Jump to content

shma

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sorry for the late reply. All steps were completed without any problems. Thanks for your help!
  2. Yes, here is the OTM log All processes killed ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Peter\Desktop\cmd.bat deleted successfully. C:\Users\Peter\Desktop\cmd.txt deleted successfully. DllUnregisterServer procedure not found in C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll moved successfully. C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe moved successfully. C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll moved successfully. C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll moved successfully. C:\ProgramData\3Q9JXFJB.exe moved successfully. C:\Users\Peter\Desktop\Peter\kmd.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56466 bytes User: Default User User: Peter ->Temp folder emptied: 204406 bytes ->Temporary Internet Files folder emptied: 2719754775 bytes ->Java cache emptied: 20864 bytes ->FireFox cache emptied: 457499922 bytes ->Google Chrome cache emptied: 357223197 bytes ->Flash cache emptied: 187285 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes RecycleBin emptied: 3380 bytes Total Files Cleaned = 3,371.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 02092013_091945 Files moved on Reboot... C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot...
  3. All steps ran smoothly except for the java update. java.com indicated that Version 6 Update 39 is the current recommended version.
  4. Apologies, I did not post the ESET results C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files (x86)\Common Files\DVDVideoSoft\AskTB\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle application C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle application C:\ProgramData\3Q9JXFJB.exe Win32/TrojanDownloader.Banload.RPU trojan C:\Qoobox\Quarantine\C\ProgramData\mSzs5qRVsQg9.cpl.vir Win32/Delf.QWY trojan C:\Qoobox\Quarantine\C\ProgramData\XP5M3KXJL.cpl.vir a variant of Win32/Injector.YLT trojan C:\Qoobox\Quarantine\C\ProgramData\KghaixG\IuevfhT\AegocuH.exe.vir Win32/TrojanDownloader.Banload.RPU trojan C:\Users\Peter\Desktop\Peter\kmd.exe a variant of Win32/Adware.Kazaa.A application
  5. I have run the three programs you indicated. ESET scan found several trojans Here are the log files: Combofix ComboFix 13-02-07.02 - Peter 08/02/2013 18:40:36.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6143.5066 [GMT -5:00] Running from: c:\users\Peter\Desktop\ComboFix.exe Command switches used :: c:\users\Peter\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-01-08 to 2013-02-08 ))))))))))))))))))))))))))))))) . . 2013-02-08 23:45 . 2013-02-08 23:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-08 14:31 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2DA1267-547F-4152-A478-4FC1ACFD66AC}\mpengine.dll 2013-01-21 00:53 . 2013-01-21 00:53 -------- d-----w- c:\users\Peter\AppData\Local\Remove_Empty_Directories 2013-01-21 00:52 . 2013-01-21 00:52 -------- d-----w- c:\program files (x86)\Remove Empty Directories 2013-01-19 20:11 . 2013-01-19 20:11 -------- d-----w- c:\program files\LizardTech 2013-01-17 14:29 . 2013-01-17 14:29 -------- d-----w- c:\users\Peter\AppData\Local\Programs 2013-01-15 15:25 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll 2013-01-13 18:43 . 2013-01-13 18:43 -------- d-----w- c:\users\Peter\AppData\Roaming\ChaosPro 2013-01-13 18:43 . 2013-01-13 18:51 -------- d-----w- c:\users\Peter\AppData\Roaming\ChaosPro 4.0 2013-01-13 18:43 . 2013-01-13 18:46 -------- d-----w- c:\program files (x86)\ChaosPro 4.0 2013-01-11 03:47 . 2013-01-11 03:47 -------- d-----w- c:\windows\SysWow64\Fireplace by PES dir 2013-01-11 03:47 . 2013-01-11 03:47 520192 ----a-w- c:\windows\SysWow64\Fireplace by PES.scr . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-08 00:48 . 2012-05-23 00:03 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-08 00:48 . 2012-03-12 02:49 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-17 06:28 . 2011-06-01 17:26 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-15 21:56 . 2012-06-21 21:56 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-01-15 21:56 . 2011-06-01 13:05 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-10 05:46 . 2011-06-01 18:32 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-16 17:11 . 2012-12-21 05:41 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 05:41 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 05:41 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 05:41 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 21:49 . 2011-06-01 12:38 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 13:20 . 