Solved Computer slow & non-responsive, fast64.dll?

[Yogin]

16:34:07.0709 4728 Wanarpv6 - ok
16:34:07.0787 4728 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:34:07.0818 4728 WatAdminSvc - ok
16:34:07.0896 4728 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:34:07.0928 4728 wbengine - ok
16:34:07.0959 4728 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:34:07.0959 4728 WbioSrvc - ok
16:34:08.0021 4728 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:34:08.0037 4728 wcncsvc - ok
16:34:08.0037 4728 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:34:08.0052 4728 WcsPlugInService - ok
16:34:08.0068 4728 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:34:08.0068 4728 Wd - ok
16:34:08.0099 4728 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:34:08.0130 4728 Wdf01000 - ok
16:34:08.0130 4728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:34:08.0146 4728 WdiServiceHost - ok
16:34:08.0146 4728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:34:08.0146 4728 WdiSystemHost - ok
16:34:08.0162 4728 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:34:08.0177 4728 WebClient - ok
16:34:08.0208 4728 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:34:08.0224 4728 Wecsvc - ok
16:34:08.0240 4728 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:34:08.0240 4728 wercplsupport - ok
16:34:08.0255 4728 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:34:08.0286 4728 WerSvc - ok
16:34:08.0349 4728 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:34:08.0427 4728 WfpLwf - ok
16:34:08.0427 4728 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:34:08.0427 4728 WIMMount - ok
16:34:08.0442 4728 WinDefend - ok
16:34:08.0536 4728 [ 8258726D076C8FFF994F468712DDFBAB ] WindowBlinds C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
16:34:08.0552 4728 WindowBlinds - ok
16:34:08.0552 4728 WinHttpAutoProxySvc - ok
16:34:08.0598 4728 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:34:08.0598 4728 Winmgmt - ok
16:34:08.0692 4728 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
16:34:08.0692 4728 WinRing0_1_2_0 - ok
16:34:08.0770 4728 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:34:08.0832 4728 WinRM - ok
16:34:08.0910 4728 Winstep Xtreme Service - ok
16:34:08.0957 4728 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:34:08.0973 4728 Wlansvc - ok
16:34:09.0129 4728 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:34:09.0176 4728 wlidsvc - ok
16:34:09.0222 4728 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:34:09.0238 4728 WmiAcpi - ok
16:34:09.0269 4728 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:34:09.0269 4728 wmiApSrv - ok
16:34:09.0300 4728 WMPNetworkSvc - ok
16:34:09.0316 4728 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:34:09.0332 4728 WPCSvc - ok
16:34:09.0378 4728 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:34:09.0394 4728 WPDBusEnum - ok
16:34:09.0410 4728 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:34:09.0410 4728 ws2ifsl - ok
16:34:09.0425 4728 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:34:09.0441 4728 wscsvc - ok
16:34:09.0441 4728 WSearch - ok
16:34:09.0550 4728 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
16:34:09.0597 4728 wuauserv - ok
16:34:09.0644 4728 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:34:09.0644 4728 WudfPf - ok
16:34:09.0659 4728 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:34:09.0659 4728 WUDFRd - ok
16:34:09.0675 4728 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:34:09.0675 4728 wudfsvc - ok
16:34:09.0706 4728 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:34:09.0722 4728 WwanSvc - ok

 

[Yogin]

16:34:09.0831 4728 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:34:09.0831 4728 YahooAUService - ok
16:34:09.0831 4728 ================ Scan global ===============================
16:34:09.0878 4728 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:34:09.0924 4728 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:34:09.0940 4728 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
16:34:09.0971 4728 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:34:09.0987 4728 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:34:09.0987 4728 [Global] - ok
16:34:09.0987 4728 ================ Scan MBR ==================================
16:34:10.0002 4728 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:34:10.0330 4728 \Device\Harddisk0\DR0 - ok
16:34:10.0330 4728 ================ Scan VBR ==================================
16:34:10.0330 4728 [ A6F0C505584855FFEE8AFBF5CFE700D3 ] \Device\Harddisk0\DR0\Partition1
16:34:10.0330 4728 \Device\Harddisk0\DR0\Partition1 - ok
16:34:10.0361 4728 [ C3CBCEC1B0B2349404438FC6DCD5C4A6 ] \Device\Harddisk0\DR0\Partition2
16:34:10.0361 4728 \Device\Harddisk0\DR0\Partition2 - ok
16:34:10.0361 4728 ============================================================
16:34:10.0361 4728 Scan finished
16:34:10.0361 4728 ============================================================
16:34:10.0361 2972 Detected object count: 1
16:34:10.0361 2972 Actual detected object count: 1
16:34:17.0007 2972 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:34:17.0007 2972 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:36:33.0070 1400 Deinitialize success

 

[Yogin]

Rkreport 1 ~

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : living room [Admin rights]
Mode : Scan -- Date : 10/08/2012 16:37:33

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] {87ABFD4B-12EA-4802-9B4F-F70FF23CCD93} : C:\Windows\system32\pcalua.exe -a "C:\Users\living room\Desktop\Windows_Theme_Installer\Windows Theme Installer\Windows Theme Installer v 1.1.exe" -d "C:\Users\living room\Desktop\Windows_Theme_Installer\Windows Theme Installer" -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] af8cfb67003cd45d7c2a3d377ecebefc
[BSP] a222edccd51f98efadd9b1bc81cac7e7 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152485 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

 

[Yogin]

RKreport 2 ~

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : living room [Admin rights]
Mode : Remove -- Date : 10/08/2012 16:38:27

