Tertuliano
-
Posts
12 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Tertuliano
-
-
Hi, Gringo.
I'm sorry for my late reply. I started following your instructions on your latest post, but when I begun the Eset online scanning, it look like it was going to take more than a couple of hours to complete. Since I had to leave town for the weekend, I didn't want to leave my computre running all that time. Anyway, I removed the start-up entries, and this is what the scan came up with:
C:\Users\Pixeles Libres\AppData\Roaming\OpenCandy\OpenCandy_038F1A986C7045EDB02975550DE4C5B2\GameHouseSupercollapse3_p1v6.exe Win32/OpenCandy application
C:\Users\Pixeles Libres\Desktop\Stuff\Riot-setup.zip Win32/OpenCandy application
C:\Users\Pixeles Libres\Desktop\Stuff\ImTOO.Video.Joiner.2.0.1.Build.0111\video-joiner2.exe Win32/Toolbar.Zugo application
C:\Users\Pixeles Libres\Downloads\adlsoft_uncompressor_3_3_last.exe Win32/Toolbar.Zugo application
C:\Users\Pixeles Libres\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ application
C:\Users\Pixeles Libres\Downloads\MediaInfo_GUI_0.7.47_Windows_x64.exe Win32/OpenCandy application
C:\Users\Pixeles Libres\Downloads\SUPERsetup (1).exe Win32/OpenCandy application
Thanks again.
-
Hi, Gringo.
I did everything on the list.Here are both reports. Just as a note, Malwarebytes reported 1 infected file, but I chose to ignore it because I believe the program CoreTemp it's not really a threat. If I'm mistaken, please let me know, but according to the developers, most anti-virus and anti-malware programs will detect it as a threat.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.28.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pixeles Libres :: PIXELESLIBRES [administrator]
6/28/2012 4:28:39 AM
mbam-log-2012-06-28 (04-34-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209029
Time elapsed: 2 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Pixeles Libres\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> No action taken.
(end)
=======================================================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:39:32 AM, on 6/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
C:\Users\Pixeles Libres\Desktop\Stuff\Snagit 11.0.1.93 Portable\Snagit 11.exe
C:\Users\Pixeles Libres\Desktop\Stuff\Snagit 11.0.1.93 Portable\Snagit 11.exe
C:\Users\Pixeles Libres\Desktop\Stuff\Snagit 11.0.1.93 Portable\Snagit 11.exe
C:\Users\Pixeles Libres\Desktop\Stuff\Snagit 11.0.1.93 Portable\Snagit 11 Editor.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Pixeles Libres\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{89F81B29-6BC8-4668-A49A-114987D904F5}: NameServer = 209.18.47.61,209.18.47.62
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11747 bytes
============================================
Thanks again.
-
Yes sir, that did it. Thank you so much. Now, before I celebrate in joy, let me ask you a novice question: Should I still be concerned about my computer being infected with malware or virus? Was the problem in Chrome just an isolated aftermath of the initial problem, or was it a problem on its own? I just want to be sure that this Chrome extension didn't just fix the problem in a superficial level, leaving the malware or virus laying somewhere in my computer.
-
Hello.
I ran the script but Chrome still brings up the mysearchresults.com (Search Results, LLC) page whenever I open a new tab. Looks like there's nothing I can do about it under Chrome settings either. I did some more research and found two interesting articles about this problem. Here's one, and here's the other one. I don't know if they're legit or not, but the first one gives a method on how to remove it manually. Again, I have not tried it because I don't know if they're for real. Anyway, I thought they might help. What do you think? Thanks so much again, Gringo.
Here's the report from the latest script:
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
Unable to delete ADS C:\Windows: .
File C:\._? not found.
File C:\._? not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Pixeles Libres\Desktop\cmd.bat deleted successfully.
