011-04-20 02:43 7772160 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-04-20 02:10 . 2011-04-20 02:10 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-20 02:10 . 2011-04-20 02:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-20 02:10 . 2011-04-20 02:10 12385280 ----a-w- c:\windows\system32\amdocl.dll
2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-20 02:09 . 2010-11-26 02:58 676864 ----a-w- c:\windows\system32\aticfx32.dll
2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-20 02:05 . 2011-04-20 02:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-20 02:04 . 2011-04-20 02:04 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-20 02:04 . 2011-04-20 02:04 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-20 02:02 . 2011-04-20 02:02 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-20 02:02 . 2011-04-20 02:02 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-20 01:59 . 2010-11-26 02:49 4161536 ----a-w- c:\windows\system32\atidxx32.dll
2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\system32\atiumdmv.dll
2011-04-20 01:38 . 2011-04-20 01:38 4286464 ----a-w- c:\windows\system32\atiumdag.dll
2011-04-20 01:30 . 2011-04-20 01:30 4056576 ----a-w- c:\windows\system32\atiumdva.dll
2011-04-20 01:26 . 2010-11-26 02:24 52736 ----a-w- c:\windows\system32\coinst.dll
2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-04-20 01:22 . 2011-04-20 01:22 243712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-04-20 01:21 . 2010-11-26 02:15 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-04-20 01:21 . 2011-04-20 01:21 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-13 19:02 . 2011-04-13 19:02 40984 ----a-w- c:\windows\system32\drivers\point32.sys
2011-04-13 19:02 . 2011-04-13 19:02 21784 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2011-04-09 06:02 . 2011-05-10 21:52 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-10 21:52 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-11 03:06 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 03:02 . 2011-04-09 03:02 390656 ----a-w- c:\windows\system32\ipcoin815.dll
2011-04-09 03:01 . 2011-04-09 03:01 40448 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 11:32 . 2011-03-26 08:41 118784 ----a-w- c:\windows\dsdxirmv.exe
2011-03-25 16:42 . 2011-01-05 04:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-25 02:58 . 2011-05-10 21:52 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 02:58 . 2011-05-10 21:52 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 02:58 . 2011-05-10 21:52 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 02:57 . 2011-05-10 21:52 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 02:57 . 2011-05-10 21:52 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 02:57 . 2011-05-10 21:52 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-03-20 16:28 . 2011-03-20 16:28 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-20 16:28 . 2011-03-20 16:28 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-20 16:28 . 2011-03-20 16:28 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-20 16:28 . 2011-03-20 16:28 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-20 16:28 . 2011-03-20 16:28 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-20 16:28 . 2011-03-20 16:28 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-20 16:28 . 2011-03-20 16:28 367104 ----a-w- c:\windows\system32\html.iec
2011-03-20 16:28 . 2011-03-20 16:28 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-20 16:28 . 2011-03-20 16:28 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-20 16:28 . 2011-03-20 16:28 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-20 16:28 . 2011-03-20 16:28 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-20 16:28 . 2011-03-20 16:28 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-20 16:28 . 2011-03-20 16:28 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-20 16:28 . 2011-03-20 16:28 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-20 16:28 . 2011-03-20 16:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-20 16:28 . 2011-03-20 16:28 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-03-20 16:28 . 2011-03-20 16:28 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-20 16:28 . 2011-03-20 16:28 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-20 16:28 . 2011-03-20 16:28 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-20 16:28 . 2011-03-20 16:28 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-20 16:28 . 2011-03-20 16:28 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-06 06:24 . 2011-05-06 06:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\AMUN-RE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\AMUN-RE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\AMUN-RE\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"NUSB3MON"="c:\program files\Rocketfish\USB 3.0 PCI Express Card Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-04-26 611712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\AMUN-RE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\AMUN-RE\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^AMUN-RE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\AMUN-RE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 22:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2011-01-31 04:36 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMonitor]
2010-08-25 16:27 84464 ----a-w- c:\program files\Roxio\CinePlayer\5.0\CPMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Disc Tool]
2010-06-30 14:10 477680 ----a-w- c:\program files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-24 00:34 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-01-23 04:06 136176 ----atw- c:\users\AMUN-RE\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-09-17 19:40 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2010-04-16 21:43 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2011-01-24 18:35 136416 ----a-w- c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Send]
