also @ TechSpot: Microsoft Surface RT drops to $199... for schools and colleges

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Computer slow & non-responsive, fast64.dll?

Discussion in 'Virus and Malware Removal' started by Yogin, Oct 8, 2012.

Post New Reply

Page 3 of 4

Yogin Newcomer, in training Posts: 56

ComboFix 12-10-08.03 - living room 10/08/2012 19:41:17.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2014.984 [GMT -5:00]
Running from: c:\users\living room\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\ccrpTmr6.dll
c:\windows\SysWow64\SET75E7.tmp
c:\windows\SysWow64\SET7BD6.tmp
c:\windows\SysWow64\SET7BF8.tmp
c:\windows\SysWow64\SET7DA4.tmp
c:\windows\SysWow64\SET9D4C.tmp
c:\windows\SysWow64\SETA27C.tmp
c:\windows\SysWow64\SETD5A9.tmp
c:\windows\SysWow64\SETE4C0.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 00:52 . 2012-10-09 00:55 -------- d-----w- c:\users\living room\AppData\Local\temp
2012-10-09 00:52 . 2012-10-09 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 00:35 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCB2017E-6162-4488-955D-9D5176979D2B}\mpengine.dll
2012-10-08 18:09 . 2012-10-08 18:09 -------- d-----w- c:\programdata\Yahoo! Companion
2012-10-07 22:45 . 2012-10-07 22:45 -------- d-----w- c:\programdata\ATI
2012-10-07 22:45 . 2012-10-07 22:45 -------- d-----w- c:\program files (x86)\AMD AVT
2012-09-20 18:37 . 2012-10-06 04:31 -------- d-----w- c:\program files (x86)\Analog Devices
2012-09-20 18:37 . 2007-11-12 19:27 49152 ----a-w- c:\windows\SysWow64\DSndUp.exe
2012-09-20 03:49 . 2012-10-08 23:36 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-09-20 03:49 . 2012-10-08 23:36 -------- d-----w- c:\program files (x86)\Steam
2012-09-20 03:00 . 2012-09-20 03:00 -------- d-----w- c:\program files (x86)\2K Games
2012-09-18 02:11 . 2012-09-19 18:32 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-09-16 18:33 . 2012-09-16 18:33 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-16 18:33 . 2012-09-16 18:33 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-16 18:33 . 2012-09-16 18:33 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-16 18:33 . 2012-09-16 18:33 188904 ----a-w- c:\windows\system32\java.exe
2012-09-16 18:33 . 2012-09-16 18:33 -------- d-----w- c:\program files\Java
2012-09-16 18:30 . 2012-09-16 18:33 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-16 18:30 . 2012-09-16 18:33 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-09 02:27 . 2012-09-09 02:27 -------- dc-h--w- c:\programdata\{3689B77C-90FA-4663-91AB-5AB34383CD81}
2012-09-09 02:24 . 2012-09-09 02:24 -------- dc-h--w- c:\programdata\{24E3A4D8-9E57-4B19-9715-6E61513095D7}
2012-09-09 02:23 . 2012-09-09 02:23 -------- dc-h--w- c:\programdata\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 00:20 . 2012-07-18 18:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 00:20 . 2012-07-18 18:13 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-29 01:24 . 2012-07-03 14:32 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24 . 2011-11-30 13:13 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-28 03:47 . 2012-07-28 03:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 03:47 . 2012-07-28 03:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-28 03:47 . 2012-07-28 03:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-28 03:47 . 2012-07-28 03:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-28 03:47 . 2012-07-28 03:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-28 03:46 . 2012-07-28 03:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-28 03:46 . 2012-07-28 03:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-13 17:26 . 2012-07-13 17:26 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-07-13 17:26 . 2012-07-13 17:26 3216384 ----a-w- c:\windows\system32\msi.dll
2012-07-13 17:26 . 2012-07-13 17:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-07-13 17:25 . 2012-07-13 17:25 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-13 17:25 . 2012-07-13 17:25 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-07-13 17:25 . 2012-07-13 17:25 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-10-16 16:46 97072 ----a-w- c:\program files (x86)\Nero\Tools\InCD\NBHshx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Free"="0" [X]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Nexus"="c:\program files (x86)\Winstep\Nexus.exe" [2011-11-18 13599872]
"SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" [2012-07-31 428928]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"AsioReg"="CTASIO.DLL" [2002-07-19 106496]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-06 296056]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-02-24 328800]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=KORGUM64.DRV
"midi5"=KORGUM64.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2008-03-26 36432]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 00:20]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 07:06]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 07:06]
.
2012-10-09 c:\windows\Tasks\ReclaimerResumeInstall_living room.job
- c:\users\living room\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-08 23:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-10-16 16:46 110384 ----a-w- c:\program files\Nero\Tools\InCD\NBHshx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi2"=KORGUM64.DRV
"midi5"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\living room\AppData\Roaming\Mozilla\Firefox\Profiles\g7tbw4ca.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3f,f8,86,8c,a7,06,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,c6,6f,a3,14,56,8a,4c,81,65,df,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,c6,6f,a3,14,56,8a,4c,81,65,df,\
.
[HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\00\04\17+\1aß"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Nero\Tools\InCD\InCDSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
c:\program files (x86)\M-Audio\Oxygen\AudioDevMon.exe
c:\program files (x86)\Winstep\WsxService.exe
c:\program files (x86)\IObit\Game Booster 3\gbtray.exe
.
**************************************************************************
.
Completion time: 2012-10-08 20:00:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-09 01:00
.
Pre-Run: 7,513,047,040 bytes free
Post-Run: 7,475,748,864 bytes free
.
- - End Of File - - 77114C2745542126049F9E9C473DA5B9