C:\Users\Pixeles Libres\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Pixeles Libres
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Pixeles Libres
->Flash cache emptied: 798 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.51.0 log created on 06262012_164943
-
I never use IE, so I wouldn't be too sure. Right now it had a Chinese website as homepage and search engine (www.daum.net), but I was able to switch homepage and search engine back to defaults without any conflict. After closing it and opening it again, the defaults are still set and it appears to behave normally. I'm not sure about this, but I think the homepage and search engine were modified on IE when I installed a media player called PotPlayer, since this program was installed in a folder called Daum under Program Files. Still, I would find it odd if a virus or malware would mess up FF and Chrome, and not IE. Anyway, here's the new report:
OTL logfile created on: 6/24/2012 11:15:57 AM - Run 2
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Pixeles Libres\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
15.98 Gb Total Physical Memory | 13.85 Gb Available Physical Memory | 86.70% Memory free
25.67 Gb Paging File | 23.29 Gb Available in Paging File | 90.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 13.06 Gb Free Space | 17.55% Space Free | Partition Type: NTFS
Drive D: | 923.74 Gb Total Space | 66.47 Gb Free Space | 7.20% Space Free | Partition Type: HFSJ
Drive E: | 931.19 Gb Total Space | 87.99 Gb Free Space | 9.45% Space Free | Partition Type: HFSJ
Drive M: | 931.19 Gb Total Space | 81.37 Gb Free Space | 8.74% Space Free | Partition Type: HFSJ
Computer Name: PIXELESLIBRES | User Name: Pixeles Libres | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Pixeles Libres\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (Mediafour Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (MacDrive8Service) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation)
SRV:64bit: - (Intel® PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (DefaultTabSearch) -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe ()
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (M4LIC) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (Mediafour Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (MDPMGRNT) -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS (Mediafour Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (MDFSYSNT) -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS (Mediafour Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (CBDisk) -- C:\Windows\SysNative\drivers\CBDisk.sys (EldoS Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 68 91 C2 2C 52 CD 01 [binary data]
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E18E798C-0A7E-410C-9C9C-349E0F52DEF7}&mid=924e7ba387c847d0b25fd16fc5f055f5-9a54de853bd847c8b5527f75a6f131027a770287〈=en&ds=gm011&pr=sa&d=2012-04-28 23:08:16&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/05/11 15:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 12:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/05/11 18:44:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 12:59:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/05/11 13:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Extensions
[2012/06/23 16:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions
[2012/04/28 23:19:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/29 00:09:01 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\firefox@ghostery.com
[2011/05/11 13:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/11 15:27:25 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\PIXELES LIBRES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CKPNCN01.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012/04/28 23:19:28 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PIXELES LIBRES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CKPNCN01.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/13 08:26:34 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\PIXELES LIBRES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CKPNCN01.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/06/21 12:59:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/28 23:08:12 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/28 23:05:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/28 23:05:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\plugins/npDefaultTabSearch.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: DefaultTab = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\
CHR - Extension: Gmail = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
O1 HOSTS File: ([2012/06/22 17:00:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ACPW05EN] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89F81B29-6BC8-4668-A49A-114987D904F5}: NameServer = 209.18.47.61,209.18.47.62
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/24 17:08:24 | 000,000,000 | R--D | C] -- C:\Users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/06/23 21:30:56 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/23 19:20:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/23 19:15:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/23 16:24:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/23 16:22:31 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/23 16:22:31 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/23 16:22:31 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/23 16:22:10 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/23 16:22:10 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/23 16:22:10 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/23 16:21:48 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/23 16:21:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/22 20:00:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Pixeles Libres\Desktop\OTL.exe
[2012/06/22 17:33:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/06/22 16:53:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/22 16:53:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/22 16:53:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/22 16:53:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 16:52:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 16:40:25 | 004,565,264 | R--- | C] (Swearware) -- C:\Users\Pixeles Libres\Desktop\ComboFix.exe
[2012/06/21 12:00:21 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Local\{D27F49F9-BE3D-4E4F-B98D-6336B1909080}
[2012/06/21 12:00:04 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Local\{453FB431-1A0F-418B-AF76-C0F23F9E0BD2}
[2012/06/21 11:27:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Pixeles Libres\Desktop\dds.scr
[2012/06/21 10:57:09 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Local\Macromedia
[2012/06/13 09:18:04 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2012/06/13 09:18:04 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2012/06/13 09:18:03 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2012/06/13 09:18:03 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2012/06/13 09:18:03 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2012/06/13 09:18:03 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2012/06/13 09:18:03 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2012/06/13 09:18:03 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2012/06/13 09:18:03 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2012/06/13 09:18:02 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2012/06/13 09:18:01 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2012/06/13 09:18:01 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2012/06/13 09:18:01 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2012/06/13 09:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2012/06/13 09:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/06/13 08:32:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 08:32:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 08:32:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 08:32:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 08:32:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 08:32:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 08:32:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 08:32:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 08:32:18 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 08:32:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 08:32:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 08:32:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 08:32:17 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 08:31:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 08:31:09 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 08:31:08 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 08:31:08 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/06/13 08:30:57 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 08:30:56 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/06/13 08:30:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 08:30:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 08:30:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 08:30:28 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 08:30:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
========== Files - Modified Within 30 Days ==========
[2012/06/24 17:08:15 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/06/24 17:07:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/24 17:07:36 | 4276,797,438 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/24 11:12:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/24 11:12:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/23 21:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/23 21:35:05 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000UA.job
