Jump to content

Yet another Whitesmoke infected user


Recommended Posts

Hello.

As a few other members here, I downloaded the video conversion software Super, and ended up with the Whitesmoke toolbar on Firefox, and looks like on Chrome too. I do not see it listed under add/remove programs in Windows, nor does Revo Uninstaller detects it. A Google search brought me to this forum, so I'm kindly asking for any help that would make me get rid of this thing. I'm creating this topic as suggested by the administrators.

Here are my DDS results:

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Pixeles Libres at 11:34:25 on 2012-06-21

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.13610 [GMT -6:00]

.

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE

C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.daum.net/

uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s

mWinlogon: Userinit=userinit.exe

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: StartNowToolbarHelper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - StartNow Toolbar Helper

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [Google Update] "C:\Users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [<NO NAME>]

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN

StartupFolder: C:\Users\PIXELE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: Interfaces\{89F81B29-6BC8-4668-A49A-114987D904F5} : NameServer = 209.18.47.61,209.18.47.62

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {6E13D095-45C3-4271-9475-F3B48227DD9F} - StartNow Toolbar Helper

BHO-X64: StartNowToolbarHelper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [(Default)]

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\

FF - prefs.js: browser.search.selectedEngine - WhiteSmoke US Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MDFSYSNT;MacDrive file system driver;C:\Windows\system32\drivers\MDFSYSNT.sys --> C:\Windows\system32\drivers\MDFSYSNT.sys [?]

R0 MDPMGRNT;MacDrive Partition Driver;C:\Windows\system32\DRIVERS\MDPMGRNT.SYS --> C:\Windows\system32\DRIVERS\MDPMGRNT.SYS [?]

R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 CBDisk;CBDisk;\??\C:\Windows\system32\drivers\CBDisk.sys --> C:\Windows\system32\drivers\CBDisk.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-1-12 810144]

R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-10 13336]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 M4LIC;Mediafour M4LIC service;C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-7-20 205312]

R2 MacDrive8Service;MacDrive 8 service;C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-8 149504]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

S2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2012-5-18 563200]

S2 Toolbar Updater Service;Toolbar Updater Service;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-29 257224]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

.

=============== Created Last 30 ================

.

2012-06-21 16:57:09 -------- d-----w- C:\Users\Pixeles Libres\AppData\Local\Macromedia

2012-06-13 15:17:15 -------- d-----w- C:\Program Files (x86)\DefaultTab

2012-06-13 14:34:31 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0A209EA0-1699-4C59-B108-C882B9841ABB}\mpengine.dll

2012-06-13 14:31:39 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-06-13 14:31:14 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-13 14:31:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-13 14:31:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-13 14:31:08 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-06-13 14:31:07 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-06-13 14:28:21 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-06-13 14:26:28 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-13 14:26:28 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

.

==================== Find3M ====================

.

2012-06-13 14:57:56 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-13 14:57:56 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2006-05-03 18:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 19:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 21:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

2010-01-07 06:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll

.

============= FINISH: 11:34:59.24 ===============

Attatch

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume7

Install Date: 5/11/2011 1:08:04 AM

System Uptime: 6/21/2012 10:48:51 AM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8P67 PRO

Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz | LGA1155 | 1598/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 74 GiB total, 10.058 GiB free.

D: is FIXED (HFSJ) - 924 GiB total, 65.962 GiB free.

E: is FIXED (HFSJ) - 931 GiB total, 88.521 GiB free.

F: is CDROM ()

H: is Removable

I: is CDROM ()

J: is Removable

K: is Removable

L: is Removable

M: is FIXED (HFSJ) - 931 GiB total, 86.877 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP68: 6/13/2012 8:31:42 AM - Windows Update

RP69: 6/13/2012 8:49:35 AM - Installed ACDSee Pro 5.

.

==== Installed Programs ======================

.

