DeliciousLettuce Posted April 1, 2013 Author ID:663693 Share Posted April 1, 2013 ComboFix is scary D:Okay, going to get it now. Link to post Share on other sites More sharing options...
MrCharlie Posted April 1, 2013 ID:663694 Share Posted April 1, 2013 Just follow the instructions and everything will be OK...MrC Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 1, 2013 Author ID:663701 Share Posted April 1, 2013 Posting this mainly to subside my own fear a bit.ComboFix said it needed to 'perform a deeper scan' and it just deleted a file in the Windows folder called 'wininit.ini'The Windows and System32 folders scare me, so I'm mainly asking if that's a normal thing. Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 1, 2013 Author ID:663707 Share Posted April 1, 2013 ComboFix seems to be exhibiting an issue I've had since I got the virus -When restarting/turning off, it gets stuck on Logging off.I can only fix it by holding the power button - is it safe to do so with ComboFix's restart?(Sod's law: I can't tell you what it said before the restart because I was not at the screen at the time) Link to post Share on other sites More sharing options...
MrCharlie Posted April 1, 2013 ID:663708 Share Posted April 1, 2013 Yes or try it in safe mode, MrC Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 1, 2013 Author ID:663711 Share Posted April 1, 2013 Preparing Log Report.It says 'do not run any programs', but my programs that start on startup are still starting.Next post should have the log. Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 1, 2013 Author ID:663719 Share Posted April 1, 2013 20 minutes later, still preparing logs.Is it safe to leave ComboFix doing this overnight? Link to post Share on other sites More sharing options...
MrCharlie Posted April 1, 2013 ID:663758 Share Posted April 1, 2013 Don't let it run that long, it should have produced a log by now, MrC Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 2, 2013 Author ID:663866 Share Posted April 2, 2013 :/I've got the log, anyway.ComboFix 13-04-01.01 - caz 01/04/2013 22:44:52.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6126.3985 [GMT 1:00]Running from: c:\users\caz\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\caz\libmySQL.dllc:\windows\wininit.iniD:\install.exe.----- File Replicators -----.c:\program files (x86)\Git\bin\git.exec:\program files (x86)\Git\libexec\git-core\git-add.exec:\program files (x86)\Git\libexec\git-core\git-annotate.exec:\program files (x86)\Git\libexec\git-core\git-apply.exec:\program files (x86)\Git\libexec\git-core\git-archive.exec:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exec:\program files (x86)\Git\libexec\git-core\git-blame.exec:\program files (x86)\Git\libexec\git-core\git-branch.exec:\program files (x86)\Git\libexec\git-core\git-bundle.exec:\program files (x86)\Git\libexec\git-core\git-cat-file.exec:\program files (x86)\Git\libexec\git-core\git-check-attr.exec:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exec:\program files (x86)\Git\libexec\git-core\git-checkout-index.exec:\program files (x86)\Git\libexec\git-core\git-checkout.exec:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exec:\program files (x86)\Git\libexec\git-core\git-cherry.exec:\program files (x86)\Git\libexec\git-core\git-clean.exec:\program files (x86)\Git\libexec\git-core\git-clone.exec:\program files (x86)\Git\libexec\git-core\git-column.exec:\program files (x86)\Git\libexec\git-core\git-commit-tree.exec:\program files (x86)\Git\libexec\git-core\git-commit.exec:\program files (x86)\Git\libexec\git-core\git-config.exec:\program files (x86)\Git\libexec\git-core\git-count-objects.exec:\program files (x86)\Git\libexec\git-core\git-credential.exec:\program files (x86)\Git\libexec\git-core\git-describe.exec:\program files (x86)\Git\libexec\git-core\git-diff-files.exec:\program files (x86)\Git\libexec\git-core\git-diff-index.exec:\program files (x86)\Git\libexec\git-core\git-diff-tree.exec:\program files (x86)\Git\libexec\git-core\git-diff.exec:\program files (x86)\Git\libexec\git-core\git-fast-export.exec:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exec:\program files (x86)\Git\libexec\git-core\git-fetch.exec:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exec:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exec:\program files (x86)\Git\libexec\git-core\git-format-patch.exec:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exec:\program files (x86)\Git\libexec\git-core\git-fsck.exec:\program files (x86)\Git\libexec\git-core\git-gc.exec:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exec:\program files (x86)\Git\libexec\git-core\git-grep.exec:\program files (x86)\Git\libexec\git-core\git-hash-object.exec:\program files (x86)\Git\libexec\git-core\git-help.exec:\program files (x86)\Git\libexec\git-core\git-index-pack.exec:\program files (x86)\Git\libexec\git-core\git-init-db.exec:\program files (x86)\Git\libexec\git-core\git-init.exec:\program files (x86)\Git\libexec\git-core\git-log.exec:\program files (x86)\Git\libexec\git-core\git-ls-files.exec:\program files (x86)\Git\libexec\git-core\git-ls-remote.exec:\program files (x86)\Git\libexec\git-core\git-ls-tree.exec:\program files (x86)\Git\libexec\git-core\git-mailinfo.exec:\program files (x86)\Git\libexec\git-core\git-mailsplit.exec:\program files (x86)\Git\libexec\git-core\git-merge-base.exec:\program files (x86)\Git\libexec\git-core\git-merge-file.exec:\program files (x86)\Git\libexec\git-core\git-merge-index.exec:\program files (x86)\Git\libexec\git-core\git-merge-ours.exec:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exec:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exec:\program files (x86)\Git\libexec\git-core\git-merge-tree.exec:\program files (x86)\Git\libexec\git-core\git-merge.exec:\program files (x86)\Git\libexec\git-core\git-mktag.exec:\program files (x86)\Git\libexec\git-core\git-mktree.exec:\program files (x86)\Git\libexec\git-core\git-mv.exec:\program files (x86)\Git\libexec\git-core\git-name-rev.exec:\program files (x86)\Git\libexec\git-core\git-notes.exec:\program files (x86)\Git\libexec\git-core\git-pack-objects.exec:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exec:\program files (x86)\Git\libexec\git-core\git-pack-refs.exec:\program files (x86)\Git\libexec\git-core\git-patch-id.exec:\program files (x86)\Git\libexec\git-core\git-peek-remote.exec:\program files (x86)\Git\libexec\git-core\git-prune-packed.exec:\program files (x86)\Git\libexec\git-core\git-prune.exec:\program files (x86)\Git\libexec\git-core\git-push.exec:\program files (x86)\Git\libexec\git-core\git-read-tree.exec:\program files (x86)\Git\libexec\git-core\git-receive-pack.exec:\program files (x86)\Git\libexec\git-core\git-reflog.exec:\program files (x86)\Git\libexec\git-core\git-remote-ext.exec:\program files (x86)\Git\libexec\git-core\git-remote-fd.exec:\program files (x86)\Git\libexec\git-core\git-remote.exec:\program files (x86)\Git\libexec\git-core\git-replace.exec:\program files (x86)\Git\libexec\git-core\git-repo-config.exec:\program files (x86)\Git\libexec\git-core\git-rerere.exec:\program files (x86)\Git\libexec\git-core\git-reset.exec:\program files (x86)\Git\libexec\git-core\git-rev-list.exec:\program files (x86)\Git\libexec\git-core\git-rev-parse.exec:\program files (x86)\Git\libexec\git-core\git-revert.exec:\program files (x86)\Git\libexec\git-core\git-rm.exec:\program files (x86)\Git\libexec\git-core\git-send-pack.exec:\program files (x86)\Git\libexec\git-core\git-shortlog.exec:\program files (x86)\Git\libexec\git-core\git-show-branch.exec:\program files (x86)\Git\libexec\git-core\git-show-ref.exec:\program files (x86)\Git\libexec\git-core\git-show.exec:\program files (x86)\Git\libexec\git-core\git-stage.exec:\program files (x86)\Git\libexec\git-core\git-status.exec:\program files (x86)\Git\libexec\git-core\git-stripspace.exec:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exec:\program files (x86)\Git\libexec\git-core\git-tag.exec:\program files (x86)\Git\libexec\git-core\git-tar-tree.exec:\program files (x86)\Git\libexec\git-core\git-unpack-file.exec:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exec:\program files (x86)\Git\libexec\git-core\git-update-index.exec:\program files (x86)\Git\libexec\git-core\git-update-ref.exec:\program files (x86)\Git\libexec\git-core\git-update-server-info.exec:\program files (x86)\Git\libexec\git-core\git-upload-archive.exec:\program files (x86)\Git\libexec\git-core\git-var.exec:\program files (x86)\Git\libexec\git-core\git-verify-pack.exec:\program files (x86)\Git\libexec\git-core\git-verify-tag.exec:\program files (x86)\Git\libexec\git-core\git-whatchanged.exec:\program files (x86)\Git\libexec\git-core\git-write-tree.exec:\program files (x86)\Git\libexec\git-core\git.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\0fmafmve\k22itn3m.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\2cu3n3xj\dlgb1194.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\2t67r8em\534wpo3w.