Yogin, Oct 8, 2012

#41
Broni Malware Annihilator Posts: 40,051 +187
Looks good

Any current issues?

===========================

Uninstall Advanced SystemCare 5.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

========================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Oct 8, 2012

#42
Yogin Newcomer, in training Posts: 56

Definitely running better. Still can not open messages etc in firefox or opera, must use chrome. Figure a reinstall might fix that.

Here is OTL.txt ~

OTL logfile created on: 10/8/2012 9:12:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\living room\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.01% Memory free
4.91 Gb Paging File | 3.48 Gb Available in Paging File | 70.83% Paging File free
Paging file location(s): c:\pagefile.sys 3019 3019 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.91 Gb Total Space | 7.00 Gb Free Space | 4.70% Space Free | Partition Type: NTFS

Computer Name: YOGI-PC | User Name: living room | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/08 20:41:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\living room\Desktop\OTL.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/06 13:23:27 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/23 19:37:44 | 000,609,624 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
PRC - [2012/04/05 21:30:58 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012/02/24 17:18:46 | 000,328,800 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/11/18 07:28:08 | 013,599,872 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\Nexus.exe
PRC - [2011/03/30 02:05:00 | 000,393,616 | ---- | M] (KORG Inc.) -- C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
PRC - [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\WsxService.exe
PRC - [2010/03/04 08:35:54 | 001,632,776 | ---- | M] (M-Audio) -- C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
PRC - [2009/10/16 11:46:12 | 001,420,592 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Tools\InCD\InCDSrv.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (No Company Name) ==========

MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/07/04 01:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/08 19:20:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/05 23:37:28 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/07 07:06:59 | 000,114,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/26 18:08:10 | 003,417,376 | ---- | M] () [Disabled | Stopped] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files (x86)\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2011/02/11 03:47:34 | 000,337,200 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)
SRV - [2010/09/27 19:07:06 | 000,318,144 | ---- | M] (Utipu inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\uTIPu\TipCtrl.exe -- (TipCtrl)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 08:35:54 | 001,632,776 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe -- (OxygenAudioDevMon)
SRV - [2009/10/16 11:46:22 | 000,053,560 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Nero\Tools\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2009/10/16 11:46:12 | 001,420,592 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Tools\InCD\InCDSrv.exe -- (InCDSrv)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/04 00:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/05/23 18:49:08 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/11/30 11:06:23 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/11/30 09:51:51 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/30 09:51:51 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/09 11:42:56 | 000,013,824 | ---- | M] (nerds.de) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loopbe1.sys -- (LoopBeMidi1)
DRV:64bit: - [2011/03/30 02:13:00 | 000,033,656 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KORGUM64.SYS -- (KORGUMDS)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/03/04 08:35:52 | 000,134,664 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioOxygen.sys -- (OXYGEN)
DRV:64bit: - [2009/10/16 11:43:18 | 000,168,984 | ---- | M] (Nero AG) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\InCDFs.sys -- (InCDFs)
DRV:64bit: - [2009/10/16 11:43:14 | 000,022,040 | ---- | M] (Nero AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\InCDRec.sys -- (InCDRec)
DRV:64bit: - [2009/10/16 11:43:08 | 000,060,952 | ---- | M] (Nero AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InCDPass.sys -- (InCDPass)
DRV:64bit: - [2009/09/17 17:52:22 | 000,765,448 | ---- | M] (Eugene Gavrilov) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kx.sys -- (kxwdmdrv)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 22:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express)
DRV:64bit: - [2008/03/26 14:31:26 | 000,036,432 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dfmirage.sys -- (dfmirage)
DRV:64bit: - [1999/12/31 19:00:00 | 000,070,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV - [2012/07/05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/07/19 11:55:42 | 000,643,072 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2002/07/19 11:54:10 | 000,110,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2002/07/19 11:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/07/19 11:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2002/07/19 11:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\CTAC32K.SYS -- (ctac32k)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 4E BC 6F F3 C1 CC 01 [binary data]
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\..\SearchScopes,DefaultScope = {8B7E7CAC-70DC-421D-AAFF-894C70E5B6B3}
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\..\SearchScopes\{74FF3E40-2F1D-4ECB-9AF6-D51D4B53086A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\..\SearchScopes\{8B7E7CAC-70DC-421D-AAFF-894C70E5B6B3}: "URL" = http://search.yahoo.com/?ourmark=4&p={searchTerms}
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - prefs.js..extensions.enabledAddons: https-facebook@niyaz.pk:0.4
FF - prefs.js..extensions.enabledAddons: superstart@enjoyfreeware.org:3.6.3
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.81
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {37fa1426-b82d-11db-8314-0800200c9a66}:2.9.12
FF - prefs.js..extensions.enabledAddons: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: Noia4Options@ArisT2:1.7.4
FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.3
FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.19
FF - prefs.js..extensions.enabledAddons: {faf13420-5e24-11e0-80e3-0800200c9a66}:1.7.4

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Components: C:\USERS\LIVING ROOM\APPDATA\LOCAL\WATERFOX\COMPONENTS [2012/03/23 14:19:16 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Plugins: C:\USERS\LIVING ROOM\APPDATA\LOCAL\WATERFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/09 21:10:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/28 18:31:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 07:06:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/03 09:32:04 | 000,000,000 | ---D | M]

[2011/12/06 07:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\Extensions
[2011/12/06 07:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012/10/05 23:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\Firefox\Profiles\g7tbw4ca.default\extensions
[2012/10/05 23:19:31 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\living room\AppData\Roaming\mozilla\Firefox\Profiles\g7tbw4ca.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/09/21 00:55:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\living room\AppData\Roaming\mozilla\Firefox\Profiles\g7tbw4ca.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/16 13:40:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\living room\AppData\Roaming\mozilla\Firefox\Profiles\g7tbw4ca.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/29 20:09:22 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\living room\AppData\Roaming\mozilla\Firefox\Profiles\g7tbw4ca.default\extensions\superstart@enjoyfreeware.org
[2012/06/23 14:59:27 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\adblockpopups@jessehakanen.net.xpi
[2011/12/10 08:24:17 | 000,047,822 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\browserprotect@browserprotect.com.xpi
[2011/12/28 14:11:03 | 000,012,748 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\desopa@congress.public.xpi
[2012/09/26 02:21:23 | 000,011,697 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\facebookbutton@facebook.invalid.xpi
[2012/06/20 22:45:26 | 000,319,802 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\firefox@facebook.com.xpi
[2011/12/04 16:20:33 | 000,005,831 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\https-facebook@niyaz.pk.xpi
[2012/01/11 01:06:10 | 000,009,689 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\info@skymeissner.com.xpi
[2012/04/27 00:49:21 | 000,272,844 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012/09/19 17:47:43 | 000,149,849 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\Noia4Options@ArisT2.xpi
[2011/12/04 16:20:33 | 000,015,394 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\scanner@ednovak.net.xpi
[2012/07/09 17:25:31 | 000,263,891 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\sharemenot@franziroesner.com.xpi
[2012/06/05 08:43:42 | 000,139,897 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\socialfixer@mattkruse.com.xpi
[2012/09/11 23:38:19 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\testpilot@labs.mozilla.com.xpi
[2012/10/02 18:29:03 | 000,085,907 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi
[2012/09/19 17:47:44 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012/09/13 16:57:25 | 000,067,812 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2012/09/08 15:37:32 | 000,195,879 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2011/11/30 04:53:20 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012/09/05 23:28:02 | 000,269,659 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012/09/26 02:21:25 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/05/28 22:33:07 | 000,035,719 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi
[2012/07/11 12:31:53 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2012/07/25 12:37:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/21 00:33:29 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011/12/04 16:20:34 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/07/22 07:10:08 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/10/03 22:31:06 | 000,257,937 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/09/19 17:47:44 | 001,544,034 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2011/11/30 07:33:53 | 000,002,354 | ---- | M] () -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\searchplugins\aol-web-search.xml
[2012/01/20 18:47:17 | 000,002,281 | ---- | M] () -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\searchplugins\s-amazon.xml
[2011/12/08 13:00:52 | 000,004,912 | ---- | M] () -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\searchplugins\search-here.xml
[2012/09/06 18:52:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/12 09:53:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/03 09:32:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/06 18:52:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 07:06:59 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/06 13:23:40 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2011/10/26 13:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/08/28 18:12:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/28 18:12:31 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Yogin, Oct 8, 2012