ACDSee Pro 4

ACDSee Pro 5

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5.5 Master Collection

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Story

Adobe Widget Browser

Advertising Center

Apple Application Support

Apple Software Update

AudioShell 1.3.5

AVI ReComp 1.5.3

AviSynth 2.5

CameraBag 1.5

Camtasia Studio 7

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

D3DX10

DefaultTab Chrome

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

FormatFactory 2.60

GOM Player

Google Chrome

HydraVision

ImagXpress

Intel® Rapid Storage Technology

IrfanView (remove only)

JMicron JMB36X Driver

K-Lite Codec Pack 7.1.0 (Full)

LightScribe System Software

MagicDisc 2.7.106

marvell 91xx console driver

Menu Templates - Starter Kit

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Morrowind

Mozilla Firefox 13.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero Express Help

Nero Installer

Nero Online Upgrade

Nero StartSmart OEM

NeroExpress

PDF Settings CS5

Pidgin

PxMergeModule

QuickTime

RAR Password Recovery Magic v6.1.1.393

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Snagit 10.0.1

StartNow Toolbar 2.0

SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49

SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51

The KMPlayer (remove only)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VLC media player 2.0.1

VobSub 2.23

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Xilisoft Video Converter Ultimate 6

Xvid 1.3.0

Zip Repair Pro

.

==== Event Viewer Messages From Past Week ========

.

6/21/2012 4:51:35 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).

6/21/2012 4:51:07 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

.

==== End Of File ===========================

Thanks in advance.

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Hello, Gringo.

Thank you very much for your willingness to help me. I carefully followed your instructions and there were no problems during the processes. ComboFix rebooted my computer once, and then it gave me the log file. Unfortunately, I still have the damn WhiteSmoke toolbar on Firefox. Except for what I just mentioned, computer seems to behave normally. Here are my my logs:

Security Check

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

ESET NOD32 Antivirus 4.2

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Mozilla Firefox (13.0.1)