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\3xnahvek\tniqhel8.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\5qp5u7qm\9ii14vqa.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\5ssjbd2a\r2y8dqsu.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\5xsbspkr\ht8honje.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\6sm4zoka\h0tmea85.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\9mclxtkp\3jglgcb7.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\9qcagzqv\04quzx9h.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\akp654qi\1ndmxuct.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ankb8i2x\nasati2a.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\bm6tawjz\8o0sxec2.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\cz25j5ej\wu3l1eou.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\cz511wwu\vt1cmj2j.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\dfrmvaok\ozd5ykef.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ezwmo027\bkspu4m5.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ff97vuvh\l0s82d1x.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\hav3ewph\hjvqs8hk.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\hnesps9x\dzccom4h.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\iskj6l6e\ut7wzljm.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\j8k4hvhp\bs0ycmmx.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\k874seg2\7q8qep5n.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ku1noyy8\emezndt9.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\mj2n54bl\7fghyt6r.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\mql93reh\r9o6xlo3.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\nuyc86dv\a7rxjcdr.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\o23s9eq3\jyxxtf48.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\ovtu27r7\n2id3bxn.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\q8tvfqgg\6jx67t6p.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\qnd759m2\wgk7ltrb.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\qw2v4y8n\oemkp89i.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\r17lwxf2\5d7pjn8r.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\s0dyy5q2\f8s27szi.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\sc2sxg67\1bwmzbee.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\swqyqbbr\y8leh88h.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\t6pay7bp\03v33dc8.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\vr1cqwq8\hzmiwnvd.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\w8nljhpt\e79k0rah.exec:\users\caz\AppData\LocalLow\Microsoft\Windows Live\Setup\tmp\zg5dtewd\ibbxh6nl.exe..((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))..2013-04-01 22:02 . 2013-04-01 22:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-04-01 22:02 . 2013-04-01 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp2013-03-29 11:06 . 2013-03-29 11:06 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll2013-03-29 11:05 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm2013-03-29 10:53 . 2013-04-01 10:01 -------- d-----w- c:\programdata\MagnniPic2013-03-29 10:52 . 2013-03-29 10:52 -------- d-----w- c:\program files (x86)\Industriya2013-03-29 10:52 . 2013-03-29 10:52 -------- d-----w- c:\users\caz\AppData\Roaming\Industriya2013-03-18 20:04 . 2013-03-18 20:04 -------- d-----w- c:\programdata\Citrix2013-03-18 20:03 . 2013-03-18 20:03 -------- d-----w- c:\program files (x86)\Common Files\Citrix2013-03-18 20:03 . 2013-03-18 20:03 -------- d-----w- c:\program files (x86)\Citrix2013-03-17 17:26 . 2013-03-17 17:26 -------- d-----w- c:\program files\Virtual Audio Cable2013-03-17 17:26 . 2013-03-17 17:26 66728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys2013-03-16 19:55 . 2013-03-16 19:55 -------- d-----w- c:\users\caz\AppData\Roaming\Publish Providers2013-03-15 16:34 . 2013-03-15 16:35 -------- d-----w- c:\windows\W7SBC2013-03-15 16:34 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer_edit_w7sbc.exe2013-03-15 16:34 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer_backup_w7sbc.exe2013-03-15 07:07 . 2013-03-15 07:07 -------- d-----w- c:\users\caz\AppData\Roaming\Rainmeter2013-03-15 07:06 . 2013-03-15 07:06 -------- d-----w- c:\program files\Rainmeter2013-03-13 17:41 . 2013-03-13 17:41 -------- d-----w- c:\programdata\4shared Desktop2013-03-12 19:36 . 2013-03-12 19:36 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-03-11 21:08 . 2013-03-11 21:08 -------- d-----w- c:\users\caz\AppData\Local\fontconfig2013-03-11 21:08 . 