#43
Yogin Newcomer, in training Posts: 56

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Disabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2012/10/08 19:55:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AsioReg] C:\Windows\SysWow64\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe (SONIX)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe (Winstep Software Technologies)
O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m File not found
O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9486293-EF9D-4EDB-BB9E-72D5A7DA36FE}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 20:41:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\living room\Desktop\OTL.exe
[2012/10/08 20:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/10/08 20:36:00 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/10/08 20:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Add Remove Cleaner
[2012/10/08 20:00:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/08 20:00:41 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Local\temp
[2012/10/08 19:55:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/08 19:40:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/08 19:40:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/08 19:40:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/08 19:37:58 | 004,764,063 | R--- | C] (Swearware) -- C:\Users\living room\Desktop\ComboFix.exe
[2012/10/08 17:25:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/08 17:23:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/08 16:36:44 | 000,000,000 | ---D | C] -- C:\Users\living room\Desktop\RK_Quarantine
[2012/10/08 13:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/10/08 13:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/10/07 17:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/10/07 17:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/10/07 17:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/10/07 15:14:04 | 000,000,000 | ---D | C] -- C:\Users\living room\Desktop\Victor
[2012/10/03 20:38:04 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Local\{95B4EA89-D1FE-4323-9116-52EEDDDFD60E}
[2012/09/28 19:40:23 | 000,000,000 | ---D | C] -- C:\Users\living room\Desktop\phone pics 2
[2012/09/28 19:38:47 | 000,000,000 | ---D | C] -- C:\Users\living room\Desktop\Robs House
[2012/09/20 13:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices
[2012/09/19 22:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/09/19 22:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/09/19 22:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/09/19 22:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012/09/19 22:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2012/09/17 21:11:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012/09/16 13:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/15 14:31:07 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Local\{B774529A-B455-47C1-9617-70D5C7453A74}
[2012/09/08 21:27:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3689B77C-90FA-4663-91AB-5AB34383CD81}
[2012/09/08 21:24:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{24E3A4D8-9E57-4B19-9715-6E61513095D7}
[2012/09/08 21:23:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
[12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/08 20:56:25 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/08 20:41:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\living room\Desktop\OTL.exe
[2012/10/08 20:36:00 | 000,001,224 | ---- | M] () -- C:\Users\living room\Desktop\Revo Uninstaller.lnk
[2012/10/08 20:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/08 20:08:08 | 000,016,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 20:08:08 | 000,016,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 20:03:08 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/08 20:02:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/08 20:02:42 | 1583,566,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/08 19:55:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/08 19:54:37 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstall_living room.job
[2012/10/08 19:38:13 | 004,764,063 | R--- | M] (Swearware) -- C:\Users\living room\Desktop\ComboFix.exe
[2012/10/08 18:17:43 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/08 18:17:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/08 17:12:37 | 000,005,909 | ---- | M] () -- C:\Users\living room\Desktop\Techspot help 2.rtf
[2012/10/08 16:52:19 | 000,000,512 | ---- | M] () -- C:\Users\living room\Desktop\MBR.dat
[2012/10/08 16:28:18 | 000,002,282 | ---- | M] () -- C:\Users\living room\Desktop\tech spot help.rtf
[2012/10/08 15:42:18 | 000,329,660 | ---- | M] () -- C:\Users\living room\Desktop\FireShot Screen Capture #034 - 'UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums' - www_techspot_com_community_topics_updated-5-step-viruses-spyware-malware-preliminary-r.pdf
[2012/10/08 13:08:55 | 000,001,121 | ---- | M] () -- C:\Users\living room\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/09/26 19:20:58 | 001,312,538 | ---- | M] () -- C:\Users\living room\9-26-2012 Project save.RPP
[2012/09/25 18:10:57 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/25 18:10:57 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/25 18:10:57 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/19 22:17:13 | 000,002,306 | ---- | M] () -- C:\Users\Public\Desktop\Borderlands 2.lnk
[2012/09/19 13:45:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/19 12:42:42 | 000,355,765 | ---- | M] () -- C:\Users\living room\Desktop\RMA_Form for powerpayless.com