Google Chrome 18.0.1025.162

Google Chrome 19.0.1084.56

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 10%

````````````````````End of Log``````````````````````

___________________________________________________________________

Combofix Log:

ComboFix 12-06-21.03 - Pixeles Libres 06/22/2012 16:53:48.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.14458 [GMT -6:00]

Running from: c:\users\Pixeles Libres\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\StartNow Toolbar

c:\program files (x86)\StartNow Toolbar\Resources\images\btn-msn.png

c:\program files (x86)\StartNow Toolbar\Resources\images\chevronButton.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files (x86)\StartNow Toolbar\Resources\images\separator.png

c:\program files (x86)\StartNow Toolbar\Resources\images\splitter.png

c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files (x86)\StartNow Toolbar\Resources\installer.xml

c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html

c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png

c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css

c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css

c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js

c:\program files (x86)\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png

c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png

c:\program files (x86)\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml

c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_c.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_l.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\hover_r.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_c.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_l.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbarbutton\normal_r.png

c:\program files (x86)\StartNow Toolbar\Resources\update.xml

c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe

c:\program files (x86)\StartNow Toolbar\uninstall.dat

c:\users\Pixeles Libres\AppData\Local\assembly\tmp

c:\windows\neoqaz2.dll

c:\windows\SysWow64\avisynth.dll

c:\windows\SysWow64\devil.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Toolbar Updater Service

.

.

((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))

.

.

2012-06-21 18:40 . 2012-06-21 18:40 4126880 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-06-21 16:57 . 2012-06-21 16:57 -------- d-----w- c:\users\Pixeles Libres\AppData\Local\Macromedia

2012-06-13 15:17 . 2012-06-13 15:17 -------- d-----w- c:\program files (x86)\DefaultTab

2012-06-13 14:34 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A209EA0-1699-4C59-B108-C882B9841ABB}\mpengine.dll

2012-06-13 14:31 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-06-13 14:31 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-13 14:31 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-13 14:31 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-13 14:31 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-06-13 14:31 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-06-13 14:28 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-06-13 14:26 . 2012-06-13 14:26 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-13 14:26 . 2012-06-13 14:26 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-21 18:40 . 2012-04-29 06:23 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-21 18:40 . 2011-05-22 04:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2006-05-03 18:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 19:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 21:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"ACPW05EN"="c:\program files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-17 822384]

.

c:\users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-5-21 576000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-05-18 563200]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 257696]

R3 ALSysIO;ALSysIO;c:\users\PIXELE~1\AppData\Local\Temp\ALSysIO64.sys [x]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 MDFSYSNT;MacDrive file system driver; [x]

S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-07-20 205312]

S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 149504]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-08-16 19:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 18:41]

.

2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000Core.job

- c:\users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 21:24]

.

2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000UA.job

- c:\users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 21:24]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]

"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 193536]

"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 146432]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"combofix"="c:\combofix\CF18463.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.daum.net/

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: Interfaces\{89F81B29-6BC8-4668-A49A-114987D904F5}: NameServer = 209.18.47.61,209.18.47.62

FF - ProfilePath - c:\users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)

AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.032"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.apd"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.arw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bay"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cel"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cs1"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcx"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djv"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djvu"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fff"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.flc"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fli"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fpx"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icn"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iff"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ilbm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.int"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.inta"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iw4"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2c"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2k"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jbr"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jfif"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jif"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jp2"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpc"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpe"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpeg"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

@Denied: (2) (LocalSystem)

"Progid"="PhotoViewer.FileAssoc.Jpeg"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpk"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpx"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.kar"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.kdc"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.lbm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.m15"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

@Denied: (2) (LocalSystem)

"Progid"="PotPlayer64.M1A"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

@Denied: (2) (LocalSystem)

"Progid"="PotPlayer64.M2A"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.m75"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mef"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mos"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mpv"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nrw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbr"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcx"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pgm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pics"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pix"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ppm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psp"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspbrush"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspimage"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.qcp"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.qtpf"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ras"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgb"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgba"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rsb"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rw2"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rwl"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sdv"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