[2012/06/23 21:35:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000Core.job
[2012/06/23 19:40:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/23 19:40:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/22 20:01:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Pixeles Libres\Desktop\OTL.exe
[2012/06/22 17:34:33 | 000,001,374 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\Snagit 11.lnk
[2012/06/22 17:00:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/22 16:40:31 | 004,565,264 | R--- | M] (Swearware) -- C:\Users\Pixeles Libres\Desktop\ComboFix.exe
[2012/06/22 16:38:37 | 000,881,475 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\SecurityCheck.exe
[2012/06/21 12:56:21 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012/06/21 11:27:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Pixeles Libres\Desktop\dds.scr
[2012/06/21 10:55:32 | 002,296,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/21 10:55:32 | 000,701,608 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/06/21 10:55:32 | 000,625,722 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012/06/21 10:55:32 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/21 10:55:32 | 000,137,212 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/06/21 10:55:32 | 000,123,890 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012/06/21 10:55:32 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/13 09:18:05 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2012/06/13 09:14:53 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/06/13 09:11:59 | 000,000,993 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\PotPlayer x64.lnk
[2012/06/13 08:56:31 | 004,973,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 08:50:27 | 000,002,847 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk
[2012/06/02 16:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 16:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 16:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 16:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 16:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 16:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
========== Files Created - No Company Name ==========
[2012/06/23 21:30:31 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000UA.job
[2012/06/23 21:30:31 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000Core.job
[2012/06/22 17:34:33 | 000,001,374 | ---- | C] () -- C:\Users\Pixeles Libres\Desktop\Snagit 11.lnk
[2012/06/22 16:53:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/22 16:53:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/22 16:53:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/22 16:53:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/22 16:53:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 16:38:33 | 000,881,475 | ---- | C] () -- C:\Users\Pixeles Libres\Desktop\SecurityCheck.exe
[2012/06/13 09:18:03 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2012/06/13 09:18:03 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012/06/13 09:18:03 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2012/06/13 09:18:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2012/06/13 09:18:02 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2012/06/13 09:18:02 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2012/06/13 09:18:01 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2012/06/13 09:18:01 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2012/06/13 09:18:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2012/06/13 09:18:01 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2012/06/13 09:14:53 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/06/13 08:50:27 | 000,002,847 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk
[2011/05/11 18:34:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/11 13:13:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/05/11 13:13:47 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/11 13:09:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/10 18:30:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/05/10 18:30:41 | 000,026,612 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/22 13:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/22 13:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
========== Files - Unicode (All) ==========
[2011/11/08 15:09:16 | 000,004,096 | -H-- | M] ()(C:\._?) -- C:\._
[2011/09/12 11:30:41 | 000,004,096 | -H-- | C] ()(C:\._?) -- C:\._
========== Alternate Data Streams ==========
@Alternate Data Stream - 108 bytes -> C:\Windows:
< End of report >
-
I just did exactly what you said, but unfortunately Chrome still has the problem. Clicking here will show you a pic. Any ideas? I know you're doing your best, and I want you to know that I greatly appreciate it. Thanks again, Gringo.
-
Hello again.
I followed your instructions, but this time ComboFix did not ask me to reboot, but I did anyways. After the reboot, I opened up Chrome and it still loads the mysearchresults.com homepage
. I find it odd that I haven't come acorss any authentic discussions about this malware anywhere online. But I'm confident you will find a way to get rid of this evil thing. Thanks again for all your time and efforts, Gringo.Here's the report:
ComboFix 12-06-21.03 - Pixeles Libres 06/23/2012 19:03:10.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.14367 [GMT -6:00]
Running from: c:\users\Pixeles Libres\Desktop\ComboFix.exe
Command switches used :: c:\users\Pixeles Libres\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 01:14 . 2012-06-24 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 22:24 . 2012-06-23 22:24 -------- d-----w- C:\_OTL
2012-06-23 22:22 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 22:22 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 22:22 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 22:22 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 22:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 22:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 22:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 22:21 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 22:21 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 23:33 . 2012-06-22 23:33 -------- d-----w- c:\windows\system32\appmgmt
2012-06-21 18:40 . 2012-06-21 18:40 4126880 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-21 16:57 . 2012-06-21 16:57 -------- d-----w- c:\users\Pixeles Libres\AppData\Local\Macromedia
2012-06-13 15:17 . 2012-06-13 15:17 -------- d-----w- c:\program files (x86)\DefaultTab
2012-06-13 14:34 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A209EA0-1699-4C59-B108-C882B9841ABB}\mpengine.dll
2012-06-13 14:31 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-13 14:31 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 14:31 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 14:31 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 14:31 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-06-13 14:31 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-13 14:28 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-13 14:26 . 2012-06-13 14:26 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 14:26 . 2012-06-13 14:26 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 18:40 . 2012-04-29 06:23 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-21 18:40 . 2011-05-22 04:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2006-05-03 18:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 19:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 21:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-07 06:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-22_23.01.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-21 18:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-23 22:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-21 18:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 22:26 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-21 18:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 22:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-12 00:39 . 2012-06-24 00:57 69912 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-24 00:57 34790 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-12 00:39 . 2012-06-23 22:29 14658 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3525391006-1020723365-2236347363-1000_UserData.bin
+ 2012-06-02 21:19 . 2012-06-02 21:19 79232 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2009-07-14 04:46 . 2012-06-24 01:00 87696 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-24 00:55 . 2012-06-24 00:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-22 22:59 . 2012-06-22 22:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-24 00:55 . 2012-06-24 00:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-22 22:59 . 2012-06-22 22:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-06-22 22:58 473312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-23 17:18 473312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-06-23 22:27 5980419 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-22 22:32 5980419 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 02:34 . 2012-06-23 22:25 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-06-13 14:53 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-05-11 20:02 . 2012-06-23 17:18 16066532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3525391006-1020723365-2236347363-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ACPW05EN"="c:\program files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-17 822384]
.