2013-01-09 12:54 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 12:54 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 12:54 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 12:54 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 12:54 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 12:54 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 12:54 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 12:54 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 12:54 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 12:54 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 12:54 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 12:54 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 12:54 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 12:54 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 12:54 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 12:54 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 12:54 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-09 12:54 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 12:54 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-09 12:54 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-09 12:54 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 12:54 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 12:54 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 12:54 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-09 12:54 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 12:54 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-09 12:54 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-09 12:54 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-09 12:54 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-09 12:54 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-09 12:54 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 10:46 . 2013-01-09 12:54 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2012-11-30 05:45 . 2013-01-09 12:54 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-11-30 05:45 . 2013-01-09 12:54 243200 ----a-w- c:\windows\system32\wow64.dll 2012-11-30 05:45 . 2013-01-09 12:54 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-11-30 05:45 . 2013-01-09 12:54 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-11-30 05:43 . 2013-01-09 12:54 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-11-30 05:41 . 2013-01-09 12:54 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 05:41 . 2013-01-09 12:54 1161216 ----a-w- c:\windows\system32\kernel32.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-30 04:54 . 2013-01-09 12:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-11-30 04:53 . 2013-01-09 12:54 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-11-30 04:45 . 2013-01-09 12:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-13 1354736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512] . c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2010-01-19 23536] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-01 1255736] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-13 202752] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 13:51 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 00:48] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 04:02] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 04:02] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2948383268-4287108767-1354885317-1000Core.job - c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-21 01:33] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2948383268-4287108767-1354885317-1000UA.job - c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-21 01:33] . 2013-02-07 c:\windows\Tasks\HPCeeScheduleForPeter.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Free YouTube to MP3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.254 192.168.0.1 FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\ FF - prefs.js: browser.startup.homepage - google.ca FF - ExtSQL: 2013-01-14 23:51; {b749fc7c-e949-447f-926c-3f4eed6accfe}; c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi FF - ExtSQL: 2013-02-03 10:59; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Fireplace by PES - c:\windows\system32\Fireplace by PES.scr AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0] "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\06\03\01\0c\1d2?" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-08 18:47:00 ComboFix-quarantined-files.txt 2013-02-08 23:46 ComboFix2.txt 2013-02-08 16:13 . Pre-Run: 572,015,329,280 bytes free Post-Run: 571,961,135,104 bytes free . - - End Of File - - BBE330C6561C5C3304518E239B46AD50 ESET ComboFix 13-02-07.02 - Peter 08/02/2013 18:40:36.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6143.5066 [GMT -5:00] Running from: c:\users\Peter\Desktop\ComboFix.exe Command switches used :: c:\users\Peter\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-01-08 to 2013-02-08 ))))))))))))))))))))))))))))))) . . 2013-02-08 23:45 . 2013-02-08 23:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-08 14:31 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2DA1267-547F-4152-A478-4FC1ACFD66AC}\mpengine.dll 2013-01-21 00:53 . 2013-01-21 00:53 -------- d-----w- c:\users\Peter\AppData\Local\Remove_Empty_Directories 2013-01-21 00:52 . 2013-01-21 00:52 -------- d-----w- c:\program files (x86)\Remove Empty Directories 2013-01-19 20:11 . 2013-01-19 20:11 -------- d-----w- c:\program files\LizardTech 2013-01-17 14:29 . 2013-01-17 14:29 -------- d-----w- c:\users\Peter\AppData\Local\Programs 2013-01-15 15:25 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll 2013-01-13 18:43 . 2013-01-13 18:43 -------- d-----w- c:\users\Peter\AppData\Roaming\ChaosPro 2013-01-13 18:43 . 2013-01-13 18:51 -------- d-----w- c:\users\Peter\AppData\Roaming\ChaosPro 4.0 2013-01-13 18:43 . 2013-01-13 18:46 -------- d-----w- c:\program files (x86)\ChaosPro 4.0 2013-01-11 03:47 . 2013-01-11 03:47 -------- d-----w- c:\windows\SysWow64\Fireplace by PES dir 2013-01-11 03:47 . 2013-01-11 03:47 520192 ----a-w- c:\windows\SysWow64\Fireplace by PES.scr . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-08 00:48 . 2012-05-23 00:03 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-08 00:48 . 2012-03-12 02:49 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-17 06:28 . 2011-06-01 17:26 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-15 21:56 . 2012-06-21 21:56 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-01-15 21:56 . 2011-06-01 13:05 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-10 05:46 . 2011-06-01 18:32 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-16 17:11 . 2012-12-21 05:41 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 05:41 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 05:41 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 05:41 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 21:49 . 2011-06-01 12:38 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 13:20 . 2013-01-09 12:54 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 12:54 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 12:54 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 12:54 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 12:54 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 12:54 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 12:54 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 12:54 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 12:54 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 12:54 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 12:54 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 12:54 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 12:54 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 12:54 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 12:54 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 12:54 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 12:54 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-09 12:54 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 12:54 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-09 12:54 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-09 12:54 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 12:54 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 12:54 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 12:54 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-09 12:54 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 12:54 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-09 12:54 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-09 12:54 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-09 12:54 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-09 12:54 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-09 12:54 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 10:46 . 2013-01-09 12:54 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2012-11-30 05:45 . 2013-01-09 12:54 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-11-30 05:45 . 2013-01-09 12:54 243200 ----a-w- c:\windows\system32\wow64.dll 2012-11-30 05:45 . 2013-01-09 12:54 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-11-30 05:45 . 2013-01-09 12:54 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-11-30 05:43 . 2013-01-09 12:54 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-11-30 05:41 . 2013-01-09 12:54 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 05:41 . 2013-01-09 12:54 1161216 ----a-w- c:\windows\system32\kernel32.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-30 04:54 . 2013-01-09 12:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-11-30 04:53 . 2013-01-09 12:54 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-11-30 04:45 . 2013-01-09 12:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-13 1354736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512] . c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2010-01-19 23536] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-01 1255736] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-13 202752] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 13:51 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 00:48] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 04:02] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 04:02] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2948383268-4287108767-1354885317-1000Core.job - c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-21 01:33] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2948383268-4287108767-1354885317-1000UA.job - c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-21 01:33] . 2013-02-07 c:\windows\Tasks\HPCeeScheduleForPeter.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Free YouTube to MP3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.254 192.168.0.1 FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\ FF - prefs.js: browser.startup.homepage - google.ca FF - ExtSQL: 2013-01-14 23:51; {b749fc7c-e949-447f-926c-3f4eed6accfe}; c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi FF - ExtSQL: 2013-02-03 10:59; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Fireplace by PES - c:\windows\system32\Fireplace by PES.scr AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0] "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\06\03\01\0c\1d2?" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-08 18:47:00 ComboFix-quarantined-files.txt 2013-02-08 23:46 ComboFix2.txt 2013-02-08 16:13 . Pre-Run: 572,015,329,280 bytes free Post-Run: 571,961,135,104 bytes free . - - End Of File - - BBE330C6561C5C3304518E239B46AD50 SecurityCheck Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 39 Java version out of Date! Adobe Flash Player 11.5.502.149 Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (18.0.2) Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  6. I ran both programs. One of the folders deleted was c:\users\%USERNAME%\WINDOWS. Is this normal? Here is the adwcleaner file: # AdwCleaner v2.111 - Logfile created 02/08/2013 at 10:53:35 # Updated 05/02/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Peter - PAUSE # Boot Mode : Normal # Running from : C:\Users\Peter\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : WajamUpdater ***** [Files / Folders] ***** File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Folder Deleted : C:\Program Files (x86)\Wajam Folder Deleted : C:\Users\Peter\AppData\Local\Temp\boost_interprocess Folder Deleted : C:\Users\Peter\AppData\Local\Wajam Folder Deleted : C:\Users\Peter\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam Folder Deleted : C:\Users\Peter\AppData\Roaming\pdfforge Folder Deleted : C:\Windows\SysWOW64\TempDir ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKCU\Software\Wajam Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Key Deleted : HKLM\Software\Wajam Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Key Deleted : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.2 (en-US) File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\prefs.js Deleted : user_pref("extensions.enabledAddons", "background%40toggle.wtf:0.15,DivXWebPlayer%40divx.com:2.0.2.0[...] -\\ Google Chrome v24.0.1312.57 File : C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [3486 octets] - [08/02/2013 10:53:35] ########## EOF - C:\AdwCleaner[s1].txt - [3546 octets] ########## And here is the Combofix file: ComboFix 13-02-07.02 - Peter 08/02/2013 11:03:05.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6143.4699 [GMT -5:00] Running from: c:\users\Peter\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\653a5e3e7f8c0822634e838fbfb3b59ac90dff6a c:\programdata\G70w7kgNUEbB.exe c:\programdata\KghaixG c:\programdata\KghaixG\IuevfhT\AegocuH.exe c:\programdata\KghaixG\IuevfhT\AegocuH.exe.bmp c:\programdata\KghaixG\PychmrI\icon6.ico c:\programdata\KghaixG\PychmrI\icon8.ico c:\programdata\KghaixG\PychmrI\img6l.bmp c:\programdata\KghaixG\PychmrI\img6r.bmp c:\programdata\KghaixG\PychmrI\img8l.bmp c:\programdata\KghaixG\PychmrI\img8r.bmp c:\programdata\KghaixG\PychmrI\it001.html c:\programdata\KghaixG\PychmrI\it002.html c:\programdata\KghaixG\PychmrI\it003.html c:\programdata\KghaixG\RkbltqY\005-md1 c:\programdata\KghaixG\RkbltqY\005-md2 c:\programdata\KghaixG\RkbltqY\005-md3 c:\programdata\KghaixG\RkbltqY\005-md4 c:\programdata\KghaixG\RkbltqY\005-md5 c:\programdata\KghaixG\RkbltqY\007-md1 c:\programdata\KghaixG\RkbltqY\007-md2 c:\programdata\KghaixG\RkbltqY\007-md3 c:\programdata\KghaixG\RkbltqY\007-md4 c:\programdata\KghaixG\RkbltqY\007-md5 c:\programdata\KghaixG\RkbltqY\007-md6 c:\programdata\KghaixG\RkbltqY\AovkesD c:\programdata\KghaixG\RkbltqY\BskpeyT c:\programdata\KghaixG\RkbltqY\CmaqqeX c:\programdata\KghaixG\RkbltqY\EedwtlP c:\programdata\KghaixG\RkbltqY\GkaitmB c:\programdata\KghaixG\RkbltqY\LhhimnQ c:\programdata\KghaixG\RkbltqY\md1-02-md1 c:\programdata\KghaixG\RkbltqY\md1.bmp c:\programdata\KghaixG\RkbltqY\md2-02-md2 c:\programdata\KghaixG\RkbltqY\md2.bmp c:\programdata\KghaixG\RkbltqY\md3-02-md3 c:\programdata\KghaixG\RkbltqY\md3.bmp c:\programdata\KghaixG\RkbltqY\md4-02-md4 c:\programdata\KghaixG\RkbltqY\md4.bmp c:\programdata\KghaixG\RkbltqY\md5-02-md5 c:\programdata\KghaixG\RkbltqY\md5.bmp c:\programdata\KghaixG\RkbltqY\md6.bmp c:\programdata\KghaixG\RkbltqY\RgphdiC c:\programdata\KghaixG\RkbltqY\UuhiqgX c:\programdata\KghaixG\RkbltqY\WrcenrC c:\programdata\KghaixG\RkbltqY\YyybqmH c:\programdata\mSzs5qRVsQg9.cpl c:\programdata\WLSetup c:\programdata\XP5M3KXJL.cpl c:\users\Peter\WINDOWS c:\windows\SysWow64\office.exe . . ((((((((((((((((((((((((( Files Created from 2013-01-08 to 2013-02-08 ))))))))))))))))))))))))))))))) . . 2013-02-08 16:11 . 2013-02-08 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-08 14:31 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2DA1267-547F-4152-A478-4FC1ACFD66AC}\mpengine.dll 2013-01-21 00:53 . 2013-01-21 00:53 -------- d-----w- c:\users\Peter\AppData\Local\Remove_Empty_Directories 2013-01-21 00:52 . 2013-01-21 00:52 -------- d-----w- c:\program files (x86)\Remove Empty Directories 2013-01-19 20:11 . 2013-01-19 20:11 -------- d-----w- c:\program files\LizardTech 2013-01-17 14:29 . 2013-01-17 14:29 -------- d-----w- c:\users\Peter\AppData\Local\Programs 2013-01-15 15:25 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll 2013-01-13 18:43 . 2013-01-13 18:43 -------- d-----w- c:\users\Peter\AppData\Roaming\ChaosPro 2013-01-13 18:43 . 2013-01-13 18:51 -------- d-----w- c:\users\Peter\AppData\Roaming\ChaosPro 4.0 2013-01-13 18:43 . 2013-01-13 18:46 -------- d-----w- c:\program files (x86)\ChaosPro 4.0 2013-01-11 03:47 . 2013-01-11 03:47 -------- d-----w- c:\windows\SysWow64\Fireplace by PES dir 2013-01-11 03:47 . 2013-01-11 03:47 520192 ----a-w- c:\windows\SysWow64\Fireplace by PES.scr . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-08 00:48 . 2012-05-23 00:03 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-08 00:48 . 2012-03-12 02:49 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-17 06:28 . 2011-06-01 17:26 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-15 21:56 . 2012-06-21 21:56 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-01-15 21:56 . 2011-06-01 13:05 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-10 05:46 . 2011-06-01 18:32 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-16 17:11 . 2012-12-21 05:41 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 05:41 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 05:41 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 05:41 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 21:49 . 2011-06-01 12:38 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 13:20 . 2013-01-09 12:54 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 12:54 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 12:54 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 12:54 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 12:54 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 12:54 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 12:54 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 12:54 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 12:54 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 12:54 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 12:54 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 12:54 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 12:54 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 12:54 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 12:54 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 12:54 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 12:54 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-09 12:54 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 12:54 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-09 12:54 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-09 12:54 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 12:54 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 12:54 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 12:54 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-09 12:54 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 12:54 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-09 12:54 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-09 12:54 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-09 12:54 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-09 12:54 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-09 12:54 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 10:46 . 2013-01-09 12:54 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2012-11-30 05:45 . 2013-01-09 12:54 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-11-30 05:45 . 2013-01-09 12:54 243200 ----a-w- c:\windows\system32\wow64.dll 2012-11-30 05:45 . 2013-01-09 12:54 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-11-30 05:45 . 2013-01-09 12:54 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-11-30 05:43 . 2013-01-09 12:54 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-11-30 05:41 . 2013-01-09 12:54 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 05:41 . 2013-01-09 12:54 1161216 ----a-w- c:\windows\system32\kernel32.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-30 04:54 . 2013-01-09 12:54 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-11-30 04:53 . 2013-01-09 12:54 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-11-30 04:45 . 2013-01-09 12:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 12:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-13 1354736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512] . c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2010-01-19 23536] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-01 1255736] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-13 202752] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 13:51 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 00:48] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 04:02] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 04:02] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2948383268-4287108767-1354885317-1000Core.job - c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-21 01:33] . 2013-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2948383268-4287108767-1354885317-1000UA.job - c:\users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-21 01:33] . 2013-02-07 c:\windows\Tasks\HPCeeScheduleForPeter.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Free YouTube to MP3 Converter - c:\users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.254 192.168.0.1 FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\ FF - prefs.js: browser.startup.homepage - google.ca FF - ExtSQL: 2013-01-14 23:51; {b749fc7c-e949-447f-926c-3f4eed6accfe}; c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi FF - ExtSQL: 2013-02-03 10:59; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AegocuH - c:\programdata\KghaixG\IuevfhT\AegocuH.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Fireplace by PES - c:\windows\system32\Fireplace by PES.scr AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe AddRemove-JScreenFix - c:\windows\system32\javaws.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0] "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\06\03\01\0c\1d2?" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-02-08 11:13:56 ComboFix-quarantined-files.txt 2013-02-08 16:13 . Pre-Run: 569,415,462,912 bytes free Post-Run: 572,195,954,688 bytes free . - - End Of File - - 374C4E26B928C5249115935A4903B950
  7. Hello, I have tried several times to erase Malware.Trace using Malwarebytes, but it reappears every time I reboot. Here are my dds log files: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_39 Run by Peter at 22:15:14 on 2013-02-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6143.4684 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files\Microsoft LifeChat\LifeChat.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files (x86)\Steam\Steam.exe C:\ProgramData\KghaixG\IuevfhT\AegocuH.exe C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe C:\Program Files (x86)\Vuze\Azureus.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.ca/ uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.dell.ca/myway mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [Google Update] "C:\Users\Peter\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [AegocuH] c:\ProgramData\KghaixG\IuevfhT\AegocuH.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW StartupFolder: C:\Users\Peter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Peter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Free YouTube to MP3 Converter - C:\Users\Peter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://biz.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab TCP: NameServer = 192.168.1.254 192.168.0.1 TCP: Interfaces\{EE8C4E38-A28F-4B3D-9470-2A76FE4F3598} : DHCPNameServer = 192.168.1.254 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe x64-Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\ FF - prefs.js: browser.startup.homepage - google.ca FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Users\Peter\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Peter\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Peter\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-01-14 23:51; {b749fc7c-e949-447f-926c-3f4eed6accfe}; C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\mrjyhhsz.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi FF - ExtSQL: 2013-02-03 10:59; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-31 202752] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-28 398184] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-6-1 24176] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-31 346144] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-28 682344] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2010-1-19 23536] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-2 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736] S3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-10-5 109064] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-1 1255736] . =============== Created Last 30 ================ . 2013-02-05 15:35:57 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E467CD64-2712-462D-809C-60DB415F067A}\offreg.dll 2013-02-05 14:26:31 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E467CD64-2712-462D-809C-60DB415F067A}\mpengine.dll 2013-01-21 00:53:47 -------- d-----w- C:\Users\Peter\AppData\Local\Remove_Empty_Directories 2013-01-21 00:52:48 -------- d-----w- C:\Program Files (x86)\Remove Empty Directories 2013-01-21 00:52:19 -------- d-----w- C:\Users\Peter\AppData\Local\Wajam 2013-01-21 00:52:18 -------- d-----w- C:\Program Files (x86)\Wajam 2013-01-19 20:11:50 -------- d-----w- C:\Program Files\LizardTech 2013-01-17 14:29:41 -------- d-----w- C:\Users\Peter\AppData\Local\Programs 2013-01-13 18:43:12 -------- d-----w- C:\Users\Peter\AppData\Roaming\ChaosPro 2013-01-13 18:43:05 -------- d-----w- C:\Users\Peter\AppData\Roaming\ChaosPro 4.0 2013-01-13 18:43:05 -------- d-----w- C:\Program Files (x86)\ChaosPro 4.0 2013-01-11 03:47:30 520192 ----a-w- C:\Windows\SysWow64\Fireplace by PES.scr 2013-01-11 03:47:30 -------- d-----w- C:\Windows\SysWow64\Fireplace by PES dir . ==================== Find3M ==================== . 2013-02-08 00:48:34 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-08 00:48:34 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe 2013-01-15 21:56:10 477616 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-01-15 21:56:07 473520 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-13 20:29:04 354216 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl 2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 22:16:07.59 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 31/05/2011 8:44:04 PM System Uptime: 07/02/2013 12:34:19 PM (10 hours ago) . Motherboard: PEGATRON CORPORATION | | 2A94 Processor: Intel® Core2 Quad CPU Q8300 @ 2.50GHz | CPU 1 | 1999/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 920 GiB total, 530.707 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.385 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP191: 22/01/2013 9:08:09 AM - Windows Update RP192: 29/01/2013 9:40:31 AM - Windows Update RP193: 31/01/2013 11:45:01 PM - Installed DirectX RP194: 03/02/2013 10:58:07 AM - Installed Java 6 Update 39 RP195: 05/02/2013 9:25:13 AM - Windows Update . ==== Installed Programs ====================== . AaAaAA!!! - A Reckless Disregard for Gravity AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.5) Adobe Shockwave Player 11.6 AES Crypt Agatha Christie - Death on the Nile Amnesia: The Dark Descent And Yet It Moves Antichamber Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager Atom Zombie Smasher Audacity 1.3.13 (Unicode) Audiosurf Avidemux 2.5 Bastion Batman: Arkham Asylum GOTY Edition Bejeweled 2 Deluxe Blackhawk Striker 2 Blasterball 3 Bonjour Braid Bus Driver Castle Crashers Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish ChaosPro Chuzzle Deluxe Cisco Connect Cogs Combined Community Codec Pack 2010-10-10 Comical 0.8 Compatibility Pack for the 2007 Office system Crayon Physics Deluxe CyberLink DVD Suite Deluxe D3DX10 Dear Esther DivX Setup Dora's Carnival Adventure Dota 2 Dropbox DVD Menu Pack for HP MediaSmart Video Eraser 6.0.10.2620 Escape Rosecliff Island Faerie Solitaire FATE Fireplace by PES Screen Saver Fractal Fraps Free Audio CD Burner version 1.4.8 Free YouTube to MP3 Converter version 3.11.34.1015 Full Tilt Poker Gambit gedit 2.30.1 GIMP 2.6.12-2 Google Chrome Google Talk Plugin Google Update Helper GPL Ghostscript Hammerfight Hardware Diagnostic Tools Hewlett-Packard ACLM.NET v1.1.1.0 HP Advisor HP Customer Experience Enhancements HP Game Console HP Games HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart SmartMenu HP MediaSmart Video HP Odometer HP Setup HP Support Assistant HP Support Information HP Update HydraVision iTunes Java Auto Updater Java 6 Update 39 Jewel Quest 3 JScreenFix KLatexFormula 3.2.4 L.A. Noire: The Complete Edition LabelPrint LAME v3.98.3 for Audacity LightScribe System Software LIMBO LizardTech DjVu Control (autoinstall) LPSolve IDE 5.5.2.0 Machinarium Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft LifeChat Microsoft Office Home and Student 60 day trial Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Works Microsoft XNA Framework Redistributable 3.1 MiKTeX 2.9 Mirror's Edge Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 18.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) My Game Long Name Norton Online Backup Notepad++ NVIDIA PhysX office Convert Pdf to Jpg Jpeg Tiff Free 6.5 OpenAL OpenOffice.org 3.3 Osmos PDFCreator pdfsam Penguins! PhotoNow! Pidgin Plants vs. Zombies Plants vs. Zombies: Game of the Year PlayReady PC Runtime amd64 Poker Superstars III PokerStars Polar Bowler Polar Golfer Portal Portal 2 Power2Go PowerDirector Psychonauts Python 3.2.3 Q.U.B.E. QuickTime Rampant Logic Postscript Viewer 1.1 Realtek High Definition Audio Driver Recovery Manager Remove Empty Directories version 2.2 Revenge of the Titans Rockstar Games Social Club Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) SEGA Genesis & Mega Drive Classics Skype Click to Call Skype™ 5.10 Sonic Generations Steam Steel Storm: Burning Retribution Super Meat Boy v1.5 Superbrothers: Sword & Sworcery EP swMSM TeXworks 0.4.3 The Binding Of Isaac The Photographer's Ephemeris To the Moon Trine Trine 2 Uninstall 1.0.0.1 Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VC80CRTRedist - 8.0.50727.6195 Ventrilo Client Virtual Families Virtual Villagers - The Secret City VLC media player 1.1.9 Vuze VVVVVV Wajam Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Player Firefox Plugin WinRAR 4.01 (64-bit) WinSCP 4.3.5 World of Goo Yahoo! Detect Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 05/02/2013 6:21:44 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.