[2012/09/15 09:24:08 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2012/09/13 20:40:01 | 000,001,013 | ---- | M] () -- C:\Users\living room\Desktop\Eusing Free Registry Cleaner.lnk
[2012/09/12 20:21:33 | 000,001,127 | ---- | M] () -- C:\Users\living room\Desktop\Advanced SystemCare 5.lnk
[2012/09/12 20:21:22 | 000,001,182 | ---- | M] () -- C:\Users\living room\Desktop\Turbo Boost.lnk
[2012/09/08 21:30:44 | 000,001,655 | ---- | M] () -- C:\Users\living room\Desktop\Traktor Pro - Shortcut.lnk
[12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/08 20:36:00 | 000,001,224 | ---- | C] () -- C:\Users\living room\Desktop\Revo Uninstaller.lnk
[2012/10/08 19:40:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/08 19:40:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/08 19:40:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/08 19:40:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/08 19:40:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/08 18:38:02 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstall_living room.job
[2012/10/08 18:17:43 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/08 17:12:37 | 000,005,909 | ---- | C] () -- C:\Users\living room\Desktop\Techspot help 2.rtf
[2012/10/08 16:52:19 | 000,000,512 | ---- | C] () -- C:\Users\living room\Desktop\MBR.dat
[2012/10/08 16:28:18 | 000,002,282 | ---- | C] () -- C:\Users\living room\Desktop\tech spot help.rtf
[2012/10/08 15:42:18 | 000,329,660 | ---- | C] () -- C:\Users\living room\Desktop\FireShot Screen Capture #034 - 'UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums' - www_techspot_com_community_topics_updated-5-step-viruses-spyware-malware-preliminary-r.pdf
[2012/10/08 13:08:55 | 000,001,121 | ---- | C] () -- C:\Users\living room\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/09/26 19:20:58 | 001,312,538 | ---- | C] () -- C:\Users\living room\9-26-2012 Project save.RPP
[2012/09/19 22:17:13 | 000,002,306 | ---- | C] () -- C:\Users\Public\Desktop\Borderlands 2.lnk
[2012/09/19 13:45:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/19 12:45:48 | 000,355,765 | ---- | C] () -- C:\Users\living room\Desktop\RMA_Form for powerpayless.com
[2012/09/15 09:24:08 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2012/09/13 20:38:44 | 000,001,013 | ---- | C] () -- C:\Users\living room\Desktop\Eusing Free Registry Cleaner.lnk
[2012/09/12 20:21:33 | 000,001,127 | ---- | C] () -- C:\Users\living room\Desktop\Advanced SystemCare 5.lnk
[2012/09/12 20:21:22 | 000,001,182 | ---- | C] () -- C:\Users\living room\Desktop\Turbo Boost.lnk
[2012/09/08 21:30:44 | 000,001,655 | ---- | C] () -- C:\Users\living room\Desktop\Traktor Pro - Shortcut.lnk
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/13 13:06:30 | 004,417,024 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2012/03/10 08:55:16 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/03/10 08:55:10 | 006,454,984 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2012/03/10 08:55:10 | 001,146,161 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2012/03/10 08:55:10 | 000,371,592 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/03/10 08:55:10 | 000,206,473 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/03/10 08:55:10 | 000,142,473 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2012/02/26 11:47:02 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/02/26 11:46:18 | 000,260,608 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2012/02/26 11:46:00 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2012/02/26 11:46:00 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2012/02/26 11:45:58 | 001,525,248 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2012/02/26 11:45:58 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2012/02/26 11:45:56 | 000,212,480 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2012/02/26 11:45:56 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2012/02/26 11:45:54 | 000,328,704 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2012/02/26 11:45:54 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/11 13:52:19 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/11 11:14:42 | 000,000,179 | ---- | C] () -- C:\Windows\EQ3D.ini
[2011/12/17 09:52:10 | 000,000,412 | ---- | C] () -- C:\Users\living room\AppData\Roaming\All CPU Meter_Settings.ini
[2011/12/11 10:34:04 | 000,000,339 | ---- | C] () -- C:\Users\living room\AppData\Roaming\Drives Meter_Settings.ini
[2011/12/10 22:59:18 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/12/10 22:59:18 | 000,017,877 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011/12/06 17:06:16 | 000,101,072 | ---- | C] () -- C:\Windows\UTP.exe
[2011/12/06 11:57:34 | 000,007,602 | ---- | C] () -- C:\Users\living room\AppData\Local\Resmon.ResmonCfg
[2011/12/04 00:09:24 | 000,005,120 | ---- | C] () -- C:\Users\living room\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/02 02:06:59 | 000,000,231 | ---- | C] () -- C:\Windows\AC3API.INI
[2011/12/02 02:06:58 | 001,048,576 | ---- | C] () -- C:\Windows\SysWow64\SFMAN.DAT
[2011/12/02 02:06:37 | 000,037,727 | ---- | C] () -- C:\Windows\SysWow64\Emu10kx.ini
[2011/12/02 02:06:37 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2011/12/02 02:06:33 | 000,179,669 | ---- | C] () -- C:\Windows\SysWow64\CTSTATIC.DAT
[2011/12/02 02:06:33 | 000,164,044 | ---- | C] () -- C:\Windows\SysWow64\CTDLANG.DAT
[2011/12/02 02:06:33 | 000,113,373 | ---- | C] () -- C:\Windows\SysWow64\CTBASICW.DAT
[2011/12/02 02:06:33 | 000,113,273 | ---- | C] () -- C:\Windows\SysWow64\CTBAS2W.DAT