c:\users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-5-21 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-05-18 563200]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 257696]
R3 ALSysIO;ALSysIO;c:\users\PIXELE~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-07-20 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 149504]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 19:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 18:41]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000Core.job
- c:\users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 21:24]
.
2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000UA.job
- c:\users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 21:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 193536]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 146432]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.daum.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{89F81B29-6BC8-4668-A49A-114987D904F5}: NameServer = 209.18.47.61,209.18.47.62
FF - ProfilePath - c:\users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.032"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.apd"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.arw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bay"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cel"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cs1"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcx"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djv"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djvu"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fff"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.flc"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fli"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fpx"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icn"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iff"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ilbm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.int"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.inta"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iw4"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2c"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2k"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jbr"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jfif"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jif"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jp2"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpc"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpe"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpeg"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpk"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpx"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.kar"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.kdc"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.lbm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.m15"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
@Denied: (2) (LocalSystem)
"Progid"="PotPlayer64.M1A"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
@Denied: (2) (LocalSystem)
"Progid"="PotPlayer64.M2A"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.m75"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mef"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mos"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mpv"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nrw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbr"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pcx"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pgm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pics"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pix"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ppm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.psp"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspbrush"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspimage"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.qcp"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.qtpf"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ras"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.raw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgb"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgba"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rsb"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rw2"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rwl"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sdv"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sfil"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sgi"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.smf"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.smil"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sml"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sr2"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srf"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.swa"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.thm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tif"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tiff"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tsdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tsdr"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ulw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40po"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40pp"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40ppf"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50po"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50pp"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50ppf"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.vfw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbmp"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xbm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xif"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
"Progid"="ACDSee Pro 5.xmp"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-23 19:15:43
ComboFix-quarantined-files.txt 2012-06-24 01:15
ComboFix2.txt 2012-06-22 23:07
.
Pre-Run: 12,166,598,656 bytes free
Post-Run: 11,983,736,832 bytes free
.
- - End Of File - - B0AA5CF96890F6C56F6A88E286ECB7D2
-
Hi, Gringo.
So I ran the script, then it asked me to reboot. I did so, and when Windows was loading up, it seemed to be applying some kind of update. I don't know if it's related to the script or not. Either way, once I logged into Windows, I opened Firefox and the Whitesmoke toolbar was gone. However, I also opened up Chrome, and it still looked strange to me. Looking deeper into it, it turns out there's search bar for mysearchresults.com. A quick google seach tells me this is also another kind of virus/malware/spyware/key-logger. This is very frustrating. I can't believe that downloading an update for a app I've been using for years (Super) would mess up my machine so bad. Anyway, are these two things related? I don't want to abuse your kindness, but Is there something we can do about this too?
Here's the log for the script:
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\TEMP:8B4F37E5 deleted successfully.
ADS C:\Users\Pixeles Libres\Documents\Microsoft.Office.2010.ProfessionalPlus.VL.Edition.x86.and.x64-ZWTiSO:Mac_Metadata deleted successfully.
ADS C:\TheVolumeSettingsFolder:Mac_Metadata deleted successfully.
ADS C:\.Trashes:Mac_Metadata deleted successfully.
ADS C:\.TemporaryItems:Mac_Metadata deleted successfully.