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] {87ABFD4B-12EA-4802-9B4F-F70FF23CCD93} : C:\Windows\system32\pcalua.exe -a "C:\Users\living room\Desktop\Windows_Theme_Installer\Windows Theme Installer\Windows Theme Installer v 1.1.exe" -d "C:\Users\living room\Desktop\Windows_Theme_Installer\Windows Theme Installer" -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] af8cfb67003cd45d7c2a3d377ecebefc
[BSP] a222edccd51f98efadd9b1bc81cac7e7 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152485 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

 

[Yogin]

aswMBR Report ~

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-08 16:39:50
-----------------------------
16:39:50.348 OS Version: Windows x64 6.1.7601 Service Pack 1
16:39:50.348 Number of processors: 2 586 0xF0B
16:39:50.348 ComputerName: YOGI-PC UserName:
16:39:50.754 Initialize success
16:39:52.049 AVAST engine defs: 12100800
16:40:00.644 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2
16:40:00.644 Disk 0 Vendor: ST3160815AS 4.ADA Size: 152587MB BusType: 3
16:40:00.722 Disk 0 MBR read successfully
16:40:00.722 Disk 0 MBR scan
16:40:00.722 Disk 0 Windows 7 default MBR code
16:40:00.738 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:40:00.753 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152485 MB offset 206848
16:40:00.769 Disk 0 scanning C:\Windows\system32\drivers
16:40:25.823 Service scanning
16:40:43.529 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:40:49.597 Modules scanning
16:40:49.597 Disk 0 trace - called modules:
16:40:49.613 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80018342c0]<<spbn.sys ataport.SYS intelide.sys
16:40:49.613 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800278d060]
16:40:49.628 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-2[0xfffffa8002682060]
16:40:49.628 \Driver\atapi[0xfffffa8002639060] -> IRP_MJ_CREATE -> 0xfffffa80018342c0
16:40:49.909 AVAST engine scan C:\Windows
16:40:58.598 AVAST engine scan C:\Windows\system32
16:43:22.290 AVAST engine scan C:\Windows\system32\drivers
16:43:32.851 AVAST engine scan C:\Users\living room
16:52:19.274 Disk 0 MBR has been saved successfully to "C:\Users\living room\Desktop\MBR.dat"
16:52:19.274 The log file has been saved successfully to "C:\Users\living room\Desktop\aswMBR.txt"

 

[Broni]

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If restarting doesn't help use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Yogin]

YOU ARE FAST! will do, thanks again

 

[Broni]

Hahaha...

 

[Yogin]

Well, firefox will come here now.

I ran combofix, seemed fine until restart.

1st, after logon pc said " Failure Configuring Windows Updates... Reverting Changes. Do Not Turn Off Computer.

it restarted again, combo fix made log I will post in a second. But trying to open any browser or the word doc I made of your instructions said invalid as scheduled for delete. So I did system restore & that is where I am at...