2013-03-11 21:12 -------- d-----w- c:\users\caz\.gimp-2.82013-03-11 21:08 . 2013-03-11 21:08 -------- d-----w- c:\users\caz\AppData\Local\gegl-0.22013-03-10 09:58 . 2013-03-10 09:58 -------- d-----w- c:\users\caz\AppData\Local\CRE2013-03-09 18:26 . 2013-03-09 18:26 -------- d-----w- c:\program files (x86)\Free Mouse Auto Clicker...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-04-01 22:19 . 2012-10-11 19:00 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72DE0BBB-598E-4BD0-A2F8-029CC2000881}\offreg.dll2013-03-12 19:36 . 2012-06-25 05:46 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-03-12 19:36 . 2011-05-30 14:58 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-03-02 14:07 . 2013-03-02 14:07 466456 ----a-w- c:\windows\system32\wrap_oal.dll2013-03-02 14:07 . 2013-03-02 14:07 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll2013-03-02 14:07 . 2013-03-02 14:07 122904 ----a-w- c:\windows\system32\OpenAL32.dll2013-03-02 14:07 . 2013-03-02 14:07 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll2013-01-25 19:14 . 2013-01-25 19:14 137421 ----a-w- c:\windows\Dragon's Tale Uninstaller.exe2013-01-22 16:38 . 2007-12-27 22:48 348160 ----a-w- c:\program files (x86)\GUIStudioMDL.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}]2013-03-25 15:14 251288 ----a-w- c:\program files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2012-12-03 19:22 220632 ----a-w- c:\users\caz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2012-12-03 19:22 220632 ----a-w- c:\users\caz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2012-12-03 19:22 220632 ----a-w- c:\users\caz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]@="{C5994560-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]@="{C5994561-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]@="{C5994562-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]@="{C5994563-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]@="{C5994564-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]@="{C5994565-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]@="{C5994566-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]@="{C5994567-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]@="{C5994568-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-29 1631144]"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]"Software Suite SE"="c:\program files (x86)\Packard Bell\Software Suite SE\SoftSuiteSE.exe" [2009-09-29 2275360]"SanDiskSecureAccess_Manager.exe"="c:\users\caz\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-11-21 27306624]"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336].c:\users\caz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-11-4 41160]Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Photo Frame.lnk - c:\program files (x86)\Northstar\Photo Frame\Photo Frame.exe [2010-11-4 516688].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"SoftwareSASGeneration"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer4"=wdmaud.drvHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr.[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001"UacDisableNotify"=dword:00000001.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 15160]R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-08-11 1014624]R3 SaiK0CFA;SaiK0CFA;c:\windows\system32\DRIVERS\SaiK0CFA.sys [2011-09-20 183104]R3 SaiU0CFA;SaiU0CFA;c:\windows\system32\DRIVERS\SaiU0CFA.sys [2011-09-20 47168]R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-12-19 146736]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-29 1255736]R3 X6va005;X6va005;c:\users\caz\AppData\Local\Temp\005510F.tmp [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 70296]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-10 91864]S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-12-19 224048]S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-12-19 130864]S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2012-04-26 1633296]S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 30568]S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2013-03-17 66728]S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys [2011-11-05 1327104]S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-12-19 165680]S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]..Contents of the 'Scheduled Tasks' folder.2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 19:36].2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 22:14].2013-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 