ADS C:\Users\Pixeles Libres\AppData\Local\Temp:GIf3pd5xbNqwedaxFi2fNzfr4zX18 deleted successfully.
Unable to delete ADS C:\Windows: .
Registry key HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}\ not found.
Prefs.js: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13" removed from browser.startup.homepage
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=" removed from keyword.URL
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\Plugins folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\modules folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\META-INF folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\lib folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults\preferences folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\skin folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\sl folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\lib folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\core folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\404 folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui folder moved successfully.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\js folder moved successfully.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\images folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\css folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js\resources folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\api folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\res folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\img folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\css folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox folder moved successfully.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} scheduled to be moved on reboot.
C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\searchplugins\conduit.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Pixeles Libres\Desktop\cmd.bat deleted successfully.
C:\Users\Pixeles Libres\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Pixeles Libres
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 56502 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Pixeles Libres
->Flash cache emptied: 3131 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.51.0 log created on 06232012_162450
Files\Folders moved on Reboot...
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} scheduled to be moved on reboot.
Registry entries deleted on Reboot...
=============================================================
Thanks again.
-
Thanks again, Gringo. Here's the report:
OTL
OTL logfile created on: 6/22/2012 8:02:44 PM - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Pixeles Libres\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
15.98 Gb Total Physical Memory | 13.84 Gb Available Physical Memory | 86.60% Memory free
26.39 Gb Paging File | 23.97 Gb Available in Paging File | 90.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 12.36 Gb Free Space | 16.61% Space Free | Partition Type: NTFS
Drive D: | 923.74 Gb Total Space | 65.96 Gb Free Space | 7.14% Space Free | Partition Type: HFSJ
Drive E: | 931.19 Gb Total Space | 87.99 Gb Free Space | 9.45% Space Free | Partition Type: HFSJ
Drive M: | 931.19 Gb Total Space | 85.28 Gb Free Space | 9.16% Space Free | Partition Type: HFSJ
Computer Name: PIXELESLIBRES | User Name: Pixeles Libres | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Pixeles Libres\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe ()
PRC - C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (Mediafour Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (MacDrive8Service) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation)
SRV:64bit: - (Intel® PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DefaultTabSearch) -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe ()
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (M4LIC) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (Mediafour Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (MDPMGRNT) -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS (Mediafour Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (MDFSYSNT) -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS (Mediafour Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (CBDisk) -- C:\Windows\SysNative\drivers\CBDisk.sys (EldoS Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 CA 90 0F E6 34 CC 01 [binary data]
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{6E3BC683-3A17-4DCF-861B-E7556301026C}: "URL" = http://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E18E798C-0A7E-410C-9C9C-349E0F52DEF7}&mid=924e7ba387c847d0b25fd16fc5f055f5-9a54de853bd847c8b5527f75a6f131027a770287〈=en&ds=gm011&pr=sa&d=2012-04-28 23:08:16&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}: "URL" = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110511&user_guid=9582EA84DB6E45EEB9C864E4CE06E7B6&machine_id=f161b0b3be456270032942077fe043df&browser=IE&os=win&os_version=6.1-x64-SP0
IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/05/11 15:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 12:59:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/05/11 18:44:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 12:59:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/05/11 13:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Extensions
[2012/06/21 11:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions
[2012/04/28 23:19:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/13 09:16:40 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
[2012/04/29 00:09:01 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\firefox@ghostery.com
[2012/06/21 10:55:02 | 000,000,919 | ---- | M] () -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\searchplugins\conduit.xml
[2011/05/11 13:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/05/11 15:27:25 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\PIXELES LIBRES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CKPNCN01.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
[2012/04/28 23:19:28 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PIXELES LIBRES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CKPNCN01.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/13 08:26:34 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\PIXELES LIBRES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CKPNCN01.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/06/21 12:59:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/28 23:08:12 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/28 23:05:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/28 23:05:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DefaultTab = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\
CHR - Extension: Ghostery = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\3.0.0_0\
CHR - Extension: Gmail = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/06/22 17:00:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ACPW05EN] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89F81B29-6BC8-4668-A49A-114987D904F5}: NameServer = 209.18.47.61,209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/22 20:00:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Pixeles Libres\Desktop\OTL.exe
[2012/06/22 19:57:58 | 000,000,000 | R--D | C] -- C:\Users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/06/22 17:35:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/22 17:33:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/06/22 17:07:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/22 16:53:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/22 16:53:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/22 16:53:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/22 16:53:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 16:52:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 16:40:25 | 004,565,264 | R--- | C] (Swearware) -- C:\Users\Pixeles Libres\Desktop\ComboFix.exe
[2012/06/21 12:40:11 | 004,126,880 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/06/21 12:00:21 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Local\{D27F49F9-BE3D-4E4F-B98D-6336B1909080}
[2012/06/21 12:00:04 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Local\{453FB431-1A0F-418B-AF76-C0F23F9E0BD2}
[2012/06/21 11:27:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Pixeles Libres\Desktop\dds.scr
[2012/06/21 10:57:09 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Local\Macromedia
[2012/06/13 09:18:04 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll
[2012/06/13 09:18:04 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2012/06/13 09:18:03 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2012/06/13 09:18:03 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2012/06/13 09:18:03 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2012/06/13 09:18:03 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2012/06/13 09:18:03 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2012/06/13 09:18:03 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2012/06/13 09:18:03 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2012/06/13 09:18:02 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2012/06/13 09:18:01 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2012/06/13 09:18:01 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2012/06/13 09:18:01 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2012/06/13 09:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2012/06/13 09:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/06/13 08:32:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 08:32:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 08:32:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 08:32:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 08:32:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 08:32:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 08:32:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 08:32:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 08:32:18 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 08:32:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 08:32:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 08:32:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 08:32:17 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 08:31:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 08:31:09 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 08:31:08 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 08:31:08 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/06/13 08:30:57 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 08:30:56 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/06/13 08:30:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 08:30:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 08:30:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 08:30:28 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 08:30:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
========== Files - Modified Within 30 Days ==========
[2012/06/22 20:05:04 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000UA.job
[2012/06/22 20:02:18 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 20:02:18 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 20:01:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Pixeles Libres\Desktop\OTL.exe
[2012/06/22 19:57:52 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2012/06/22 19:56:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/22 19:56:52 | 4276,797,438 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 17:34:33 | 000,001,374 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\Snagit 11.lnk
[2012/06/22 17:00:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/22 16:40:31 | 004,565,264 | R--- | M] (Swearware) -- C:\Users\Pixeles Libres\Desktop\ComboFix.exe
[2012/06/22 16:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/22 16:38:37 | 000,881,475 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\SecurityCheck.exe
[2012/06/21 12:56:21 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2012/06/21 12:40:41 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/21 12:40:40 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/21 12:40:14 | 004,126,880 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/06/21 11:27:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Pixeles Libres\Desktop\dds.scr
[2012/06/21 10:55:32 | 002,296,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/21 10:55:32 | 000,701,608 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/06/21 10:55:32 | 000,625,722 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2012/06/21 10:55:32 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/21 10:55:32 | 000,137,212 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/06/21 10:55:32 | 000,123,890 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2012/06/21 10:55:32 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/13 09:18:05 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2012/06/13 09:14:53 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/06/13 09:11:59 | 000,000,993 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\PotPlayer x64.lnk
[2012/06/13 08:56:31 | 004,973,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 08:50:27 | 000,002,847 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk
[2012/06/13 08:09:53 | 000,002,408 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\Google Chrome.lnk
========== Files Created - No Company Name ==========
[2012/06/22 17:34:33 | 000,001,374 | ---- | C] () -- C:\Users\Pixeles Libres\Desktop\Snagit 11.lnk
[2012/06/22 16:53:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/22 16:53:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/22 16:53:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/22 16:53:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/22 16:53:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 16:38:33 | 000,881,475 | ---- | C] () -- C:\Users\Pixeles Libres\Desktop\SecurityCheck.exe
[2012/06/13 09:18:03 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2012/06/13 09:18:03 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012/06/13 09:18:03 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2012/06/13 09:18:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2012/06/13 09:18:02 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2012/06/13 09:18:02 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2012/06/13 09:18:01 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2012/06/13 09:18:01 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2012/06/13 09:18:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2012/06/13 09:18:01 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2012/06/13 09:14:53 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/06/13 08:50:27 | 000,002,847 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk
[2011/05/11 18:34:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/11 13:13:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/05/11 13:13:47 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/11 13:09:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/10 18:30:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/05/10 18:30:41 | 000,026,612 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/22 13:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/22 13:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
========== Files - Unicode (All) ==========
[2011/11/08 15:09:16 | 000,004,096 | -H-- | M] ()(C:\._?) -- C:\._
[2011/09/12 11:30:41 | 000,004,096 | -H-- | C] ()(C:\._?) -- C:\._
========== Alternate Data Streams ==========
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:8B4F37E5
@Alternate Data Stream - 20 bytes -> C:\Users\Pixeles Libres\Documents\Microsoft.Office.2010.ProfessionalPlus.VL.Edition.x86.and.x64-ZWTiSO:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\TheVolumeSettingsFolder:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\.Trashes:Mac_Metadata
@Alternate Data Stream - 20 bytes -> C:\.TemporaryItems:Mac_Metadata
@Alternate Data Stream - 1330 bytes -> C:\Users\Pixeles Libres\AppData\Local\Temp:GIf3pd5xbNqwedaxFi2fNzfr4zX18
@Alternate Data Stream - 108 bytes -> C:\Windows:
< End of report >
-
Hello, Gringo.