Here is the combofix log ~

ComboFix 12-10-08.03 - living room 10/08/2012 17:27:53.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2014.827 [GMT -5:00]
Running from: c:\users\living room\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\living room\AppData\Local\TempDIR
c:\users\living room\AppData\Roaming\Error.log
c:\windows\SysWow64\ccrpTmr6.dll
c:\windows\SysWow64\SET75E7.tmp
c:\windows\SysWow64\SET7BD6.tmp
c:\windows\SysWow64\SET7BF8.tmp
c:\windows\SysWow64\SET7DA4.tmp
c:\windows\SysWow64\SET9D4C.tmp
c:\windows\SysWow64\SETA27C.tmp
c:\windows\SysWow64\SETD5A9.tmp
c:\windows\SysWow64\SETE4C0.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
.
.
2012-10-08 19:38 . 2012-10-08 19:38 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-08 18:09 . 2012-10-08 18:09 -------- d-----w- c:\programdata\Yahoo! Companion
2012-10-07 22:45 . 2012-10-07 22:45 -------- d-----w- c:\programdata\ATI
2012-10-07 22:45 . 2012-10-07 22:45 -------- d-----w- c:\program files (x86)\AMD AVT
2012-09-23 10:59 . 2012-10-06 10:11 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41F39C86-94F5-4D99-A7E9-DB5A5D595107}\offreg.dll
2012-09-22 07:14 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41F39C86-94F5-4D99-A7E9-DB5A5D595107}\mpengine.dll
2012-09-20 18:37 . 2012-10-06 04:31 -------- d-----w- c:\program files (x86)\Analog Devices
2012-09-20 18:37 . 2007-11-12 19:27 49152 ----a-w- c:\windows\SysWow64\DSndUp.exe
2012-09-20 03:49 . 2012-10-06 04:38 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-09-20 03:49 . 2012-10-08 19:05 -------- d-----w- c:\program files (x86)\Steam
2012-09-20 03:00 . 2012-09-20 03:00 -------- d-----w- c:\program files (x86)\2K Games
2012-09-18 02:11 . 2012-09-19 18:32 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-09-16 18:33 . 2012-09-16 18:33 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-16 18:33 . 2012-09-16 18:33 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-16 18:33 . 2012-09-16 18:33 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-16 18:33 . 2012-09-16 18:33 188904 ----a-w- c:\windows\system32\java.exe
2012-09-16 18:33 . 2012-09-16 18:33 -------- d-----w- c:\program files\Java
2012-09-16 18:30 . 2012-09-16 18:33 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-16 18:30 . 2012-09-16 18:33 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-09 02:27 . 2012-09-09 02:27 -------- dc-h--w- c:\programdata\{3689B77C-90FA-4663-91AB-5AB34383CD81}
2012-09-09 02:24 . 2012-09-09 02:24 -------- dc-h--w- c:\programdata\{24E3A4D8-9E57-4B19-9715-6E61513095D7}
2012-09-09 02:23 . 2012-09-09 02:23 -------- dc-h--w- c:\programdata\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 22:20 . 2012-07-18 18:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 22:20 . 2012-07-18 18:13 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-07 22:04 . 2011-12-12 18:14 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-29 01:24 . 2012-07-03 14:32 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24 . 2011-11-30 13:13 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-28 03:47 . 2012-07-28 03:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 03:47 . 2012-07-28 03:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-28 03:47 . 2012-07-28 03:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-28 03:47 . 2012-07-28 03:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-28 03:47 . 2012-07-28 03:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-28 03:46 . 2012-07-28 03:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-28 03:46 . 2012-07-28 03:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-13 17:26 . 2012-07-13 17:26 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-07-13 17:26 . 2012-07-13 17:26 3216384 ----a-w- c:\windows\system32\msi.dll
2012-07-13 17:26 . 2012-07-13 17:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-07-13 17:25 . 2012-07-13 17:25 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-13 17:25 . 2012-07-13 17:25 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-07-13 17:25 . 2012-07-13 17:25 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-10-16 16:46 97072 ----a-w- c:\program files (x86)\Nero\Tools\InCD\NBHshx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Free"="0" [X]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Nexus"="c:\program files (x86)\Winstep\Nexus.exe" [2011-11-18 13599872]
"SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" [2012-07-31 428928]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-09-20 1353080]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-04-06 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"AsioReg"="CTASIO.DLL" [2002-07-19 106496]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-06 296056]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=KORGUM64.DRV
"midi5"=KORGUM64.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2008-03-26 36432]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 22:20]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 07:06]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 07:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-10-16 16:46 110384 ----a-w- c:\program files\Nero\Tools\InCD\NBHshx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi2"=KORGUM64.DRV
"midi5"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Open Client to monitor &1 - c:\windows\web\AOpenClient.htm
IE: Open Client to monitor &2 - c:\windows\web\AOpenClient.htm
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\living room\AppData\Roaming\Mozilla\Firefox\Profiles\g7tbw4ca.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-Akamai - c:\users\living room\AppData\Local\Akamai\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3f,f8,86,8c,a7,06,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,c6,6f,a3,14,56,8a,4c,81,65,df,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,c6,6f,a3,14,56,8a,4c,81,65,df,\
.
[HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\00\04\17+\1aß"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Nero\Tools\InCD\InCDSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
c:\program files (x86)\M-Audio\Oxygen\AudioDevMon.exe
c:\program files (x86)\Winstep\WsxService.exe
c:\program files (x86)\IObit\Game Booster 3\gbtray.exe
.
**************************************************************************
.
Completion time: 2012-10-08 18:00:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-08 23:00
.
Pre-Run: 4,584,480,768 bytes free
Post-Run: 4,407,377,920 bytes free
.
- - End Of File - - B611F280889A7CC7394FC3AC4041B496

 

[Yogin]

Do the rkill?

 

[Broni]

So I did system restore

Why didn't you read the rules I posted at the very beginning?

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

said invalid as scheduled for delete

Why didn't you read Combofix instructions carefully?

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

I also said:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

Do the rkill?

Again Combofix instructions ask for rKill IF...

If, for some reason, Combofix refuses to run

Removing infection is not a child play and I also don't like my free time being wasted!

If you're careless again this topic will be closed in no time.

Which system restore point did you use?

 

[Yogin]

Thanks & my apologies, The one I created earlier per instructions.

 

[Yogin]

As it restarted & said not able to update I figured something went wrong. So run combofix again as that is where pc is...?

 

[Yogin]

I will be donating as I appreciate the help

 

[Broni]

Don't worry about updates or any other errors at this point.

Re-run Combofix and post new log.

 

[Yogin]