22:14].2013-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-619801281-2065231745-1524764912-1000Core.job- c:\users\caz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 17:36].2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-619801281-2065231745-1524764912-1000UA.job- c:\users\caz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-17 17:36]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2012-12-03 19:22 244696 ----a-w- c:\users\caz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2012-12-03 19:22 244696 ----a-w- c:\users\caz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2012-12-03 19:22 244696 ----a-w- c:\users\caz\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]@="{C5994560-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]@="{C5994561-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]@="{C5994562-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]@="{C5994563-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]@="{C5994564-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]@="{C5994565-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]@="{C5994566-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]@="{C5994567-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]@="{C5994568-53D9-4125-87C9-F193FC689CB2}"[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]2011-06-13 10:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-05 11474024]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2012-04-26 1633296]"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208].------- Supplementary Scan -------.uStart Page = hxxp://searchou.com/?id=2a84c2b7000000000000944452e74830uLocal Page = c:\windows\system32\blank.htmmDefault_Page_URL = hxxp://packardbell.msn.commStart Page = hxxp://packardbell.msn.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105Trusted Zone: kongregate.com\wwwTrusted Zone: smallworlds.com\wwwTrusted Zone: xgenstudios.com\wwwTCP: DhcpNameServer = 192.168.1.254 192.168.1.254TCP: Interfaces\{FEFD5D36-3C1A-40CC-A571-452FEF0200D6}: NameServer = 8.8.8.8,8.8.4.4FF - ProfilePath - c:\users\caz\AppData\Roaming\Mozilla\Firefox\Profiles\rt3feasf.default\FF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2013-03-10 09:57; {739df940-c5ee-4bab-9d7e-270894ae687a}; c:\users\caz\AppData\Roaming\Mozilla\Firefox\Profiles\rt3feasf.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}FF - ExtSQL: 2013-03-29 09:32; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{51fcf544-34e1-47e6-b661-fbc5280c2e74} - (no file)URLSearchHooks-{ec66d0dc-ad17-4602-af45-ef595565db02} - (no file)Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-JumiController - c:\program files (x86)\Jumi\jumi.exeWow6432Node-HKCU-Run-Predator - c:\program files\Predator2\Predator.exeWow6432Node-HKLM-Run-<NO NAME> - (no file)Toolbar-Locked - (no file)WebBrowser-{EC66D0DC-AD17-4602-AF45-EF595565DB02} - (no file)AddRemove-{F9E7D6C5-02BA-26BE-21A2-7A514AC24790} - c:\progra~3\INSTAL~1\{C35B3~1\Setup.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]"ImagePath"="\??\c:\users\caz\AppData\Local\Temp\005510F.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\windows\SysWOW64\vmnat.exed:\programming\VIRTUALMACHINE\VIRTUAL stuff\vmware-authd.exec:\windows\SysWOW64\vmnetdhcp.exec:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exec:\program files (x86)\Packard Bell\Software Suite SE\SEDevDetect.exec:\program files (x86)\Citrix\ICA Client\Receiver\Receiver.exec:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exec:\program files (x86)\Citrix\ICA Client\wfcrun32.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exec:\program files (x86)\Logitech\LWS\LU\LULnchr.exec:\program files (x86)\Logitech\LWS\LU\LogitechUpdate.exe.**************************************************************************.Completion time: 2013-04-01 23:41:05 - machine was rebootedComboFix-quarantined-files.txt 2013-04-01 22:40.Pre-Run: 35,601,846,272 bytes freePost-Run: 36,286,636,032 bytes free.- - End Of File - - DDA5C5752AE6D74AF5C79804D849CF62 Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663879 Share Posted April 2, 2013 How is it now??? MrC Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 2, 2013 Author ID:663880 Share Posted April 2, 2013 Computer seems to be okay now.A few elements of Control Panel seem to still hate me, for example the Network and Sharing Center takes a while to open up, and it sometimes freezes for no reason.Also, I noticed that Privitize and MagniPic still have a few things on my computer when I was looking around, but they don't seem to be actually doing anything. Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663886 Share Posted April 2, 2013 Those you can delete.Run Security Check and post the log, MrC Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 2, 2013 Author ID:663887 Share Posted April 2, 2013 Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.1 JavaFX 2.0.3 SDK Java 7 Update 5 Java SE Development Kit 7 Update 3 Java version out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (15.0) Google Chrome 25.0.1364.172 Google Chrome 26.0.1410.43 ````````Process Check: objlist.exe by Laurent```````` Symantec Norton Online Backup NOBuAgent.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 2, 2013 Author ID:663888 Share Posted April 2, 2013 Antivirus out of date is true, I was actually updating it today. Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663898 Share Posted April 2, 2013 Unless you intentionally installed these, please uninstall them form your add/remove programs:JavaFX 2.1.1JavaFX 2.0.3 SDKJava™ SE Development Kit 7 Update 3Java™ 7 Update 5 <---please update, should be Update 17Java version out of Date! <--------Go to control panel > Java > Update Tab > Update NowUncheck the box to install the Ask toolbar!!! and any other free "stuff".If there's no update tab in Java, uninstall it and Download and install the latest version from HereUncheck the box to install the Ask toolbar!!! and any other free "stuff".Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe.Google Chrome 25.0.1364.172 <--------OLDGoogle Chrome 26.0.1410.43 <----OKYou have old versions of Google Chrome on the system.Please download and run OldChromeRemover.@Windows Vista/Windows 7 users must use “Run As Administrator.”---------------------------------------------------------You have out dated programs on the system which are vulnerable to malware.Please update or uninstall themInfo on doing that can be found in my Preventive Maintenance~~~~~~~~~~~~~~~~~~~~~A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comhttp://www.itxassoci...T-Tools/OTL.exeSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 2, 2013 Author ID:663906 Share Posted April 2, 2013 Going through the list now.Things are taking a while to uninstall.Also, just did ComboFix /uninstall and it seems to have started as normal, doing a backup of the registry and then vanishing.Is that normal? :/ Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663908 Share Posted April 2, 2013 No, run the uninstaller:http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXEMrC Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 2, 2013 Author ID:663913 Share Posted April 2, 2013 On it.I hope that didn't mess anything up :/There's a folder in my C:\ with the Computer icon called 'ComboFix'.Also, uninstalling JavaFX from Control Panel is now saying 'error 1719: The Windows Installer Service could not be accessed.' Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 2, 2013 Author ID:663915 Share Posted April 2, 2013 Just ran the ComboFix uninstaller.It said 'Done', windows gave me a 'Program may not have installed correctly' and ComboFix still seems to be on my desktop. Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663919 Share Posted April 2, 2013 Delete it, MrC Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 2, 2013 Author ID:663922 Share Posted April 2, 2013 It's gone now, as is the folder in my C:\ drive.Also, I can uninstall again, which is good. Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 2, 2013 Author ID:663929 Share Posted April 2, 2013 Trying to install a new version of java after uninstall is just doing nothing :/It says it's running in Task Manager, but it doesn't do anything.Also, OldChromeRemover says 'A device attached to the system is not functioning' Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663931 Share Posted April 2, 2013 Run JavaRa, let me know when you're done with that:http://forums.whatthetech.com/index.php?showtopic=68632MrC Link to post Share on other sites More sharing options...
DeliciousLettuce Posted April 2, 2013 Author ID:663940 Share Posted April 2, 2013 Avast wanted me to restart to update, and after I did that I got Java to install just fine.I also got OldChromeRemover to work. Link to post Share on other sites More sharing options...
MrCharlie Posted April 2, 2013 ID:663951 Share Posted April 2, 2013 Good...MrC Link to post Share on other sites More sharing options...
Recommended Posts