Thank you very much for your willingness to help me. I carefully followed your instructions and there were no problems during the processes. ComboFix rebooted my computer once, and then it gave me the log file. Unfortunately, I still have the damn WhiteSmoke toolbar on Firefox. Except for what I just mentioned, computer seems to behave normally. Here are my my logs:
Security Check
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET NOD32 Antivirus 4.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Firefox (13.0.1)
Google Chrome 18.0.1025.162
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````
___________________________________________________________________
Combofix Log:
ComboFix 12-06-21.03 - Pixeles Libres 06/22/2012 16:53:48.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.14458 [GMT -6:00]
Running from: c:\users\Pixeles Libres\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\btn-msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\chevronButton.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\images\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\Pixeles Libres\AppData\Local\assembly\tmp
c:\windows\neoqaz2.dll
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Toolbar Updater Service
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-21 18:40 . 2012-06-21 18:40 4126880 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-21 16:57 . 2012-06-21 16:57 -------- d-----w- c:\users\Pixeles Libres\AppData\Local\Macromedia
2012-06-13 15:17 . 2012-06-13 15:17 -------- d-----w- c:\program files (x86)\DefaultTab
2012-06-13 14:34 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A209EA0-1699-4C59-B108-C882B9841ABB}\mpengine.dll
2012-06-13 14:31 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-13 14:31 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 14:31 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 14:31 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 14:31 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-06-13 14:31 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-13 14:28 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-13 14:26 . 2012-06-13 14:26 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 14:26 . 2012-06-13 14:26 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 18:40 . 2012-04-29 06:23 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-21 18:40 . 2011-05-22 04:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2006-05-03 18:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 19:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 21:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ACPW05EN"="c:\program files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-17 822384]
.
c:\users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-5-21 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-05-18 563200]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 257696]
R3 ALSysIO;ALSysIO;c:\users\PIXELE~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-07-20 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 149504]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 19:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 18:41]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000Core.job
- c:\users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 21:24]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000UA.job
- c:\users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 21:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 193536]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 146432]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF18463.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.daum.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: Interfaces\{89F81B29-6BC8-4668-A49A-114987D904F5}: NameServer = 209.18.47.61,209.18.47.62
FF - ProfilePath - c:\users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.032"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.apd"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.arw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bay"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cel"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cs1"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcx"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djv"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djvu"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fff"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.flc"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fli"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fpx"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icn"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iff"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ilbm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.int"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.inta"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iw4"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2c"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2k"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jbr"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jfif"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jif"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jp2"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpc"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpe"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpeg"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Jpeg"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpk"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpx"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.kar"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.kdc"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.lbm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.m15"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
@Denied: (2) (LocalSystem)
"Progid"="PotPlayer64.M1A"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
@Denied: (2) (LocalSystem)
"Progid"="PotPlayer64.M2A"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.m75"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mef"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mos"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mpv"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nrw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbr"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pcx"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pgm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pics"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pix"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ppm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.psp"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspbrush"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspimage"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.qcp"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.qtpf"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ras"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.raw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgb"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgba"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rsb"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rw2"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rwl"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sdv"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sfil"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sgi"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.smf"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.smil"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sml"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sr2"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srf"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.swa"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.thm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tif"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tiff"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tsdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tsdr"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ulw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40po"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40pp"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40ppf"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50po"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50pp"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50ppf"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.vfw"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbmp"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xbm"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xif"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)
"Progid"="ACDSee Pro 5.xmp"
.
[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-06-22 17:07:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 23:07
.
Pre-Run: 13,060,308,992 bytes free
Post-Run: 11,962,896,384 bytes free
.
- - End Of File - - B9DFA5D25B40F121D58634FF7AFF17A1
I hope ComboFix was not our last resource to get rid of that virus/malware. Please let me know what else I can do. Thanks in advance.
-
Hello.
As a few other members here, I downloaded the video conversion software Super, and ended up with the Whitesmoke toolbar on Firefox, and looks like on Chrome too. I do not see it listed under add/remove programs in Windows, nor does Revo Uninstaller detects it. A Google search brought me to this forum, so I'm kindly asking for any help that would make me get rid of this thing. I'm creating this topic as suggested by the administrators.