2010-07-20 18:18 236816 ----a-w- c:\program files\Memeo\Memeo Send\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 18:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2010-07-16 11:48 307184 ----a-w- c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 13:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
R1 MpKsl0df59e29;MpKsl0df59e29;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A835287-E3AA-478E-BD69-BDD8FC227F6F}\MpKsl0df59e29.sys [x]
R1 MpKsl6bcdaee3;MpKsl6bcdaee3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5406E0D0-7F28-4307-A7A5-A28E3B88B340}\MpKsl6bcdaee3.sys [x]
R1 MpKsl822ba575;MpKsl822ba575;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37B74214-E5C3-44D2-BEDE-CD76ADCD5324}\MpKsl822ba575.sys [x]
R1 MpKsl9cd01731;MpKsl9cd01731;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{642D11C1-66E4-4877-83C4-65B25CF45354}\MpKsl9cd01731.sys [x]
R1 MpKslbc48ae61;MpKslbc48ae61;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BC7E6212-5E4E-485F-95A6-2A61B4B0F300}\MpKslbc48ae61.sys [x]
R1 MpKslcc5ce259;MpKslcc5ce259;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B15D2DCE-5507-4557-8EA7-4B9E58B9F18A}\MpKslcc5ce259.sys [x]
R1 MpKslcda88a4b;MpKslcda88a4b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8050406-DA08-4150-BE65-B2D06EE9902F}\MpKslcda88a4b.sys [x]
R1 MpKsldfe103ed;MpKsldfe103ed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17AF0E18-E757-412B-A3EB-0E3437877D13}\MpKsldfe103ed.sys [x]
R1 MpKslec488897;MpKslec488897;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FC9CAA1-D4D0-4A7B-A9F5-154935A8608F}\MpKslec488897.sys [x]
R1 MpKslf7052d89;MpKslf7052d89;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5406E0D0-7F28-4307-A7A5-A28E3B88B340}\MpKslf7052d89.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Firefox Service;Firefox Service;c:\users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\extensions\[email protected]\svc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2011-04-26 288112]
R3 BTCFilterService;USB Networking Driver Filter Service; [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 45736]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-05-15 302120]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-15 33832]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver; [x]
R3 motccgpfl;MotCcgpFlService; [x]
R3 Motousbnet;Motorola USB Networking Driver Service; [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [2007-04-27 275968]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-07 375808]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;c:\windows\system32\DRIVERS\mrv8ka51.sys [2005-01-06 310656]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-03 1343400]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-02 21488]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-02 15856]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-02 25584]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 98392]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-03 457200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 BOT4Service;BOT4Service;c:\program files\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-03-01 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-05-17 66560]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-10-22 1275584]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 40448]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 64904]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 146568]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [2010-09-17 13408]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 04:06]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 04:06]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2792430508-956531303-3221676133-1000Core.job
- c:\users\AMUN-RE\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 04:06]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2792430508-956531303-3221676133-1000UA.job
- c:\users\AMUN-RE\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-20 04:06]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
FF - ProfilePath - c:\users\AMUN-RE\AppData\Roaming\Mozilla\Firefox\Profiles\jatfysgo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-AutoStartNPSAgent - c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
MSConfigStartUp-BitTorrent - D:\BitTorrent.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2792430508-956531303-3221676133-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED5C32B8-A299-383F-8D85-24C6F431DC43}*]
@Allowed: (Read) (RestrictedCode)
"iafdobjdplfiljpoil"=hex:6a,61,62,6b,64,65,64,6b,65,66,6f,70,61,6a,6b,68,6c,68,
6b,70,00,00
"hapdlcelafcnemag"=hex:6a,61,62,6b,64,65,64,6b,65,66,6f,70,61,6a,6b,68,6c,68,
6b,70,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-10 16:25:31
ComboFix-quarantined-files.txt 2011-06-10 20:25
.
Pre-Run: 6,302,584,832 bytes free
Post-Run: 6,191,116,288 bytes free
.
- - End Of File - - A58A8B9FD6EA88004D7E9A5BF8C6AB56

Edited by cradl, 10 June 2011 - 03:08 PM.

  • 0

#28
Essexboy
Posted 10 June 2011 - 03:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is it still flickering between monitors ?
  • 0

#29
cradl
Posted 10 June 2011 - 03:27 PM

cradl

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 279 posts
I haven't noticed it but just got back on it. Whats it look like??? What was it and how, what did it do
  • 0

#30
Essexboy
Posted 10 June 2011 - 03:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nothing of import was found - I believe you are now clear of malware. If it still flickering we might look at the video drivers

Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools page
  • Select Performance Information and Tools
  • Right click Disc cleanup an select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP