Jump to content

Google Search Redirect Virus Help


Recommended Posts

Hello.

I have a redirect virus that I cannot seem to resolve. Would someone be able to help me with some suggestions?

I have run: Malwarebytes, SuperAntiSpyware, and TDSSKiller. I had some viruses that were removed and TDSSKiller did not indicate any viruses.

Thank you very much.

Blessings!

Pat

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

 

 

 

 

I need to get some reports to get a base to start from so I need you to run these programs first.

 

-DeFogger-

  • Please download
DeFogger to your desktop.
Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

 

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:
    dds_scr.gif
    Download DDS and save it to your desktop
Link1
Link2
Link3
 
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt

    [*]A window will open instructing you save & post the logs

    [*]Save the logs to a convenient place such as your desktop

    [*]Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following
  1. both reports from DDS
  2. report from security check
  3. let me know of any problems you may have had

Gringo

 

 

Link to post
Share on other sites

Hello Gringo.

Here is the log from Security Check

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

CloudCare

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

McAfee SiteAdvisor

Malwarebytes Anti-Malware version 1.70.0.1100

JavaFX 2.1.0

Java 7 Update 4

Java version out of Date!

Adobe Flash Player 11.5.502.135

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox (17.0.1)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 5%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Here is the Attach.txt file

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/18/2011 10:40:24 PM

System Uptime: 1/8/2013 6:25:45 AM (13 hours ago)

.

Motherboard: LENOVO | | KL3

Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU | 2001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 653 GiB total, 426.835 GiB free.

D: is FIXED (NTFS) - 31 GiB total, 28.554 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&32957CDB&0&00AA702F3736_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\8&32957CDB&0&00AA702F3736_C00000000

Service:

.

==== System Restore Points ===================

.

RP181: 12/17/2012 3:00:12 AM - Windows Update

RP182: 12/18/2012 3:00:12 AM - Windows Update

RP183: 12/21/2012 9:29:04 AM - Windows Update

RP184: 12/22/2012 3:00:11 AM - Windows Update

RP185: 12/25/2012 8:06:55 AM - Windows Update

RP186: 12/28/2012 4:46:13 PM - Windows Update

RP187: 12/29/2012 12:18:56 PM - Removed Facebook Video Calling 1.2.0.287

RP188: 1/1/2013 2:40:07 AM - Windows Update

RP190: 1/1/2013 9:55:56 PM - Install LG UNITED Drivers

RP191: 1/4/2013 11:46:18 AM - Windows Update

.

==== Installed Programs ======================

.

Sansa Media Converter

ABBYY FineReader 6.0 Sprint

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Amazon MP3 Downloader 1.0.17

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

Audacity 2.0.2

Bonjour

Broadcom Gigabit NetLink Controller

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco WebEx Meetings

CloudCare

Coupon Printer for Windows

CyberLink YouCam

D3DX10

Energy Management

Facebook Video Calling 1.0.0.8953

Freemake Video Downloader

GoToAssist Corporate

GoToMeeting 4.8.0.723

HP Photosmart 7520 series Basic Device Software

Intel® Management Engine Components

Intel® Rapid Storage Technology

iTunes

Java Auto Updater

Java 7 Update 4

JavaFX 2.1.0

JMicron Flash Media Controller Driver

Junk Mail filter update

LAME v3.99.3 (for Windows)

Lenovo Bluetooth with Enhanced Data Rate Software

Lenovo DirectShare

Lenovo EasyCamera

Lenovo Games Console

Lenovo MuteSync

Lenovo OneKey Recovery

Lenovo SlideNav

Lenovo Smile Dock

Lenovo SplitScreen

Lexmark Printable Web

Lexmark S600 Series

Lexmark Toolbar

LG Verizon United Drivers

Macrium Reflect Free Edition

Malwarebytes Anti-Malware version 1.70.0.1100

McAfee Security Scan Plus

McAfee SiteAdvisor

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Forefront UAG endpoint components v4.0.0

Microsoft IntelliPoint 8.2

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Oasis2Service 1.0

Octoshape Streaming Services

Onekey Theater

ooVoo

Power2Go

QuickTime

Realtek HDMI Audio Driver for ATI

Realtek High Definition Audio Driver

Sansa Updater

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

SUPERAntiSpyware

Synaptics Pointing Device Driver

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Ventrilo Client

VeriFace

WebEx Recorder and Player

West Point Bridge Designer 2011 (2nd Edition) (remove only)

West Point Bridge Designer 2012 (2nd Edition) (remove only)

Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 17.0

YTD Video Downloader 3.9.6

.

==== Event Viewer Messages From Past Week ========

.

1/8/2013 7:30:32 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

1/8/2013 7:21:50 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

1/8/2013 7:21:50 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

1/8/2013 12:15:11 AM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

1/8/2013 12:15:11 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

1/8/2013 12:15:10 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

1/8/2013 12:15:04 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

1/7/2013 10:35:23 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

1/7/2013 10:35:23 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

1/5/2013 2:34:20 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MfeFire. This service might not be installed.

1/5/2013 2:34:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 010513-21184-01.

1/3/2013 12:08:24 AM, Error: Service Control Manager [7034] - The CloudCare service terminated unexpectedly. It has done this 1 time(s).

1/1/2013 7:52:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x000000000000000b, 0x0000000000000002, 0x0000000000000000, 0xfffff8800583d5e7). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 010113-24008-01.

.

==== End Of File ===========================

Link to post
Share on other sites

Here is the DDS.txt file

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1

Run by Home at 19:22:19 on 2013-01-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5878 [GMT -6:00]

.

AV: CloudCare *Disabled/Updated* {BABEE769-087B-572E-AD62-21FF46C86F61}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: CloudCare AntiSpyware *Disabled/Updated* {01DF068D-2E41-58A0-97D2-1A8D3D4F25DC}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\atieclxx.exe

C:\windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Bsecure\InetCtrl.exe

C:\Program Files (x86)\Bsecure\BsecAV.exe

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

C:\windows\system32\lxedcoms.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe

C:\windows\system32\rundll32.exe

C:\windows\system32\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Bsecure\BSecAMX.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe

C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\windows\SysWOW64\rundll32.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe

C:\Program Files (x86)\Bsecure\BsecTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe

C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe

C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\windows\splwow64.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.foxnews.com/

uSearch Bar = Preserve

mStart Page = hxxp://lenovo.msn.com

uProxyServer = 127.0.0.1:9666

uProxyOverride = 127.0.0.1;*.local

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>

mWinlogon: Userinit = userinit.exe,

BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: ToolKit IE Helper: {70EA269E-56DF-49C2-86B2-1A1924ED88B4} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll

TB: eToolKit Toolbar: {D3B22A92-87A2-47b6-B3E6-A64877B5C242} -

uRun: [Octoshape Streaming Services] "C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

uRun: [sansaDispatch] C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

uRun: [bYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

uRun: [HP Photosmart 7520 series (NET)] "C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28G2B0MC05XX:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1

uRun: [Citrix] rundll32 "C:\Users\Home\AppData\Local\CyberLink\Citrix\duagnc.dll",DllRegisterServerW

uRun: [bdprmf] rundll32.exe "C:\Users\Home\AppData\Roaming\bdprmf.dll",TruncateLog

mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe

mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

mRun: [Lenovo SplitScreen] "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"

mRun: [uCam_Menu] "c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

mRun: [YouCam Mirror Tray icon] "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"

mRun: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

LSP: %ProgramFiles%\Bsecure\InetCtrl57.dll

DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://dwa.deluxe.com/InternalSite/WhlCompMgr.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sungard.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{8E60007A-6DCB-4BCC-9A49-F51F1D7B4346} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{A848AE2D-03F9-46A3-8631-32F99EBE116F} : DHCPNameServer = 61.13.0.10 61.13.0.99

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mStart Page = hxxp://lenovo.msn.com

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [synBtnAsst] C:\Program Files (x86)\Synaptics\SynTP\SynBtnAsst.exe Utility_Window

x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [lxedmon.exe] "C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe"

x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe"

x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

.

============= SERVICES / DRIVERS ===============

.

R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-5-4 39008]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-12-1 203264]

R2 Bsecure;CloudCare;C:\Program Files (x86)\Bsecure\InetCtrl.exe [2011-6-19 66344]

R2 BsecureAV;CloudCare AntiVirus;C:\Program Files (x86)\Bsecure\BsecAV.exe [2011-6-19 161776]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-2-15 76288]

R2 lxed_device;lxed_device;C:\windows\System32\lxedcoms.exe -service --> C:\windows\System32\lxedcoms.exe -service [?]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-1 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-24 682344]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-8-22 103472]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080]

R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2012-10-31 301760]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Slidebar Notifier Service;Slidebar Notifier Service;C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2011-5-4 69568]

R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-6-20 150928]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2011-5-4 28176]

R3 BSecACFltr;BSecACFltr;C:\windows\System32\drivers\BSecACFltr.sys [2011-9-17 22832]

R3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-9-2 54824]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-5-4 35104]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2010-6-7 406056]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-6-24 24176]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]

S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2011-6-20 468368]

S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-6-20 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]

S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-9-2 160880]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 ToolkitDisk;ToolkitDisk;C:\windows\System32\drivers\toolkitdisk.sys [2012-3-17 62552]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2010-9-2 229456]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-6-19 1255736]

S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .js: JSFile=C:\windows\System32\WScript.exe "%1" %* [userChoice]

.

=============== Created Last 30 ================

.

2013-01-08 01:55:43 -------- d-----w- C:\Users\Home\AppData\Local\Programs

2013-01-08 00:16:04 -------- d-sh--w- C:\windows\System32\%APPDATA%

2013-01-08 00:06:09 -------- d-----w- C:\ProgramData\B6E0B96FF67B1DB90000B6E0029421E7

2013-01-08 00:04:55 174592 ----a-w- C:\Users\Home\AppData\Roaming\bdprmf.dll

2013-01-04 17:47:06 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5040281E-7AA9-48A1-A379-7ED8CCB2DFA7}\mpengine.dll

2013-01-03 13:13:48 741480 ------w- C:\windows\System32\HPDiscoPMBC11.dll

2013-01-03 13:13:38 -------- d-----w- C:\Program Files\HP

2013-01-03 13:13:38 -------- d-----w- C:\Program Files (x86)\HP

2013-01-03 13:13:22 -------- d-----w- C:\Users\Home\AppData\Local\HP

2013-01-03 05:41:51 -------- d-----w- C:\Program Files (x86)\Lame For Audacity

2013-01-02 09:56:13 -------- d-----w- C:\Users\Home\AppData\Local\{A1885271-CC74-4118-817C-8187D4573DDA}

2013-01-02 03:56:41 -------- d-----w- C:\LGMobileUpgrade

2013-01-02 03:55:50 -------- d-----w- C:\Program Files (x86)\LG Electronics

2013-01-02 03:49:57 98304 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll

2013-01-02 03:49:57 5275648 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LG_VZW_United_WHQL_v2.7.1.msi

2013-01-02 03:49:57 24576 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll

2013-01-02 03:49:52 1347584 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe

2013-01-02 03:49:44 90112 ----a-r- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\E\LGUTchkdl.dll

2013-01-02 03:49:44 24576 ----a-r- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\E\LGEUSBAutorun.dll

2012-12-29 18:51:01 -------- d-----w- C:\Program Files (x86)\Audacity

2012-12-25 20:56:46 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys

2012-12-25 20:56:25 -------- d-----w- C:\Program Files\iPod

2012-12-25 20:56:24 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-12-25 20:56:24 -------- d-----w- C:\Program Files\iTunes

2012-12-25 20:56:24 -------- d-----w- C:\Program Files (x86)\iTunes

2012-12-23 04:10:34 -------- d-----w- C:\Program Files (x86)\Amazon

2012-12-22 09:00:31 46080 ----a-w- C:\windows\System32\atmlib.dll

2012-12-22 09:00:31 367616 ----a-w- C:\windows\System32\atmfd.dll

2012-12-22 09:00:31 34304 ----a-w- C:\windows\SysWow64\atmlib.dll

2012-12-22 09:00:30 295424 ----a-w- C:\windows\SysWow64\atmfd.dll

2012-12-17 04:13:13 16363960 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe

2012-12-17 03:21:42 478208 ----a-w- C:\windows\System32\dpnet.dll

2012-12-17 03:21:42 376832 ----a-w- C:\windows\SysWow64\dpnet.dll

2012-12-10 19:52:00 -------- d-----w- C:\Users\Home\AppData\Local\CyberLink

.

==================== Find3M ====================

.

2012-12-17 04:13:18 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-17 04:13:18 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-12-14 22:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-11-12 12:28:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb

2012-11-12 11:52:18 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-10-31 20:38:44 13504 ----a-w- C:\windows\System32\drivers\PSVolAcc.sys

2012-10-31 20:38:18 57024 ----a-w- C:\windows\System32\drivers\psmounterex.sys

2012-10-27 06:26:55 981504 ----a-w- C:\windows\SysWow64\wininet.dll

2012-10-27 05:51:21 1188864 ----a-w- C:\windows\System32\wininet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll

.

============= FINISH: 19:22:51.67 ===============

Link to post
Share on other sites

  • Staff

 

Hello

 

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

 

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Hello.

Here is the AdwCleaner.txt

# AdwCleaner v2.105 - Logfile created 01/08/2013 at 22:29:57

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Home - HOME-PC

# Boot Mode : Normal

# Running from : C:\Users\Home\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Users\Admin\AppData\Local\Temp\Uninstall.exe

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Admin\AppData\Local\Temp\avg@toolbar

Folder Deleted : C:\Users\Home\AppData\Local\APN

Folder Deleted : C:\Users\Home\AppData\Local\TempDir

Folder Deleted : C:\Users\Home\AppData\LocalLow\AskToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj

Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\prefs.js

C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\user.js ... Deleted !

[OK] File is clean.

File : C:\Users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\d1malkfy.default\prefs.js

[OK] File is clean.

File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qg46kkuz.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bce285f5d-25db-4a46-af5f-a2c88508e987%[...]

File : C:\Users\jodan\AppData\Roaming\Mozilla\Firefox\Profiles\8e24xnbv.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"apps_promo_counter":11,"browser":{"clear_lso_data_enabled":true,"window_placement":{"bottom":709,"[...]

File : C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [4277 octets] - [08/01/2013 22:29:57]

########## EOF - C:\AdwCleaner[s1].txt - [4337 octets] ##########

Link to post
Share on other sites

Here is the RKreport.txt. Thanks.

RogueKiller V8.4.3 [Jan 8 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Home [Admin rights]

Mode : Remove -- Date : 01/08/2013 22:38:55

¤¤¤ Bad processes : 2 ¤¤¤

[sUSP PATH] FreemakeUtilsService.exe -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -> KILLED [TermProc]

[sUSP PATH] SansaDispatch.exe -- C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> DELETED

[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED

[TASK][ROGUE ST] 4574 : wscript.exe C:\Users\Home\AppData\Local\Temp\launchie.vbs //B -> DELETED

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:9666) -> NOT REMOVED, USE PROXYFIX

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-882656967-3440141182-356548101-1001\$8fcb669a3906bc07532e592b08b47417\n.) -> REPLACED (C:\windows\system32\shell32.dll)

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$8fcb669a3906bc07532e592b08b47417\n.) -> REPLACED (C:\windows\system32\wbem\fastprox.dll)

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$8fcb669a3906bc07532e592b08b47417\@ --> REMOVED

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-882656967-3440141182-356548101-1001\$8fcb669a3906bc07532e592b08b47417\@ --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$8fcb669a3906bc07532e592b08b47417\U --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-882656967-3440141182-356548101-1001\$8fcb669a3906bc07532e592b08b47417\U --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$8fcb669a3906bc07532e592b08b47417\L --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-882656967-3440141182-356548101-1001\$8fcb669a3906bc07532e592b08b47417\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT1 +++++

--- User ---

[MBR] 287b2b09d321953dfd398492aa1f0023

[bSP] ae6f066611dbbe12f7d9a41a78f5bd42 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 668670 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1369847808 | Size: 31425 Mo

3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434206208 | Size: 15108 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_01082013_02d2238.txt >>

RKreport[1]_S_01082013_02d2238.txt ; RKreport[2]_D_01082013_02d2238.txt

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Hello.

I am working on turning off the security. Do I need to turn off Bsecure which is a parental control software? The software directs to the Bsecure server and validates the websites to their database of blocked sites. I do not have the security module. But I think I'm only able to uninstall as I don't see a way to disable it.

Thanks again.

Link to post
Share on other sites

Hello.

I ran Combofix and it finished successfully. However, there is no log on the Desktop. Notepad did open up with a log, but I had to do a restart and I was not able to find the log after restart. I searched on the C drive for .txt for today's date and no log.

I am still being redirected to other pages sporadically from search results in IE and Firefox.

Please let me know if you want me to rerun Combofix to get the log or what the next step should be.

Thank you very much.

Link to post
Share on other sites

  • Staff

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

Hello.

Here is the log from the OTL.exe. Thank you.

OTL logfile created on: 1/11/2013 4:13:57 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.06% Memory free

15.96 Gb Paging File | 13.71 Gb Available in Paging File | 85.89% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 653.00 Gb Total Space | 436.96 Gb Free Space | 66.92% Space Free | Partition Type: NTFS

Drive D: | 30.69 Gb Total Space | 28.56 Gb Free Space | 93.06% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Bsecure\BsecAV.exe (Bsecure Technologies, Inc.)

PRC - C:\Program Files (x86)\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.)

PRC - C:\Program Files (x86)\Bsecure\InetCtrl.exe (Bsecure Technologies, Inc.)

PRC - C:\Program Files (x86)\Bsecure\BSecAMX.exe ()

PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()

PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)

PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()

PRC - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation)

PRC - C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)

PRC - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe (Lenovo)

PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)

PRC - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()

PRC - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Bsecure\BSecAMX.exe ()

MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()

MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()

MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()

MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddrs.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddatr.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\iptk.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\epoemdll.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\epstring.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\epwizres.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\epwizard.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\customui.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\epfunct.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\eputil.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\imagutil.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedcaps.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV:64bit: - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( )

SRV:64bit: - (Slidebar Notifier Service) -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe (Lenovo)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)

SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (BsecureAV) -- C:\Program Files (x86)\Bsecure\BsecAV.exe (Bsecure Technologies, Inc.)

SRV - (Bsecure) -- C:\Program Files (x86)\Bsecure\InetCtrl.exe (Bsecure Technologies, Inc.)

SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (DMService) -- C:\Windows\Downloaded Program Files\DMService.exe (Microsoft ® Corporation)

SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)

SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (lxed_device) -- C:\Windows\SysWOW64\lxedcoms.exe ( )

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (ToolkitDisk) -- C:\Windows\SysNative\drivers\toolkitdisk.sys (Toolkit Development, Ltd.)

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)

DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)

DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)

DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (BsecureFilter) -- C:\Windows\SysNative\drivers\BsecFltr.sys (BSafe Online)

DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (BSecACFltr) -- C:\Windows\SysNative\drivers\BSecACFltr.sys ()

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)

DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)

DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (BsecureFilter) -- C:\Windows\SysWOW64\drivers\BsecFltr.sys (BSafe Online)

DRV - (BSecACFltr) -- C:\Windows\SysWOW64\drivers\BSecACFltr.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\URLSearchHook: - No CLSID value found

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes,DefaultScope = {F2123D61-1901-4715-AD98-522EC8BD34A5}

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{7B98B06F-9D73-4C65-B6A0-8FE87E1E48CA}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{F2123D61-1901-4715-AD98-522EC8BD34A5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledAddons: adwfohyofc%40adwfohyofc.org:2.5

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/24 10:12:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 00:32:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 00:32:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\toolkit@toolkitdevelopment.com: C:\Program Files (x86)\ToolKitService\ffext

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 00:32:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 00:32:30 | 000,000,000 | ---D | M]

[2011/08/30 11:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions

[2013/01/05 17:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions

[1614/05/16 03:32:42 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions\adwfohyofc@adwfohyofc.org.xpi

[2013/01/11 00:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/01/11 00:32:32 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/09/07 21:46:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/17 14:30:38 | 000,044,251 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\toolkitsearch.xml

[2012/10/19 03:49:48 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.yahoo.com?type=937811&fr=spigot-yhp-ch

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - homepage: http://www.google.com,homepage_is_newtabpage:false,distribution:{skip_first_run_ui:false,import_search_engine:false,import_history:false,import_home_page:false,import_bookmarks:false,show_welcome_page:true,create_all_shortcuts:true,do_not_launch_chrome:true,make_chrome_default_for_user:true,ping_delay:-60}

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\

CHR - Extension: SiteAdvisor = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

O1 HOSTS File: ([2013/01/11 10:53:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (ToolKit IE Helper) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (eToolKit Toolbar) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll File not found

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [lxedmon.exe] C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()

O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [synBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.)

O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)

O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)

O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [uCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)

O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [bYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)

O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [Octoshape Streaming Services] C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://dwa.deluxe.com/InternalSite/WhlCompMgr.cab (Forefront UAG endpoint components)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sungard.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E60007A-6DCB-4BCC-9A49-F51F1D7B4346}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A848AE2D-03F9-46A3-8631-32F99EBE116F}: DhcpNameServer = 61.13.0.10 61.13.0.99

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/11 16:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe

[2013/01/11 10:53:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/11 10:48:28 | 000,000,000 | ---D | C] -- C:\windows\temp

[2013/01/11 10:36:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013/01/11 10:36:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013/01/11 10:36:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013/01/11 10:36:50 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/11 10:36:32 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013/01/11 10:17:44 | 005,020,603 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe

[2013/01/11 00:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/01/09 08:00:49 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2013/01/08 22:45:03 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll

[2013/01/08 22:45:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll

[2013/01/08 22:44:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll

[2013/01/08 22:44:50 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll

[2013/01/08 22:44:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs

[2013/01/08 22:44:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs

[2013/01/08 22:44:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs

[2013/01/08 22:44:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs

[2013/01/08 22:44:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs

[2013/01/08 22:44:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs

[2013/01/08 22:44:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs

[2013/01/08 22:44:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs

[2013/01/08 22:44:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs

[2013/01/08 22:44:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs

[2013/01/08 22:44:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs

[2013/01/08 22:44:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs

[2013/01/08 22:44:43 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll

[2013/01/08 22:44:43 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll

[2013/01/08 22:44:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll

[2013/01/08 22:44:43 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll

[2013/01/08 22:44:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs

[2013/01/08 22:44:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs

[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs

[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs

[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs

[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs

[2013/01/08 22:44:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs

[2013/01/08 22:44:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs

[2013/01/08 22:44:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs

[2013/01/08 22:44:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs

[2013/01/08 22:44:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs

[2013/01/08 22:44:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs

[2013/01/08 22:44:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs

[2013/01/08 22:44:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs

[2013/01/08 22:44:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs

[2013/01/08 22:44:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs

[2013/01/08 22:44:29 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll

[2013/01/08 22:44:29 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll

[2013/01/08 22:44:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll

[2013/01/08 22:44:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe

[2013/01/08 22:44:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll

[2013/01/08 22:44:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll

[2013/01/08 22:44:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe

[2013/01/08 22:44:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll

[2013/01/08 22:44:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll

[2013/01/08 22:44:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll

[2013/01/08 22:44:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe

[2013/01/08 22:44:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/01/08 22:44:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/01/08 22:44:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/01/08 22:44:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/01/08 22:44:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll

[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/01/08 22:44:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe

[2013/01/08 22:44:19 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe

[2013/01/08 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\RK_Quarantine

[2013/01/08 19:05:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\dds.com

[2013/01/07 19:55:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Programs

[2013/01/07 18:16:04 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%

[2013/01/07 18:08:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection

[2013/01/07 18:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\B6E0B96FF67B1DB90000B6E0029421E7

[2013/01/07 17:15:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices

[2013/01/03 07:13:48 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\SysNative\HPDiscoPMBC11.dll

[2013/01/03 07:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP

[2013/01/03 07:13:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\HP

[2013/01/02 23:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity

[2013/01/02 03:56:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A1885271-CC74-4118-817C-8187D4573DDA}

[2013/01/01 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZW Software Upgrade Assistant - LG

[2013/01/01 21:56:41 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade

[2013/01/01 21:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics

[2012/12/29 12:51:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Audacity

[2012/12/29 12:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2012/12/25 14:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/12/25 14:56:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys

[2012/12/25 14:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012/12/22 22:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2012/12/22 22:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

[2012/12/22 03:00:31 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll

[2012/12/22 03:00:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll

[2012/12/22 03:00:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll

[2012/12/22 03:00:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll

[2012/12/21 11:24:13 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Jordan Therapy

[2012/12/16 22:13:13 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

[2012/12/16 21:23:39 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2012/12/16 21:23:39 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/12/16 21:23:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/12/16 21:23:39 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/12/16 21:23:39 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/12/16 21:23:39 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/12/16 21:23:39 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/12/16 21:21:42 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll

[2012/12/16 21:21:42 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll

========== Files - Modified Within 30 Days ==========

[2013/01/11 16:13:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013/01/11 16:10:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe

[2013/01/11 15:58:02 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-882656967-3440141182-356548101-1004UA.job

[2013/01/11 15:57:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/01/11 11:15:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/11 11:15:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/11 11:07:14 | 2132,209,663 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/11 10:53:29 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2013/01/11 10:53:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2013/01/11 10:17:47 | 005,020,603 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe

[2013/01/11 08:41:28 | 000,017,642 | ---- | M] () -- C:\Users\Home\Desktop\combofix.htm

[2013/01/10 19:07:18 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-882656967-3440141182-356548101-1004Core.job

[2013/01/10 13:19:55 | 150,748,948 | ---- | M] () -- C:\Users\Home\Documents\Extraordinary - John Bevere.mp4

[2013/01/09 08:20:14 | 000,291,384 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013/01/09 08:01:17 | 000,741,704 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/01/09 08:01:17 | 000,624,864 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/01/09 08:01:17 | 000,106,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/01/08 22:08:58 | 000,764,416 | ---- | M] () -- C:\Users\Home\Desktop\RogueKiller.exe

[2013/01/08 22:08:03 | 000,554,087 | ---- | M] () -- C:\Users\Home\Desktop\adwcleaner.exe

[2013/01/08 21:31:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2013/01/08 21:31:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/01/08 21:31:38 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

[2013/01/08 20:28:20 | 003,431,843 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras.wmv

[2013/01/08 20:26:05 | 001,636,733 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras.flv

[2013/01/08 19:12:16 | 000,000,000 | ---- | M] () -- C:\Users\Home\defogger_reenable

[2013/01/08 19:05:47 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\dds.com

[2013/01/08 19:04:13 | 000,856,731 | ---- | M] () -- C:\Users\Home\Desktop\SecurityCheck.exe

[2013/01/08 19:03:47 | 000,050,477 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.exe

[2013/01/08 00:29:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe

[2013/01/08 00:27:54 | 002,195,061 | ---- | M] () -- C:\Users\Home\Desktop\tdsskiller.zip

[2013/01/07 19:56:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/06 20:40:49 | 015,637,153 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.wmv

[2013/01/06 20:39:10 | 011,219,709 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.flv

[2013/01/06 20:36:50 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk

[2013/01/05 14:33:58 | 541,348,879 | ---- | M] () -- C:\windows\MEMORY.DMP

[2013/01/03 07:13:48 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 7520 series.lnk

[2013/01/03 07:13:48 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7520 series.lnk

[2013/01/03 07:13:36 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini

[2013/01/03 01:43:15 | 000,040,742 | ---- | M] () -- C:\Users\Home\Documents\How_to_Love_Yourself_by_Louise_Hay_-_Excellent!__There_Is_No_Better_Program_On_This_Subject..pdf

[2013/01/02 22:33:36 | 171,539,355 | ---- | M] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.mp3

[2012/12/29 09:02:14 | 286,396,419 | ---- | M] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.flv

[2012/12/29 07:47:34 | 000,002,866 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js

[2012/12/25 14:56:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/12/22 22:10:35 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk

[2012/12/19 19:01:57 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf

[2012/12/17 13:18:53 | 133,033,834 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 3 of 3.flv

[2012/12/17 13:18:27 | 141,417,037 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 2 of 3.flv

[2012/12/17 13:17:42 | 137,378,959 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 1 of 3.flv

[2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll

[2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll

[2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll

[2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll

[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/01/11 10:36:55 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013/01/11 10:36:55 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013/01/11 10:36:55 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013/01/11 10:36:55 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013/01/11 10:36:55 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013/01/11 08:41:27 | 000,017,642 | ---- | C] () -- C:\Users\Home\Desktop\combofix.htm

[2013/01/10 13:18:42 | 150,748,948 | ---- | C] () -- C:\Users\Home\Documents\Extraordinary - John Bevere.mp4

[2013/01/08 22:08:54 | 000,764,416 | ---- | C] () -- C:\Users\Home\Desktop\RogueKiller.exe

[2013/01/08 22:08:00 | 000,554,087 | ---- | C] () -- C:\Users\Home\Desktop\adwcleaner.exe

[2013/01/08 20:28:16 | 003,431,843 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras.wmv

[2013/01/08 20:26:02 | 001,636,733 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras.flv

[2013/01/08 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\Home\defogger_reenable

[2013/01/08 19:04:02 | 000,856,731 | ---- | C] () -- C:\Users\Home\Desktop\SecurityCheck.exe

[2013/01/08 19:03:46 | 000,050,477 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.exe

[2013/01/08 00:27:47 | 002,195,061 | ---- | C] () -- C:\Users\Home\Desktop\tdsskiller.zip

[2013/01/06 20:40:07 | 015,637,153 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.wmv

[2013/01/06 20:38:06 | 011,219,709 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.flv

[2013/01/03 07:13:48 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 7520 series.lnk

[2013/01/03 07:13:48 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7520 series.lnk

[2013/01/03 07:13:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2013/01/03 01:43:13 | 000,040,742 | ---- | C] () -- C:\Users\Home\Documents\How_to_Love_Yourself_by_Louise_Hay_-_Excellent!__There_Is_No_Better_Program_On_This_Subject..pdf

[2013/01/02 22:30:09 | 171,539,355 | ---- | C] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.mp3

[2012/12/29 12:51:07 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

[2012/12/29 07:51:18 | 286,396,419 | ---- | C] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.flv

[2012/12/29 07:47:34 | 000,002,866 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js

[2012/12/25 14:56:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/12/22 22:10:35 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk

[2012/12/19 19:01:57 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf

[2012/12/17 12:56:32 | 133,033,834 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 3 of 3.flv

[2012/12/17 12:56:06 | 141,417,037 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 2 of 3.flv

[2012/12/17 12:55:25 | 137,378,959 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 1 of 3.flv

[2012/10/01 13:19:15 | 000,039,150 | ---- | C] () -- C:\Users\Home\Cash Applications, Journal Entry and modes of remittance.htm

[2012/10/01 13:16:54 | 000,125,149 | ---- | C] () -- C:\Users\Home\AR-process-map.jpg

[2012/08/24 19:05:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/12/24 01:42:35 | 000,000,600 | ---- | C] () -- C:\Users\Home\PUTTY.RND

[2011/11/06 14:23:28 | 000,006,144 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/10/06 22:25:17 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2011/09/17 09:17:24 | 000,021,624 | ---- | C] () -- C:\windows\SysWow64\drivers\BSecACFltr.sys

[2011/08/24 10:05:02 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat

[2011/06/20 16:58:23 | 000,331,776 | ---- | C] () -- C:\windows\SysWow64\LXEDinst.dll

[2011/06/20 16:58:22 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxedinpa.dll

[2011/06/20 16:58:22 | 000,344,064 | ---- | C] () -- C:\windows\SysWow64\lxedcomx.dll

[2011/06/20 16:58:22 | 000,344,064 | ---- | C] ( ) -- C:\windows\SysWow64\lxediesc.dll

[2011/06/20 16:58:22 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\lxedinsr.dll

[2011/06/20 16:58:22 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\lxedjswr.dll

[2011/06/20 16:58:22 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\lxedcur.dll

[2011/06/20 16:58:21 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxedpmui.dll

[2011/06/20 16:58:21 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\lxedins.dll

[2011/06/20 16:58:21 | 000,262,144 | ---- | C] () -- C:\windows\SysWow64\lxedinsb.dll

[2011/06/20 16:58:21 | 000,253,952 | ---- | C] () -- C:\windows\SysWow64\lxedcu.dll

[2011/06/20 16:58:21 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\lxedcub.dll

[2011/06/20 16:58:20 | 001,048,576 | ---- | C] ( ) -- C:\windows\SysWow64\lxedserv.dll

[2011/06/20 16:58:20 | 000,847,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxedusb1.dll

[2011/06/20 16:58:20 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\lxedlmpm.dll

[2011/06/20 16:58:19 | 000,688,128 | ---- | C] ( ) -- C:\windows\SysWow64\lxedhbn3.dll

[2011/06/20 16:58:19 | 000,598,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcoms.exe

[2011/06/20 16:58:19 | 000,324,264 | ---- | C] ( ) -- C:\windows\SysWow64\lxedih.exe

[2011/06/20 16:58:18 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcomc.dll

[2011/06/20 16:58:18 | 000,373,416 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcfg.exe

[2011/06/20 16:58:18 | 000,372,736 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcomm.dll

[2011/06/20 16:57:33 | 000,299,008 | ---- | C] () -- C:\windows\SysWow64\LXEDsm.dll

[2011/06/20 16:57:33 | 000,023,552 | ---- | C] () -- C:\windows\SysWow64\LXEDsmr.dll

[2011/06/19 11:54:12 | 000,001,230 | RHS- | C] () -- C:\Users\Home\ntuser.pol

[2011/06/19 10:56:14 | 000,743,950 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/05/04 07:48:18 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2011/05/04 07:39:01 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll

[2011/05/04 07:39:01 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll

[2011/05/04 07:38:55 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll

[2011/05/04 07:27:55 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll

[2011/05/04 07:22:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Link to post
Share on other sites

  • Staff

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code

    :OTL
    IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\URLSearchHook: - No CLSID value found
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (ToolKit IE Helper) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll File not found
    O3 - HKLM\..\Toolbar: (eToolKit Toolbar) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    FF - prefs.js..extensions.enabledAddons: adwfohyofc%40adwfohyofc.org:2.5
    [1614/05/16 03:32:42 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions\adwfohyofc@adwfohyofc.org.xpi
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Link to post
Share on other sites

Hi.

Is everything in the gray box above supposed to be copied? It appears that some of this is an execution log. Or is it just the following:

:Files

ipconfig /flushdns /c

:Commands

[PURITY]

[emptyjava]

[EMPTYFLASH]

[reboot]

Also, I'm assuming that I should run it with the same settings as previously.

Thanks.

Link to post
Share on other sites

This log doesn't look right. The date of the log and the properties show that this is the one that ran 4 hours ago. Should I have deleted the log before I ran this OTL.exe the second time.

OTL logfile created on: 1/11/2013 4:13:57 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.06% Memory free

15.96 Gb Paging File | 13.71 Gb Available in Paging File | 85.89% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 653.00 Gb Total Space | 436.96 Gb Free Space | 66.92% Space Free | Partition Type: NTFS

Drive D: | 30.69 Gb Total Space | 28.56 Gb Free Space | 93.06% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Bsecure\BsecAV.exe (Bsecure Technologies, Inc.)

PRC - C:\Program Files (x86)\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.)

PRC - C:\Program Files (x86)\Bsecure\InetCtrl.exe (Bsecure Technologies, Inc.)

PRC - C:\Program Files (x86)\Bsecure\BSecAMX.exe ()

PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()

PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)

PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()

PRC - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation)

PRC - C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)

PRC - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe (Lenovo)

PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)

PRC - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()

PRC - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Bsecure\BSecAMX.exe ()

MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()

MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()

MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()

MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddrs.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddatr.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\iptk.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\epoemdll.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\epstring.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\epwizres.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\epwizard.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\customui.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\epfunct.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\eputil.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\imagutil.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedcaps.dll ()

MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV:64bit: - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( )

SRV:64bit: - (Slidebar Notifier Service) -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe (Lenovo)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)

SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (BsecureAV) -- C:\Program Files (x86)\Bsecure\BsecAV.exe (Bsecure Technologies, Inc.)

SRV - (Bsecure) -- C:\Program Files (x86)\Bsecure\InetCtrl.exe (Bsecure Technologies, Inc.)

SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (DMService) -- C:\Windows\Downloaded Program Files\DMService.exe (Microsoft ® Corporation)

SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)

SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (lxed_device) -- C:\Windows\SysWOW64\lxedcoms.exe ( )

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (ToolkitDisk) -- C:\Windows\SysNative\drivers\toolkitdisk.sys (Toolkit Development, Ltd.)

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)

DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)

DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)

DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)

DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (BsecureFilter) -- C:\Windows\SysNative\drivers\BsecFltr.sys (BSafe Online)

DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (BSecACFltr) -- C:\Windows\SysNative\drivers\BSecACFltr.sys ()

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)

DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)

DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (BsecureFilter) -- C:\Windows\SysWOW64\drivers\BsecFltr.sys (BSafe Online)

DRV - (BSecACFltr) -- C:\Windows\SysWOW64\drivers\BSecACFltr.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\URLSearchHook: - No CLSID value found

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes,DefaultScope = {F2123D61-1901-4715-AD98-522EC8BD34A5}

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{7B98B06F-9D73-4C65-B6A0-8FE87E1E48CA}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{F2123D61-1901-4715-AD98-522EC8BD34A5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledAddons: adwfohyofc%40adwfohyofc.org:2.5

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/24 10:12:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 00:32:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 00:32:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\toolkit@toolkitdevelopment.com: C:\Program Files (x86)\ToolKitService\ffext

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 00:32:32 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 00:32:30 | 000,000,000 | ---D | M]

[2011/08/30 11:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions

[2013/01/05 17:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions

[1614/05/16 03:32:42 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions\adwfohyofc@adwfohyofc.org.xpi

[2013/01/11 00:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/01/11 00:32:32 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/09/07 21:46:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/17 14:30:38 | 000,044,251 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\toolkitsearch.xml

[2012/10/19 03:49:48 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.yahoo.com?type=937811&fr=spigot-yhp-ch

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - homepage: http://www.google.com,homepage_is_newtabpage:false,distribution:{skip_first_run_ui:false,import_search_engine:false,import_history:false,import_home_page:false,import_bookmarks:false,show_welcome_page:true,create_all_shortcuts:true,do_not_launch_chrome:true,make_chrome_default_for_user:true,ping_delay:-60}

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\

CHR - Extension: SiteAdvisor = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\

O1 HOSTS File: ([2013/01/11 10:53:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (ToolKit IE Helper) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (eToolKit Toolbar) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll File not found

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()

O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [lxedmon.exe] C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()

O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [synBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.)

O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)

O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)

O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [uCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)

O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [bYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)

O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [Octoshape Streaming Services] C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://dwa.deluxe.com/InternalSite/WhlCompMgr.cab (Forefront UAG endpoint components)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sungard.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E60007A-6DCB-4BCC-9A49-F51F1D7B4346}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A848AE2D-03F9-46A3-8631-32F99EBE116F}: DhcpNameServer = 61.13.0.10 61.13.0.99

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/11 16:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe

[2013/01/11 10:53:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/11 10:48:28 | 000,000,000 | ---D | C] -- C:\windows\temp

[2013/01/11 10:36:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013/01/11 10:36:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013/01/11 10:36:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013/01/11 10:36:50 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/11 10:36:32 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013/01/11 10:17:44 | 005,020,603 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe

[2013/01/11 00:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/01/09 08:00:49 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2013/01/08 22:45:03 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll

[2013/01/08 22:45:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll

[2013/01/08 22:44:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll

[2013/01/08 22:44:50 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll

[2013/01/08 22:44:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs

[2013/01/08 22:44:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs

[2013/01/08 22:44:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs

[2013/01/08 22:44:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs

[2013/01/08 22:44:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs

[2013/01/08 22:44:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs

[2013/01/08 22:44:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs

[2013/01/08 22:44:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs

[2013/01/08 22:44:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs

[2013/01/08 22:44:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs

[2013/01/08 22:44:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs

[2013/01/08 22:44:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs

[2013/01/08 22:44:43 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll

[2013/01/08 22:44:43 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll

[2013/01/08 22:44:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll

[2013/01/08 22:44:43 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll

[2013/01/08 22:44:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs

[2013/01/08 22:44:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs

[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs

[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs

[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs

[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs

[2013/01/08 22:44:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs

[2013/01/08 22:44:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs

[2013/01/08 22:44:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs

[2013/01/08 22:44:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs

[2013/01/08 22:44:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs

[2013/01/08 22:44:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs

[2013/01/08 22:44:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs

[2013/01/08 22:44:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs

[2013/01/08 22:44:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs

[2013/01/08 22:44:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs

[2013/01/08 22:44:29 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll

[2013/01/08 22:44:29 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll

[2013/01/08 22:44:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll

[2013/01/08 22:44:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe

[2013/01/08 22:44:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll

[2013/01/08 22:44:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll

[2013/01/08 22:44:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe

[2013/01/08 22:44:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll

[2013/01/08 22:44:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll

[2013/01/08 22:44:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll

[2013/01/08 22:44:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe

[2013/01/08 22:44:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/01/08 22:44:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/01/08 22:44:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/01/08 22:44:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/01/08 22:44:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll

[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/01/08 22:44:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe

[2013/01/08 22:44:19 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe

[2013/01/08 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\RK_Quarantine

[2013/01/08 19:05:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\dds.com

[2013/01/07 19:55:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Programs

[2013/01/07 18:16:04 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%

[2013/01/07 18:08:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection

[2013/01/07 18:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\B6E0B96FF67B1DB90000B6E0029421E7

[2013/01/07 17:15:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices

[2013/01/03 07:13:48 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\SysNative\HPDiscoPMBC11.dll

[2013/01/03 07:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

[2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

[2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP

[2013/01/03 07:13:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\HP

[2013/01/02 23:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity

[2013/01/02 03:56:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A1885271-CC74-4118-817C-8187D4573DDA}

[2013/01/01 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZW Software Upgrade Assistant - LG

[2013/01/01 21:56:41 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade

[2013/01/01 21:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics

[2012/12/29 12:51:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Audacity

[2012/12/29 12:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity

[2012/12/25 14:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/12/25 14:56:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys

[2012/12/25 14:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2012/12/22 22:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2012/12/22 22:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

[2012/12/22 03:00:31 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll

[2012/12/22 03:00:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll

[2012/12/22 03:00:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll

[2012/12/22 03:00:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll

[2012/12/21 11:24:13 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Jordan Therapy

[2012/12/16 22:13:13 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

[2012/12/16 21:23:39 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2012/12/16 21:23:39 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/12/16 21:23:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/12/16 21:23:39 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/12/16 21:23:39 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/12/16 21:23:39 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/12/16 21:23:39 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/12/16 21:21:42 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll

[2012/12/16 21:21:42 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll

========== Files - Modified Within 30 Days ==========

[2013/01/11 16:13:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013/01/11 16:10:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe

[2013/01/11 15:58:02 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-882656967-3440141182-356548101-1004UA.job

[2013/01/11 15:57:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/01/11 11:15:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/11 11:15:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/11 11:07:14 | 2132,209,663 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/11 10:53:29 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2013/01/11 10:53:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2013/01/11 10:17:47 | 005,020,603 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe

[2013/01/11 08:41:28 | 000,017,642 | ---- | M] () -- C:\Users\Home\Desktop\combofix.htm

[2013/01/10 19:07:18 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-882656967-3440141182-356548101-1004Core.job

[2013/01/10 13:19:55 | 150,748,948 | ---- | M] () -- C:\Users\Home\Documents\Extraordinary - John Bevere.mp4

[2013/01/09 08:20:14 | 000,291,384 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2013/01/09 08:01:17 | 000,741,704 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/01/09 08:01:17 | 000,624,864 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/01/09 08:01:17 | 000,106,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/01/08 22:08:58 | 000,764,416 | ---- | M] () -- C:\Users\Home\Desktop\RogueKiller.exe

[2013/01/08 22:08:03 | 000,554,087 | ---- | M] () -- C:\Users\Home\Desktop\adwcleaner.exe

[2013/01/08 21:31:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2013/01/08 21:31:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/01/08 21:31:38 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

[2013/01/08 20:28:20 | 003,431,843 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras.wmv

[2013/01/08 20:26:05 | 001,636,733 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras.flv

[2013/01/08 19:12:16 | 000,000,000 | ---- | M] () -- C:\Users\Home\defogger_reenable

[2013/01/08 19:05:47 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\dds.com

[2013/01/08 19:04:13 | 000,856,731 | ---- | M] () -- C:\Users\Home\Desktop\SecurityCheck.exe

[2013/01/08 19:03:47 | 000,050,477 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.exe

[2013/01/08 00:29:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe

[2013/01/08 00:27:54 | 002,195,061 | ---- | M] () -- C:\Users\Home\Desktop\tdsskiller.zip

[2013/01/07 19:56:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/06 20:40:49 | 015,637,153 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.wmv

[2013/01/06 20:39:10 | 011,219,709 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.flv

[2013/01/06 20:36:50 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk

[2013/01/05 14:33:58 | 541,348,879 | ---- | M] () -- C:\windows\MEMORY.DMP

[2013/01/03 07:13:48 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 7520 series.lnk

[2013/01/03 07:13:48 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7520 series.lnk

[2013/01/03 07:13:36 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini

[2013/01/03 01:43:15 | 000,040,742 | ---- | M] () -- C:\Users\Home\Documents\How_to_Love_Yourself_by_Louise_Hay_-_Excellent!__There_Is_No_Better_Program_On_This_Subject..pdf

[2013/01/02 22:33:36 | 171,539,355 | ---- | M] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.mp3

[2012/12/29 09:02:14 | 286,396,419 | ---- | M] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.flv

[2012/12/29 07:47:34 | 000,002,866 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js

[2012/12/25 14:56:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/12/22 22:10:35 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk

[2012/12/19 19:01:57 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf

[2012/12/17 13:18:53 | 133,033,834 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 3 of 3.flv

[2012/12/17 13:18:27 | 141,417,037 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 2 of 3.flv

[2012/12/17 13:17:42 | 137,378,959 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 1 of 3.flv

[2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll

[2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll

[2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll

[2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll

[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/01/11 10:36:55 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013/01/11 10:36:55 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013/01/11 10:36:55 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013/01/11 10:36:55 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013/01/11 10:36:55 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013/01/11 08:41:27 | 000,017,642 | ---- | C] () -- C:\Users\Home\Desktop\combofix.htm

[2013/01/10 13:18:42 | 150,748,948 | ---- | C] () -- C:\Users\Home\Documents\Extraordinary - John Bevere.mp4

[2013/01/08 22:08:54 | 000,764,416 | ---- | C] () -- C:\Users\Home\Desktop\RogueKiller.exe

[2013/01/08 22:08:00 | 000,554,087 | ---- | C] () -- C:\Users\Home\Desktop\adwcleaner.exe

[2013/01/08 20:28:16 | 003,431,843 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras.wmv

[2013/01/08 20:26:02 | 001,636,733 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras.flv

[2013/01/08 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\Home\defogger_reenable

[2013/01/08 19:04:02 | 000,856,731 | ---- | C] () -- C:\Users\Home\Desktop\SecurityCheck.exe

[2013/01/08 19:03:46 | 000,050,477 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.exe

[2013/01/08 00:27:47 | 002,195,061 | ---- | C] () -- C:\Users\Home\Desktop\tdsskiller.zip

[2013/01/06 20:40:07 | 015,637,153 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.wmv

[2013/01/06 20:38:06 | 011,219,709 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.flv

[2013/01/03 07:13:48 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 7520 series.lnk

[2013/01/03 07:13:48 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7520 series.lnk

[2013/01/03 07:13:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2013/01/03 01:43:13 | 000,040,742 | ---- | C] () -- C:\Users\Home\Documents\How_to_Love_Yourself_by_Louise_Hay_-_Excellent!__There_Is_No_Better_Program_On_This_Subject..pdf

[2013/01/02 22:30:09 | 171,539,355 | ---- | C] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.mp3

[2012/12/29 12:51:07 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk

[2012/12/29 07:51:18 | 286,396,419 | ---- | C] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.flv

[2012/12/29 07:47:34 | 000,002,866 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js

[2012/12/25 14:56:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/12/22 22:10:35 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk

[2012/12/19 19:01:57 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf

[2012/12/17 12:56:32 | 133,033,834 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 3 of 3.flv

[2012/12/17 12:56:06 | 141,417,037 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 2 of 3.flv

[2012/12/17 12:55:25 | 137,378,959 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 1 of 3.flv

[2012/10/01 13:19:15 | 000,039,150 | ---- | C] () -- C:\Users\Home\Cash Applications, Journal Entry and modes of remittance.htm

[2012/10/01 13:16:54 | 000,125,149 | ---- | C] () -- C:\Users\Home\AR-process-map.jpg

[2012/08/24 19:05:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/12/24 01:42:35 | 000,000,600 | ---- | C] () -- C:\Users\Home\PUTTY.RND

[2011/11/06 14:23:28 | 000,006,144 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/10/06 22:25:17 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2011/09/17 09:17:24 | 000,021,624 | ---- | C] () -- C:\windows\SysWow64\drivers\BSecACFltr.sys

[2011/08/24 10:05:02 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat

[2011/06/20 16:58:23 | 000,331,776 | ---- | C] () -- C:\windows\SysWow64\LXEDinst.dll

[2011/06/20 16:58:22 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxedinpa.dll

[2011/06/20 16:58:22 | 000,344,064 | ---- | C] () -- C:\windows\SysWow64\lxedcomx.dll

[2011/06/20 16:58:22 | 000,344,064 | ---- | C] ( ) -- C:\windows\SysWow64\lxediesc.dll

[2011/06/20 16:58:22 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\lxedinsr.dll

[2011/06/20 16:58:22 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\lxedjswr.dll

[2011/06/20 16:58:22 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\lxedcur.dll

[2011/06/20 16:58:21 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxedpmui.dll

[2011/06/20 16:58:21 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\lxedins.dll

[2011/06/20 16:58:21 | 000,262,144 | ---- | C] () -- C:\windows\SysWow64\lxedinsb.dll

[2011/06/20 16:58:21 | 000,253,952 | ---- | C] () -- C:\windows\SysWow64\lxedcu.dll

[2011/06/20 16:58:21 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\lxedcub.dll

[2011/06/20 16:58:20 | 001,048,576 | ---- | C] ( ) -- C:\windows\SysWow64\lxedserv.dll

[2011/06/20 16:58:20 | 000,847,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxedusb1.dll

[2011/06/20 16:58:20 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\lxedlmpm.dll

[2011/06/20 16:58:19 | 000,688,128 | ---- | C] ( ) -- C:\windows\SysWow64\lxedhbn3.dll

[2011/06/20 16:58:19 | 000,598,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcoms.exe

[2011/06/20 16:58:19 | 000,324,264 | ---- | C] ( ) -- C:\windows\SysWow64\lxedih.exe

[2011/06/20 16:58:18 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcomc.dll

[2011/06/20 16:58:18 | 000,373,416 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcfg.exe

[2011/06/20 16:58:18 | 000,372,736 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcomm.dll

[2011/06/20 16:57:33 | 000,299,008 | ---- | C] () -- C:\windows\SysWow64\LXEDsm.dll

[2011/06/20 16:57:33 | 000,023,552 | ---- | C] () -- C:\windows\SysWow64\LXEDsmr.dll

[2011/06/19 11:54:12 | 000,001,230 | RHS- | C] () -- C:\Users\Home\ntuser.pol

[2011/06/19 10:56:14 | 000,743,950 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/05/04 07:48:18 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2011/05/04 07:39:01 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll

[2011/05/04 07:39:01 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll

[2011/05/04 07:38:55 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll

[2011/05/04 07:27:55 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll

[2011/05/04 07:22:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Oh no! I can't access the internet any longer. When the system first restarted I got some message that a Windows service could not be found. The connection diagnosis message is 'windows could not automatically detect this networks proxy settiings'. I'll have to find a computer to post the latest log.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.