Here are my DDS results:
DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Pixeles Libres at 11:34:25 on 2012-06-21
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.13610 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.daum.net/
uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s
mWinlogon: Userinit=userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: StartNowToolbarHelper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - StartNow Toolbar Helper
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [<NO NAME>]
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
StartupFolder: C:\Users\PIXELE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: Interfaces\{89F81B29-6BC8-4668-A49A-114987D904F5} : NameServer = 209.18.47.61,209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {6E13D095-45C3-4271-9475-F3B48227DD9F} - StartNow Toolbar Helper
BHO-X64: StartNowToolbarHelper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [(Default)]
mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?]
R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-10 13336]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-7-20 205312]
R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-8 149504]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-5-18 563200]
S2 Toolbar Updater Service;Toolbar Updater Service;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-29 257224]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-06-21 16:57:09 -------- d-----w- C:\Users\Pixeles Libres\AppData\Local\Macromedia
2012-06-13 15:17:15 -------- d-----w- C:\Program Files (x86)\DefaultTab
2012-06-13 14:34:31 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A209EA0-1699-4C59-B108-C882B9841ABB}\mpengine.dll
2012-06-13 14:31:39 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-13 14:31:14 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 14:31:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 14:31:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 14:31:08 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-06-13 14:31:07 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-06-13 14:28:21 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-13 14:26:28 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 14:26:28 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-06-13 14:57:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 14:57:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2006-05-03 18:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 19:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 21:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-07 06:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 11:34:59.24 ===============
Attatch
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume7
Install Date: 5/11/2011 1:08:04 AM
System Uptime: 6/21/2012 10:48:51 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8P67 PRO
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz | LGA1155 | 1598/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 10.058 GiB free.
D: is FIXED (HFSJ) - 924 GiB total, 65.962 GiB free.
E: is FIXED (HFSJ) - 931 GiB total, 88.521 GiB free.
F: is CDROM ()
H: is Removable
I: is CDROM ()
J: is Removable
K: is Removable
L: is Removable
M: is FIXED (HFSJ) - 931 GiB total, 86.877 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP68: 6/13/2012 8:31:42 AM - Windows Update
RP69: 6/13/2012 8:49:35 AM - Installed ACDSee Pro 5.
.
==== Installed Programs ======================
.
ACDSee Pro 4
ACDSee Pro 5
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Story
Adobe Widget Browser
Advertising Center
Apple Application Support
Apple Software Update
AudioShell 1.3.5
AVI ReComp 1.5.3
AviSynth 2.5
CameraBag 1.5
Camtasia Studio 7
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
DefaultTab Chrome
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
FormatFactory 2.60
GOM Player
Google Chrome
HydraVision
ImagXpress
Intel® Rapid Storage Technology
IrfanView (remove only)
JMicron JMB36X Driver
K-Lite Codec Pack 7.1.0 (Full)
LightScribe System Software
MagicDisc 2.7.106
marvell 91xx console driver
Menu Templates - Starter Kit
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Morrowind
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero Express Help
Nero Installer
Nero Online Upgrade
Nero StartSmart OEM
NeroExpress
PDF Settings CS5
Pidgin
PxMergeModule
QuickTime
RAR Password Recovery Magic v6.1.1.393
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Snagit 10.0.1
StartNow Toolbar 2.0
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51
The KMPlayer (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 2.0.1
VobSub 2.23
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xilisoft Video Converter Ultimate 6
Xvid 1.3.0
Zip Repair Pro
.
==== Event Viewer Messages From Past Week ========
.
6/21/2012 4:51:35 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
6/21/2012 4:51:07 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
.
==== End Of File ===========================
Thanks in advance.
. I find it odd that I haven't come acorss any authentic discussions about this malware anywhere online. But I'm confident you will find a way to get rid of this evil thing. Thanks again for all your time and efforts, Gringo.
Yet another Whitesmoke infected user
in Resolved Malware Removal Logs
Posted
Hi, Gringo.
Upon running the delfile.bat file, there was a message in the command line that read something like "Could not find the file directory that was specified". When I saw this, I came back to FF to let you know. A couple of seconds later the window had disappeared, and the bat file was gone from my desktop. Not sure if this is something that I should be concerned about or not. All other tasks in your post were executed as you instructed.
I can't thank you enough for all the incredible help you've provided. You are a good man, Gringo, and you know your stuff very well. My hat goes off to you.
I just want to ask you one more thing, if you don't mind. In your post you mention Microsoft Security Essentials. As you know, I currently use ESET NOD32 Antivirus. Would it be wise for me to switch to MSE and get rid of ESET? Would that just be a matter of preference, or does one do a better job than the other? Thanks again.