ComboFix 12-10-08.03 - living room 10/08/2012 19:41:17.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2014.984 [GMT -5:00]
Running from: c:\users\living room\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\ccrpTmr6.dll
c:\windows\SysWow64\SET75E7.tmp
c:\windows\SysWow64\SET7BD6.tmp
c:\windows\SysWow64\SET7BF8.tmp
c:\windows\SysWow64\SET7DA4.tmp
c:\windows\SysWow64\SET9D4C.tmp
c:\windows\SysWow64\SETA27C.tmp
c:\windows\SysWow64\SETD5A9.tmp
c:\windows\SysWow64\SETE4C0.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-09 00:52 . 2012-10-09 00:55 -------- d-----w- c:\users\living room\AppData\Local\temp
2012-10-09 00:52 . 2012-10-09 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 00:35 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCB2017E-6162-4488-955D-9D5176979D2B}\mpengine.dll
2012-10-08 18:09 . 2012-10-08 18:09 -------- d-----w- c:\programdata\Yahoo! Companion
2012-10-07 22:45 . 2012-10-07 22:45 -------- d-----w- c:\programdata\ATI
2012-10-07 22:45 . 2012-10-07 22:45 -------- d-----w- c:\program files (x86)\AMD AVT
2012-09-20 18:37 . 2012-10-06 04:31 -------- d-----w- c:\program files (x86)\Analog Devices
2012-09-20 18:37 . 2007-11-12 19:27 49152 ----a-w- c:\windows\SysWow64\DSndUp.exe
2012-09-20 03:49 . 2012-10-08 23:36 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-09-20 03:49 . 2012-10-08 23:36 -------- d-----w- c:\program files (x86)\Steam
2012-09-20 03:00 . 2012-09-20 03:00 -------- d-----w- c:\program files (x86)\2K Games
2012-09-18 02:11 . 2012-09-19 18:32 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-09-16 18:33 . 2012-09-16 18:33 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-16 18:33 . 2012-09-16 18:33 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-16 18:33 . 2012-09-16 18:33 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-16 18:33 . 2012-09-16 18:33 188904 ----a-w- c:\windows\system32\java.exe
2012-09-16 18:33 . 2012-09-16 18:33 -------- d-----w- c:\program files\Java
2012-09-16 18:30 . 2012-09-16 18:33 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-16 18:30 . 2012-09-16 18:33 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-09 02:27 . 2012-09-09 02:27 -------- dc-h--w- c:\programdata\{3689B77C-90FA-4663-91AB-5AB34383CD81}
2012-09-09 02:24 . 2012-09-09 02:24 -------- dc-h--w- c:\programdata\{24E3A4D8-9E57-4B19-9715-6E61513095D7}
2012-09-09 02:23 . 2012-09-09 02:23 -------- dc-h--w- c:\programdata\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 00:20 . 2012-07-18 18:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 00:20 . 2012-07-18 18:13 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-29 01:24 . 2012-07-03 14:32 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24 . 2011-11-30 13:13 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-28 03:47 . 2012-07-28 03:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-28 03:47 . 2012-07-28 03:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-28 03:47 . 2012-07-28 03:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-28 03:47 . 2012-07-28 03:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-28 03:47 . 2012-07-28 03:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-28 03:46 . 2012-07-28 03:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-28 03:46 . 2012-07-28 03:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-13 17:26 . 2012-07-13 17:26 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-07-13 17:26 . 2012-07-13 17:26 3216384 ----a-w- c:\windows\system32\msi.dll
2012-07-13 17:26 . 2012-07-13 17:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-07-13 17:25 . 2012-07-13 17:25 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-07-13 17:25 . 2012-07-13 17:25 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-07-13 17:25 . 2012-07-13 17:25 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-10-16 16:46 97072 ----a-w- c:\program files (x86)\Nero\Tools\InCD\NBHshx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 5.1 Free"="0" [X]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Nexus"="c:\program files (x86)\Winstep\Nexus.exe" [2011-11-18 13599872]
"SmartRAM"="c:\program files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" [2012-07-31 428928]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"AsioReg"="CTASIO.DLL" [2002-07-19 106496]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-06 296056]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-02-24 328800]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=KORGUM64.DRV
"midi5"=KORGUM64.DRV
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2008-03-26 36432]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 00:20]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 07:06]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-30 07:06]
.
2012-10-09 c:\windows\Tasks\ReclaimerResumeInstall_living room.job
- c:\users\living room\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-08 23:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2009-10-16 16:46 110384 ----a-w- c:\program files\Nero\Tools\InCD\NBHshx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi2"=KORGUM64.DRV
"midi5"=KORGUM64.DRV
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
FF - ProfilePath - c:\users\living room\AppData\Roaming\Mozilla\Firefox\Profiles\g7tbw4ca.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-dBpowerAMP Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:3f,f8,86,8c,a7,06,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,c6,6f,a3,14,56,8a,4c,81,65,df,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,c6,6f,a3,14,56,8a,4c,81,65,df,\
.
[HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\00\04\17+\1aß"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Nero\Tools\InCD\InCDSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
c:\program files (x86)\M-Audio\Oxygen\AudioDevMon.exe
c:\program files (x86)\Winstep\WsxService.exe
c:\program files (x86)\IObit\Game Booster 3\gbtray.exe
.
**************************************************************************
.
Completion time: 2012-10-08 20:00:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-09 01:00
.
Pre-Run: 7,513,047,040 bytes free
Post-Run: 7,475,748,864 bytes free
.
- - End Of File - - 77114C2745542126049F9E9C473DA5B9

 

[Broni]

Looks good

Any current issues?

===========================

Uninstall Advanced SystemCare 5.
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

========================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Yogin]

Definitely running better. Still can not open messages etc in firefox or opera, must use chrome. Figure a reinstall might fix that.

Here is OTL.txt ~

OTL logfile created on: 10/8/2012 9:12:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\living room\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.01% Memory free
4.91 Gb Paging File | 3.48 Gb Available in Paging File | 70.83% Paging File free
Paging file location(s): c:\pagefile.sys 3019 3019 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.91 Gb Total Space | 7.00 Gb Free Space | 4.70% Space Free | Partition Type: NTFS