sfil"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sgi"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.smf"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.smil"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sml"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sr2"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srf"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.swa"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.thm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tif"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tiff"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tsdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tsdr"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ulw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40po"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40pp"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40ppf"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.v50po"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.v50pp"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.v50ppf"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.vfw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbmp"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xbm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xif"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

"Progid"="ACDSee Pro 5.xmp"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xpm"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

.

**************************************************************************

.

Completion time: 2012-06-22 17:07:54 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-22 23:07

.

Pre-Run: 13,060,308,992 bytes free

Post-Run: 11,962,896,384 bytes free

.

- - End Of File - - B9DFA5D25B40F121D58634FF7AFF17A1

I hope ComboFix was not our last resource to get rid of that virus/malware. Please let me know what else I can do. Thanks in advance.

Link to post
Share on other sites

  • Staff

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

Thanks again, Gringo. Here's the report:

OTL

OTL logfile created on: 6/22/2012 8:02:44 PM - Run 1

OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Pixeles Libres\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.84 Gb Available Physical Memory | 86.60% Memory free

26.39 Gb Paging File | 23.97 Gb Available in Paging File | 90.83% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 74.43 Gb Total Space | 12.36 Gb Free Space | 16.61% Space Free | Partition Type: NTFS

Drive D: | 923.74 Gb Total Space | 65.96 Gb Free Space | 7.14% Space Free | Partition Type: HFSJ

Drive E: | 931.19 Gb Total Space | 87.99 Gb Free Space | 9.45% Space Free | Partition Type: HFSJ

Drive M: | 931.19 Gb Total Space | 85.28 Gb Free Space | 9.16% Space Free | Partition Type: HFSJ

Computer Name: PIXELESLIBRES | User Name: Pixeles Libres | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pixeles Libres\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe ()

PRC - C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (Mediafour Corporation)

PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()

MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()

MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)

SRV:64bit: - (MacDrive8Service) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation)

SRV:64bit: - (Intel® PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (DefaultTabSearch) -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe ()

SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)

SRV - (M4LIC) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (Mediafour Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)

DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)

DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)

DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)

DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)

DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)

DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)

DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)

DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)

DRV:64bit: - (MDPMGRNT) -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS (Mediafour Corporation)

DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (MDFSYSNT) -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS (Mediafour Corporation)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)

DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (CBDisk) -- C:\Windows\SysNative\drivers\CBDisk.sys (EldoS Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.net/

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 CA 90 0F E6 34 CC 01 [binary data]

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{6E3BC683-3A17-4DCF-861B-E7556301026C}: "URL" = http://search.daum.net/cgi-bin/nsp/search.cgi?w=tot&nil_ch=MSKR&q={searchTerms}

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E18E798C-0A7E-410C-9C9C-349E0F52DEF7}&mid=924e7ba387c847d0b25fd16fc5f055f5-9a54de853bd847c8b5527f75a6f131027a770287〈=en&ds=gm011&pr=sa&d=2012-04-28 23:08:16&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}: "URL" = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z065&partner_id=287&product_id=463&affiliate_id=&channel=9007&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110511&user_guid=9582EA84DB6E45EEB9C864E4CE06E7B6&machine_id=f161b0b3be456270032942077fe043df&browser=IE&os=win&os_version=6.1-x64-SP0

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13"

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/05/11 15:45:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 12:59:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/05/11 18:44:05 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 12:59:22 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/11 13:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Extensions

[2012/06/21 11:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions

[2012/04/28 23:19:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/06/13 09:16:40 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}

[2012/04/29 00:09:01 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\firefox@ghostery.com

[2012/06/21 10:55:02 | 000,000,919 | ---- | M] () -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\searchplugins\conduit.xml

[2011/05/11 13:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/05/11 15:27:25 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\PIXELES LIBRES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CKPNCN01.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI

[2012/04/28 23:19:28 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PIXELES LIBRES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CKPNCN01.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/06/13 08:26:34 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\PIXELES LIBRES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CKPNCN01.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI

[2012/06/21 12:59:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/04/28 23:08:12 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012/04/28 23:05:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/04/28 23:05:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Google Search = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: DefaultTab = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\

CHR - Extension: Ghostery = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\3.0.0_0\

CHR - Extension: Gmail = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/22 17:00:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ACPW05EN] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89F81B29-6BC8-4668-A49A-114987D904F5}: NameServer = 209.18.47.61,209.18.47.62

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 20:00:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Pixeles Libres\Desktop\OTL.exe

[2012/06/22 19:57:58 | 000,000,000 | R--D | C] -- C:\Users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

[2012/06/22 17:35:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/06/22 17:33:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2012/06/22 17:07:56 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/06/22 16:53:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/06/22 16:53:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/06/22 16:53:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/06/22 16:53:12 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/06/22 16:52:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/06/22 16:40:25 | 004,565,264 | R--- | C] (Swearware) -- C:\Users\Pixeles Libres\Desktop\ComboFix.exe