[2011/12/02 02:06:33 | 000,044,055 | ---- | C] () -- C:\Windows\SysWow64\CTDAUGHT.DAT
[2011/12/02 02:06:31 | 000,184,320 | ---- | C] () -- C:\Windows\PSCONV.EXE
[2011/12/02 02:06:31 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\KILLAPPS.EXE
[2011/12/02 02:06:31 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\REGPLIB.EXE
[2011/12/02 02:06:31 | 000,000,180 | ---- | C] () -- C:\Windows\SysWow64\KILL.INI
[2011/12/02 02:06:30 | 000,065,536 | ---- | C] ( ) -- C:\Windows\SysWow64\A3D.DLL
[2011/11/30 10:48:47 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011/11/30 10:48:47 | 000,000,058 | ---- | C] () -- C:\Users\living room\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011/11/30 10:22:44 | 000,843,776 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2011/11/30 10:22:44 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2011/11/30 10:22:43 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2011/11/30 10:22:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2011/11/30 10:22:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2011/11/30 07:53:58 | 000,064,764 | ---- | C] () -- C:\Users\living room\AppData\Roaming\UserTile.png
[2011/11/30 07:50:47 | 000,109,016 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/11/30 06:38:27 | 000,030,155 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2011/11/30 05:51:00 | 000,000,128 | ---- | C] () -- C:\Windows\SBWIN.INI
[2011/11/30 03:52:09 | 000,030,756 | ---- | C] () -- C:\Windows\SysWow64\e10kxwdm.ini
[2011/11/24 21:16:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/08 09:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/09/08 09:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/09/08 09:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/09/08 09:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/09/08 09:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/09/08 09:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/09/08 09:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/09/08 09:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/09/08 08:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/09/08 08:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/02/11 03:47:34 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 05:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 03:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/05 17:47:50 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Ableton
[2011/12/25 19:45:05 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\All Free Disc Burner
[2012/03/23 15:15:34 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\AnvSoft
[2012/10/08 14:05:19 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Azureus
[2012/03/23 11:56:00 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Bidgood Svcs
[2012/01/18 23:51:13 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Canneverbe Limited
[2011/11/30 07:50:42 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\com.facebookdesktop.app
[2011/12/13 15:02:50 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Copernic
[2011/12/06 08:11:16 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Creevity Mp3 Cover Downloader
[2011/11/30 10:48:47 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\DonationCoder
[2012/03/05 23:56:09 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\DraftSight
[2012/06/03 15:48:08 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\DVDVideoSoft
[2011/12/28 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\FireShot
[2012/01/05 10:53:18 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Foxit Software
[2011/12/13 10:18:21 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\GetRightToGo
[2011/12/02 16:07:27 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\GlarySoft
[2011/12/13 09:56:18 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Highresolution Enterprises
[2011/12/29 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\ImgBurn
[2011/12/12 13:31:31 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\InfraRecorder
[2012/08/08 21:51:29 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\IObit
[2011/12/11 14:24:58 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\IrfanView
[2012/01/02 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\iZotope
[2011/11/30 16:51:58 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Korg
[2012/05/21 14:27:16 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\OpenOffice.org
[2011/12/12 12:41:15 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Opera
[2011/12/31 13:18:53 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Proteus VX
[2011/11/30 06:38:43 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Q-Dir
[2012/01/13 17:43:00 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\REAPER
[2012/01/21 00:03:09 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\SMRecorder
[2011/12/06 07:59:31 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Songbird2
[2011/12/06 16:44:58 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Stardock
[2012/01/02 14:49:07 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Teragon Audio
[2011/12/06 18:40:49 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\ThemeManager
[2011/12/02 21:35:30 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\WinBatch
[2011/12/06 17:59:22 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Windows 7 Taskbar Color Changer
[2012/08/15 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Windows Live Writer
[2012/05/27 09:25:12 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\WinPatrol