Computer Name: YOGI-PC | User Name: living room | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/08 20:41:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\living room\Desktop\OTL.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/06/06 13:23:27 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/23 19:37:44 | 000,609,624 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
PRC - [2012/04/05 21:30:58 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2012/02/24 17:18:46 | 000,328,800 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/11/18 07:28:08 | 013,599,872 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\Nexus.exe
PRC - [2011/03/30 02:05:00 | 000,393,616 | ---- | M] (KORG Inc.) -- C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
PRC - [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\WsxService.exe
PRC - [2010/03/04 08:35:54 | 001,632,776 | ---- | M] (M-Audio) -- C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
PRC - [2009/10/16 11:46:12 | 001,420,592 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Tools\InCD\InCDSrv.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/04 01:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/08 19:20:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/05 23:37:28 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/07 07:06:59 | 000,114,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/26 18:08:10 | 003,417,376 | ---- | M] () [Disabled | Stopped] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/02/11 19:26:22 | 000,377,344 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- C:\Program Files (x86)\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2011/02/11 03:47:34 | 000,337,200 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)
SRV - [2010/09/27 19:07:06 | 000,318,144 | ---- | M] (Utipu inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\uTIPu\TipCtrl.exe -- (TipCtrl)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 08:35:54 | 001,632,776 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe -- (OxygenAudioDevMon)
SRV - [2009/10/16 11:46:22 | 000,053,560 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Nero\Tools\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2009/10/16 11:46:12 | 001,420,592 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Tools\InCD\InCDSrv.exe -- (InCDSrv)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/04 00:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/05/23 18:49:08 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/04 09:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)
DRV:64bit: - [2011/11/30 11:06:23 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/11/30 09:51:51 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/30 09:51:51 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/09 11:42:56 | 000,013,824 | ---- | M] (nerds.de) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\loopbe1.sys -- (LoopBeMidi1)
DRV:64bit: - [2011/03/30 02:13:00 | 000,033,656 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KORGUM64.SYS -- (KORGUMDS)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/03/04 08:35:52 | 000,134,664 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioOxygen.sys -- (OXYGEN)
DRV:64bit: - [2009/10/16 11:43:18 | 000,168,984 | ---- | M] (Nero AG) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\InCDFs.sys -- (InCDFs)
DRV:64bit: - [2009/10/16 11:43:14 | 000,022,040 | ---- | M] (Nero AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\InCDRec.sys -- (InCDRec)
DRV:64bit: - [2009/10/16 11:43:08 | 000,060,952 | ---- | M] (Nero AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InCDPass.sys -- (InCDPass)
DRV:64bit: - [2009/09/17 17:52:22 | 000,765,448 | ---- | M] (Eugene Gavrilov) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kx.sys -- (kxwdmdrv)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 22:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6232e.sys -- (e1express)
DRV:64bit: - [2008/03/26 14:31:26 | 000,036,432 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dfmirage.sys -- (dfmirage)
DRV:64bit: - [1999/12/31 19:00:00 | 000,070,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV - [2012/07/05 13:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/07/19 11:55:42 | 000,643,072 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2002/07/19 11:54:10 | 000,110,592 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2002/07/19 11:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\CTPRXY2K.SYS -- (ctprxy2k)
DRV - [2002/07/19 11:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\CTOSS2K.SYS -- (ossrv)
DRV - [2002/07/19 11:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\CTAC32K.SYS -- (ctac32k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 4E BC 6F F3 C1 CC 01 [binary data]
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\..\SearchScopes,DefaultScope = {8B7E7CAC-70DC-421D-AAFF-894C70E5B6B3}
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\..\SearchScopes\{74FF3E40-2F1D-4ECB-9AF6-D51D4B53086A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=685749&p={searchTerms}
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\..\SearchScopes\{8B7E7CAC-70DC-421D-AAFF-894C70E5B6B3}: "URL" = http://search.yahoo.com/?ourmark=4&p={searchTerms}
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - prefs.js..extensions.enabledAddons: https-facebook@niyaz.pk:0.4
FF - prefs.js..extensions.enabledAddons: superstart@enjoyfreeware.org:3.6.3
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.81
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {37fa1426-b82d-11db-8314-0800200c9a66}:2.9.12
FF - prefs.js..extensions.enabledAddons: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: Noia4Options@ArisT2:1.7.4
FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.3
FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.19
FF - prefs.js..extensions.enabledAddons: {faf13420-5e24-11e0-80e3-0800200c9a66}:1.7.4


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Components: C:\USERS\LIVING ROOM\APPDATA\LOCAL\WATERFOX\COMPONENTS [2012/03/23 14:19:16 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 11.0\extensions\\Plugins: C:\USERS\LIVING ROOM\APPDATA\LOCAL\WATERFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/09 21:10:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/28 18:31:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 07:06:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/03 09:32:04 | 000,000,000 | ---D | M]

[2011/12/06 07:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\Extensions
[2011/12/06 07:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012/10/05 23:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\Firefox\Profiles\g7tbw4ca.default\extensions
[2012/10/05 23:19:31 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\living room\AppData\Roaming\mozilla\Firefox\Profiles\g7tbw4ca.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/09/21 00:55:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\living room\AppData\Roaming\mozilla\Firefox\Profiles\g7tbw4ca.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/16 13:40:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\living room\AppData\Roaming\mozilla\Firefox\Profiles\g7tbw4ca.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/29 20:09:22 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\living room\AppData\Roaming\mozilla\Firefox\Profiles\g7tbw4ca.default\extensions\superstart@enjoyfreeware.org
[2012/06/23 14:59:27 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\adblockpopups@jessehakanen.net.xpi
[2011/12/10 08:24:17 | 000,047,822 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\browserprotect@browserprotect.com.xpi
[2011/12/28 14:11:03 | 000,012,748 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\desopa@congress.public.xpi
[2012/09/26 02:21:23 | 000,011,697 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\facebookbutton@facebook.invalid.xpi
[2012/06/20 22:45:26 | 000,319,802 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\firefox@facebook.com.xpi
[2011/12/04 16:20:33 | 000,005,831 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\https-facebook@niyaz.pk.xpi
[2012/01/11 01:06:10 | 000,009,689 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\info@skymeissner.com.xpi
[2012/04/27 00:49:21 | 000,272,844 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012/09/19 17:47:43 | 000,149,849 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\Noia4Options@ArisT2.xpi
[2011/12/04 16:20:33 | 000,015,394 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\scanner@ednovak.net.xpi
[2012/07/09 17:25:31 | 000,263,891 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\sharemenot@franziroesner.com.xpi
[2012/06/05 08:43:42 | 000,139,897 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\socialfixer@mattkruse.com.xpi
[2012/09/11 23:38:19 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\testpilot@labs.mozilla.com.xpi
[2012/10/02 18:29:03 | 000,085,907 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi
[2012/09/19 17:47:44 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012/09/13 16:57:25 | 000,067,812 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2012/09/08 15:37:32 | 000,195,879 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2011/11/30 04:53:20 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012/09/05 23:28:02 | 000,269,659 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012/09/26 02:21:25 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/05/28 22:33:07 | 000,035,719 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi
[2012/07/11 12:31:53 | 000,177,357 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
[2012/07/25 12:37:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/21 00:33:29 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011/12/04 16:20:34 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/07/22 07:10:08 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/10/03 22:31:06 | 000,257,937 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/09/19 17:47:44 | 001,544,034 | ---- | M] () (No name found) -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2011/11/30 07:33:53 | 000,002,354 | ---- | M] () -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\searchplugins\aol-web-search.xml
[2012/01/20 18:47:17 | 000,002,281 | ---- | M] () -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\searchplugins\s-amazon.xml
[2011/12/08 13:00:52 | 000,004,912 | ---- | M] () -- C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\g7tbw4ca.default\searchplugins\search-here.xml
[2012/09/06 18:52:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/12 09:53:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/03 09:32:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/06 18:52:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/07 07:06:59 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/06 13:23:40 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2011/10/26 13:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/08/28 18:12:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/28 18:12:31 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

 

[Yogin]

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Disabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2012/10/08 19:55:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AsioReg] C:\Windows\SysWow64\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe (KORG Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe (SONIX)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe (Winstep Software Technologies)
O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m File not found
O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9486293-EF9D-4EDB-BB9E-72D5A7DA36FE}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/08 20:41:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\living room\Desktop\OTL.exe
[2012/10/08 20:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/10/08 20:36:00 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/10/08 20:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Add Remove Cleaner
[2012/10/08 20:00:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/08 20:00:41 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Local\temp
[2012/10/08 19:55:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/08 19:40:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/08 19:40:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/08 19:40:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/08 19:37:58 | 004,764,063 | R--- | C] (Swearware) -- C:\Users\living room\Desktop\ComboFix.exe
[2012/10/08 17:25:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/08 17:23:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/08 16:36:44 | 000,000,000 | ---D | C] -- C:\Users\living room\Desktop\RK_Quarantine
[2012/10/08 13:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/10/08 13:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/10/07 17:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/10/07 17:45:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/10/07 17:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/10/07 15:14:04 | 000,000,000 | ---D | C] -- C:\Users\living room\Desktop\Victor
[2012/10/03 20:38:04 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Local\{95B4EA89-D1FE-4323-9116-52EEDDDFD60E}
[2012/09/28 19:40:23 | 000,000,000 | ---D | C] -- C:\Users\living room\Desktop\phone pics 2
[2012/09/28 19:38:47 | 000,000,000 | ---D | C] -- C:\Users\living room\Desktop\Robs House
[2012/09/20 13:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices
[2012/09/19 22:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/09/19 22:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/09/19 22:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/09/19 22:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
[2012/09/19 22:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2012/09/17 21:11:41 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012/09/16 13:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/15 14:31:07 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Local\{B774529A-B455-47C1-9617-70D5C7453A74}
[2012/09/08 21:27:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3689B77C-90FA-4663-91AB-5AB34383CD81}
[2012/09/08 21:24:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{24E3A4D8-9E57-4B19-9715-6E61513095D7}
[2012/09/08 21:23:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{442B6EC3-77A0-4817-825F-67F47D7A2E54}
[12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/08 20:56:25 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/08 20:41:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\living room\Desktop\OTL.exe
[2012/10/08 20:36:00 | 000,001,224 | ---- | M] () -- C:\Users\living room\Desktop\Revo Uninstaller.lnk
[2012/10/08 20:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/08 20:08:08 | 000,016,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 20:08:08 | 000,016,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/08 20:03:08 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/08 20:02:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/08 20:02:42 | 1583,566,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/08 19:55:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/08 19:54:37 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstall_living room.job
[2012/10/08 19:38:13 | 004,764,063 | R--- | M] (Swearware) -- C:\Users\living room\Desktop\ComboFix.exe
[2012/10/08 18:17:43 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/08 18:17:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/08 17:12:37 | 000,005,909 | ---- | M] () -- C:\Users\living room\Desktop\Techspot help 2.rtf
[2012/10/08 16:52:19 | 000,000,512 | ---- | M] () -- C:\Users\living room\Desktop\MBR.dat
[2012/10/08 16:28:18 | 000,002,282 | ---- | M] () -- C:\Users\living room\Desktop\tech spot help.rtf
[2012/10/08 15:42:18 | 000,329,660 | ---- | M] () -- C:\Users\living room\Desktop\FireShot Screen Capture #034 - 'UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums' - www_techspot_com_community_topics_updated-5-step-viruses-spyware-malware-preliminary-r.pdf
[2012/10/08 13:08:55 | 000,001,121 | ---- | M] () -- C:\Users\living room\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/09/26 19:20:58 | 001,312,538 | ---- | M] () -- C:\Users\living room\9-26-2012 Project save.RPP
[2012/09/25 18:10:57 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/25 18:10:57 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/25 18:10:57 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/19 22:17:13 | 000,002,306 | ---- | M] () -- C:\Users\Public\Desktop\Borderlands 2.lnk
[2012/09/19 13:45:23 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/19 12:42:42 | 000,355,765 | ---- | M] () -- C:\Users\living room\Desktop\RMA_Form for powerpayless.com
[2012/09/15 09:24:08 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2012/09/13 20:40:01 | 000,001,013 | ---- | M] () -- C:\Users\living room\Desktop\Eusing Free Registry Cleaner.lnk
[2012/09/12 20:21:33 | 000,001,127 | ---- | M] () -- C:\Users\living room\Desktop\Advanced SystemCare 5.lnk
[2012/09/12 20:21:22 | 000,001,182 | ---- | M] () -- C:\Users\living room\Desktop\Turbo Boost.lnk
[2012/09/08 21:30:44 | 000,001,655 | ---- | M] () -- C:\Users\living room\Desktop\Traktor Pro - Shortcut.lnk
[12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/08 20:36:00 | 000,001,224 | ---- | C] () -- C:\Users\living room\Desktop\Revo Uninstaller.lnk
[2012/10/08 19:40:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/08 19:40:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/08 19:40:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/08 19:40:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/08 19:40:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/08 18:38:02 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstall_living room.job
[2012/10/08 18:17:43 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/08 17:12:37 | 000,005,909 | ---- | C] () -- C:\Users\living room\Desktop\Techspot help 2.rtf
[2012/10/08 16:52:19 | 000,000,512 | ---- | C] () -- C:\Users\living room\Desktop\MBR.dat
[2012/10/08 16:28:18 | 000,002,282 | ---- | C] () -- C:\Users\living room\Desktop\tech spot help.rtf
[2012/10/08 15:42:18 | 000,329,660 | ---- | C] () -- C:\Users\living room\Desktop\FireShot Screen Capture #034 - 'UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums' - www_techspot_com_community_topics_updated-5-step-viruses-spyware-malware-preliminary-r.pdf
[2012/10/08 13:08:55 | 000,001,121 | ---- | C] () -- C:\Users\living room\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/09/26 19:20:58 | 001,312,538 | ---- | C] () -- C:\Users\living room\9-26-2012 Project save.RPP
[2012/09/19 22:17:13 | 000,002,306 | ---- | C] () -- C:\Users\Public\Desktop\Borderlands 2.lnk
[2012/09/19 13:45:23 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/19 12:45:48 | 000,355,765 | ---- | C] () -- C:\Users\living room\Desktop\RMA_Form for powerpayless.com
[2012/09/15 09:24:08 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\ClipGrab.lnk
[2012/09/13 20:38:44 | 000,001,013 | ---- | C] () -- C:\Users\living room\Desktop\Eusing Free Registry Cleaner.lnk
[2012/09/12 20:21:33 | 000,001,127 | ---- | C] () -- C:\Users\living room\Desktop\Advanced SystemCare 5.lnk
[2012/09/12 20:21:22 | 000,001,182 | ---- | C] () -- C:\Users\living room\Desktop\Turbo Boost.lnk
[2012/09/08 21:30:44 | 000,001,655 | ---- | C] () -- C:\Users\living room\Desktop\Traktor Pro - Shortcut.lnk
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/13 13:06:30 | 004,417,024 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2012/03/10 08:55:16 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/03/10 08:55:10 | 006,454,984 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2012/03/10 08:55:10 | 001,146,161 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2012/03/10 08:55:10 | 000,371,592 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/03/10 08:55:10 | 000,206,473 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/03/10 08:55:10 | 000,142,473 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2012/02/26 11:47:02 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/02/26 11:46:18 | 000,260,608 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2012/02/26 11:46:00 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2012/02/26 11:46:00 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2012/02/26 11:45:58 | 001,525,248 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2012/02/26 11:45:58 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2012/02/26 11:45:56 | 000,212,480 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2012/02/26 11:45:56 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2012/02/26 11:45:54 | 000,328,704 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2012/02/26 11:45:54 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/11 13:52:19 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/11 11:14:42 | 000,000,179 | ---- | C] () -- C:\Windows\EQ3D.ini
[2011/12/17 09:52:10 | 000,000,412 | ---- | C] () -- C:\Users\living room\AppData\Roaming\All CPU Meter_Settings.ini
[2011/12/11 10:34:04 | 000,000,339 | ---- | C] () -- C:\Users\living room\AppData\Roaming\Drives Meter_Settings.ini
[2011/12/10 22:59:18 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/12/10 22:59:18 | 000,017,877 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011/12/06 17:06:16 | 000,101,072 | ---- | C] () -- C:\Windows\UTP.exe
[2011/12/06 11:57:34 | 000,007,602 | ---- | C] () -- C:\Users\living room\AppData\Local\Resmon.ResmonCfg
[2011/12/04 00:09:24 | 000,005,120 | ---- | C] () -- C:\Users\living room\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/02 02:06:59 | 000,000,231 | ---- | C] () -- C:\Windows\AC3API.INI
[2011/12/02 02:06:58 | 001,048,576 | ---- | C] () -- C:\Windows\SysWow64\SFMAN.DAT
[2011/12/02 02:06:37 | 000,037,727 | ---- | C] () -- C:\Windows\SysWow64\Emu10kx.ini
[2011/12/02 02:06:37 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2011/12/02 02:06:33 | 000,179,669 | ---- | C] () -- C:\Windows\SysWow64\CTSTATIC.DAT
[2011/12/02 02:06:33 | 000,164,044 | ---- | C] () -- C:\Windows\SysWow64\CTDLANG.DAT
[2011/12/02 02:06:33 | 000,113,373 | ---- | C] () -- C:\Windows\SysWow64\CTBASICW.DAT
[2011/12/02 02:06:33 | 000,113,273 | ---- | C] () -- C:\Windows\SysWow64\CTBAS2W.DAT
[2011/12/02 02:06:33 | 000,044,055 | ---- | C] () -- C:\Windows\SysWow64\CTDAUGHT.DAT
[2011/12/02 02:06:31 | 000,184,320 | ---- | C] () -- C:\Windows\PSCONV.EXE
[2011/12/02 02:06:31 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\KILLAPPS.EXE
[2011/12/02 02:06:31 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\REGPLIB.EXE
[2011/12/02 02:06:31 | 000,000,180 | ---- | C] () -- C:\Windows\SysWow64\KILL.INI
[2011/12/02 02:06:30 | 000,065,536 | ---- | C] ( ) -- C:\Windows\SysWow64\A3D.DLL
[2011/11/30 10:48:47 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011/11/30 10:48:47 | 000,000,058 | ---- | C] () -- C:\Users\living room\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011/11/30 10:22:44 | 000,843,776 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2011/11/30 10:22:44 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2011/11/30 10:22:43 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2011/11/30 10:22:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2011/11/30 10:22:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2011/11/30 07:53:58 | 000,064,764 | ---- | C] () -- C:\Users\living room\AppData\Roaming\UserTile.png
[2011/11/30 07:50:47 | 000,109,016 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/11/30 06:38:27 | 000,030,155 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2011/11/30 05:51:00 | 000,000,128 | ---- | C] () -- C:\Windows\SBWIN.INI
[2011/11/30 03:52:09 | 000,030,756 | ---- | C] () -- C:\Windows\SysWow64\e10kxwdm.ini
[2011/11/24 21:16:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/08 09:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/09/08 09:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/09/08 09:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/09/08 09:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/09/08 09:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/09/08 09:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/09/08 09:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/09/08 09:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/09/08 08:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/09/08 08:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/02/11 03:47:34 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 05:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 03:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/05 17:47:50 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Ableton
[2011/12/25 19:45:05 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\All Free Disc Burner
[2012/03/23 15:15:34 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\AnvSoft
[2012/10/08 14:05:19 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Azureus
[2012/03/23 11:56:00 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Bidgood Svcs
[2012/01/18 23:51:13 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Canneverbe Limited
[2011/11/30 07:50:42 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\com.facebookdesktop.app
[2011/12/13 15:02:50 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Copernic
[2011/12/06 08:11:16 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Creevity Mp3 Cover Downloader
[2011/11/30 10:48:47 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\DonationCoder
[2012/03/05 23:56:09 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\DraftSight
[2012/06/03 15:48:08 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\DVDVideoSoft
[2011/12/28 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\FireShot
[2012/01/05 10:53:18 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Foxit Software
[2011/12/13 10:18:21 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\GetRightToGo
[2011/12/02 16:07:27 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\GlarySoft
[2011/12/13 09:56:18 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Highresolution Enterprises
[2011/12/29 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\ImgBurn
[2011/12/12 13:31:31 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\InfraRecorder
[2012/08/08 21:51:29 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\IObit
[2011/12/11 14:24:58 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\IrfanView
[2012/01/02 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\iZotope
[2011/11/30 16:51:58 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Korg
[2012/05/21 14:27:16 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\OpenOffice.org
[2011/12/12 12:41:15 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Opera
[2011/12/31 13:18:53 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Proteus VX
[2011/11/30 06:38:43 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Q-Dir
[2012/01/13 17:43:00 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\REAPER
[2012/01/21 00:03:09 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\SMRecorder
[2011/12/06 07:59:31 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Songbird2
[2011/12/06 16:44:58 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Stardock
[2012/01/02 14:49:07 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Teragon Audio
[2011/12/06 18:40:49 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\ThemeManager
[2011/12/02 21:35:30 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\WinBatch
[2011/12/06 17:59:22 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Windows 7 Taskbar Color Changer
[2012/08/15 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Windows Live Writer
[2012/05/27 09:25:12 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\WinPatrol