========== Purity Check ==========

< End of report >

Yogin, Oct 8, 2012

#44
Yogin Newcomer, in training Posts: 56

And the extras.txt ~ not finding it...

Yogin, Oct 8, 2012

#45

Yogin Newcomer, in training Posts: 56

Messages in facebook as to firefox & opera...

Yogin, Oct 8, 2012

#46

Broni Malware Annihilator Posts: 40,051 +187

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O3:64bit: - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m File not found
O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 05:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 03:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.

Click on Uninstall.

Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Broni, Oct 8, 2012

#47

Yogin Newcomer, in training Posts: 56

Was stuck on shutting down for like an hour, then held power button, got this when started...
All processes killed
========== OTL ==========
HKU\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ not found.
Registry value HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SmartRAM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft ScreenHunter 5.1 Free deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ not found.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: living room
->Temp folder emptied: 2631880 bytes
->Temporary Internet Files folder emptied: 56535824 bytes
->Java cache emptied: 450274 bytes
->FireFox cache emptied: 75717954 bytes
->Google Chrome cache emptied: 199002536 bytes
->Opera cache emptied: 11433 bytes
->Flash cache emptied: 15220687 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 22283776 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 448512 bytes

Total Files Cleaned = 355.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: living room
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: living room
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10082012_221545

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Yogin, Oct 9, 2012

#48
Yogin Newcomer, in training Posts: 56

Run in safe mode?

Yogin, Oct 9, 2012

#49
Yogin Newcomer, in training Posts: 56

And have lost firefox scroll button...