========== Purity Check ==========



< End of report >

 

[Yogin]

And the extras.txt ~ not finding it...

 

[Yogin]

Messages in facebook as to firefox & opera...

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  O3:64bit: - HKLM\..\Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No CLSID value found.
  O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe" /m File not found
  O4 - HKU\S-1-5-21-1770259247-518088782-3831662574-1000..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found
  O8:64bit: - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
  O8:64bit: - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
  O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
  O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
  [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
  
  [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  
  [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  
  [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
  
  [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  "" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 05:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Apartment
  
  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  "" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 03:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Apartment
  
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
  "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Free
  
  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Free
  
  [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
  "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
  "ThreadingModel" = Both
  
  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

• Double click on adwcleaner.exe to run the tool.
• Click on Uninstall.
• Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Yogin]

Was stuck on shutting down for like an hour, then held power button, got this when started...
All processes killed
========== OTL ==========
HKU\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ not found.
Registry value HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SmartRAM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1770259247-518088782-3831662574-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft ScreenHunter 5.1 Free deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &1\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Client to monitor &2\ not found.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: living room
->Temp folder emptied: 2631880 bytes
->Temporary Internet Files folder emptied: 56535824 bytes
->Java cache emptied: 450274 bytes
->FireFox cache emptied: 75717954 bytes
->Google Chrome cache emptied: 199002536 bytes
->Opera cache emptied: 11433 bytes
->Flash cache emptied: 15220687 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 22283776 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 448512 bytes

Total Files Cleaned = 355.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: living room
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: living room
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10082012_221545

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[Yogin]

Run in safe mode?

 

[Yogin]

And have lost firefox scroll button...