Yogin, Oct 9, 2012

#50
Yogin Newcomer, in training Posts: 56

Figured shutting down was "closing processes", even though force close etc pops up before that...so ran in safe mode, log ~
All processes killed
========== OTL ==========
HKU\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ not found.
Registry value HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SmartRAM not found.
Registry value HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft ScreenHunter 5.1 Free not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ not found.
File C:\Windows\assembly\Desktop.ini not found.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: living room
->Temp folder emptied: 229376 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18879452 bytes
->Google Chrome cache emptied: 16349488 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 34.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: living room
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: living room
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10082012_235900

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Yogin, Oct 9, 2012

#51
Yogin Newcomer, in training Posts: 56

Scroll buttons back...

Yogin, Oct 9, 2012

#52
Yogin Newcomer, in training Posts: 56

Security check ~
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Eusing Free Registry Cleaner
Java(TM) 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
IObit IObit Malware Fighter IMFsrv.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

Yogin, Oct 9, 2012

#53
Yogin Newcomer, in training Posts: 56

FSS log ~

Farbar Service Scanner Version: 07-10-2012
Ran by living room (administrator) on 09-10-2012 at 00:16:42
Running from "C:\Users\living room\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Yogin, Oct 9, 2012

#54
Yogin Newcomer, in training Posts: 56

Adwcleaner log ~

# AdwCleaner v2.004 - Logfile created 10/09/2012 at 00:20:13
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : living room - YOGI-PC
# Boot Mode : Normal
# Running from : C:\Users\living room\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\living room\AppData\Roaming\Mozilla\Firefox\Profiles\g7tbw4ca.default\searchplugins\aol-web-search.xml
File Deleted : C:\Users\living room\AppData\Roaming\Mozilla\Firefox\Profiles\g7tbw4ca.default\searchplugins\search-here.xml
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\living room\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\living room\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\FCTB000100709
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\living room\AppData\Roaming\Mozilla\Firefox\Profiles\g7tbw4ca.default\prefs.js

C:\Users\living room\AppData\Roaming\Mozilla\Firefox\Profiles\g7tbw4ca.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.surf.date", "666");
Deleted : user_pref("aol_toolbar.surf.lastDate", "30");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "10");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2011");
Deleted : user_pref("aol_toolbar.surf.month", "666");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Deleted : user_pref("aol_toolbar.surf.total", "666");
Deleted : user_pref("aol_toolbar.surf.week", "666");
Deleted : user_pref("aol_toolbar.surf.year", "666");
Deleted : user_pref("extensions.wmn.accounts.yahoo.samskaras.inboxOnly", true);
Deleted : user_pref("socialfixer.736533308/typeahead_new", "for (;;{\"__ar\":1,\"payload\":{\"entries\":[{\"[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\living room\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Users\living room\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3419 octets] - [09/10/2012 00:20:13]

########## EOF - C:\AdwCleaner[S1].txt - [3479 octets] ##########

Yogin, Oct 9, 2012

#55
Yogin Newcomer, in training Posts: 56

TFC frooze on shut down...

Yogin, Oct 9, 2012

#56
Yogin Newcomer, in training Posts: 56

ESET Scan Results ~

C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined
C:\Users\living room\Desktop\Docs 8-1-2012\GingerBreak-v1.20.apk Android/Exploit.Lotoor.AH trojan deleted - quarantined
C:\Users\living room\Downloads\SOC.rar multiple threats deleted - quarantined
C:\Users\living room\Downloads\SuperOneClickv2.3.3-ShortFuse.zip multiple threats deleted - quarantined
C:\Users\living room\Downloads\video-karaoke-maker-cnt.exe multiple threats cleaned by deleting - quarantined

Yogin, Oct 9, 2012

#57
Broni Malware Annihilator Posts: 40,051 +187
Uninstall Eusing Free Registry Cleaner.
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

===========================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

=======================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [emptyjava] [CLEARALLRESTOREPOINTS] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.
Broni, Oct 9, 2012

#58
Yogin Newcomer, in training Posts: 56

Otl fix hung on shut down...
log ~
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: living room
->Temp folder emptied: 200968 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 1878 bytes
->FireFox cache emptied: 56748640 bytes
->Google Chrome cache emptied: 18756636 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1751 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 164183 bytes

Total Files Cleaned = 72.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: living room
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: living room
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10092012_110223

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Yogin, Oct 9, 2012

#59
Yogin Newcomer, in training Posts: 56

Moving on to otl clean up.

Yogin, Oct 9, 2012

#60

Page 3 of 4

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.