[2012/06/21 12:40:11 | 004,126,880 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/06/21 12:00:21 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Local\{D27F49F9-BE3D-4E4F-B98D-6336B1909080}

[2012/06/21 12:00:04 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Local\{453FB431-1A0F-418B-AF76-C0F23F9E0BD2}

[2012/06/21 11:27:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Pixeles Libres\Desktop\dds.scr

[2012/06/21 10:57:09 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Local\Macromedia

[2012/06/13 09:18:04 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll

[2012/06/13 09:18:04 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll

[2012/06/13 09:18:03 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax

[2012/06/13 09:18:03 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll

[2012/06/13 09:18:03 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax

[2012/06/13 09:18:03 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax

[2012/06/13 09:18:03 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax

[2012/06/13 09:18:03 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax

[2012/06/13 09:18:03 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll

[2012/06/13 09:18:02 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax

[2012/06/13 09:18:01 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax

[2012/06/13 09:18:01 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax

[2012/06/13 09:18:01 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax

[2012/06/13 09:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab

[2012/06/13 09:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012/06/13 08:32:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/06/13 08:32:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/06/13 08:32:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/06/13 08:32:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/06/13 08:32:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/06/13 08:32:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/06/13 08:32:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/06/13 08:32:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/06/13 08:32:18 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/06/13 08:32:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/06/13 08:32:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/06/13 08:32:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/06/13 08:32:17 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/06/13 08:31:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/06/13 08:31:09 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/06/13 08:31:08 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/06/13 08:31:08 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2012/06/13 08:30:57 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2012/06/13 08:30:56 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

[2012/06/13 08:30:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2012/06/13 08:30:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll

[2012/06/13 08:30:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe

[2012/06/13 08:30:28 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/06/13 08:30:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

========== Files - Modified Within 30 Days ==========

[2012/06/22 20:05:04 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000UA.job

[2012/06/22 20:02:18 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/22 20:02:18 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/22 20:01:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Pixeles Libres\Desktop\OTL.exe

[2012/06/22 19:57:52 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2012/06/22 19:56:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/22 19:56:52 | 4276,797,438 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/22 17:34:33 | 000,001,374 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\Snagit 11.lnk

[2012/06/22 17:00:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/06/22 16:40:31 | 004,565,264 | R--- | M] (Swearware) -- C:\Users\Pixeles Libres\Desktop\ComboFix.exe

[2012/06/22 16:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/22 16:38:37 | 000,881,475 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\SecurityCheck.exe

[2012/06/21 12:56:21 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk

[2012/06/21 12:40:41 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/06/21 12:40:40 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/06/21 12:40:14 | 004,126,880 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/06/21 11:27:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Pixeles Libres\Desktop\dds.scr

[2012/06/21 10:55:32 | 002,296,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/21 10:55:32 | 000,701,608 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat

[2012/06/21 10:55:32 | 000,625,722 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2012/06/21 10:55:32 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/21 10:55:32 | 000,137,212 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat

[2012/06/21 10:55:32 | 000,123,890 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2012/06/21 10:55:32 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/13 09:18:05 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk

[2012/06/13 09:14:53 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/06/13 09:11:59 | 000,000,993 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\PotPlayer x64.lnk

[2012/06/13 08:56:31 | 004,973,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/13 08:50:27 | 000,002,847 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk

[2012/06/13 08:09:53 | 000,002,408 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/06/22 17:34:33 | 000,001,374 | ---- | C] () -- C:\Users\Pixeles Libres\Desktop\Snagit 11.lnk

[2012/06/22 16:53:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/06/22 16:53:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/06/22 16:53:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/06/22 16:53:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/06/22 16:53:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/06/22 16:38:33 | 000,881,475 | ---- | C] () -- C:\Users\Pixeles Libres\Desktop\SecurityCheck.exe

[2012/06/13 09:18:03 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax

[2012/06/13 09:18:03 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll

[2012/06/13 09:18:03 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax

[2012/06/13 09:18:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax

[2012/06/13 09:18:02 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax

[2012/06/13 09:18:02 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax

[2012/06/13 09:18:01 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax

[2012/06/13 09:18:01 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax

[2012/06/13 09:18:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax

[2012/06/13 09:18:01 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax

[2012/06/13 09:14:53 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/06/13 08:50:27 | 000,002,847 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk

[2011/05/11 18:34:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/05/11 13:13:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/05/11 13:13:47 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/05/11 13:09:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/05/10 18:30:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011/05/10 18:30:41 | 000,026,612 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/02/22 13:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/02/22 13:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

========== Files - Unicode (All) ==========

[2011/11/08 15:09:16 | 000,004,096 | -H-- | M] ()(C:\._?) -- C:\._

[2011/09/12 11:30:41 | 000,004,096 | -H-- | C] ()(C:\._?) -- C:\._

========== Alternate Data Streams ==========

@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:8B4F37E5

@Alternate Data Stream - 20 bytes -> C:\Users\Pixeles Libres\Documents\Microsoft.Office.2010.ProfessionalPlus.VL.Edition.x86.and.x64-ZWTiSO:Mac_Metadata

@Alternate Data Stream - 20 bytes -> C:\TheVolumeSettingsFolder:Mac_Metadata

@Alternate Data Stream - 20 bytes -> C:\.Trashes:Mac_Metadata

@Alternate Data Stream - 20 bytes -> C:\.TemporaryItems:Mac_Metadata

@Alternate Data Stream - 1330 bytes -> C:\Users\Pixeles Libres\AppData\Local\Temp:GIf3pd5xbNqwedaxFi2fNzfr4zX18

@Alternate Data Stream - 108 bytes -> C:\Windows:

< End of report >

Link to post
Share on other sites

  • Staff

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code

    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:8B4F37E5
    @Alternate Data Stream - 20 bytes -> C:\Users\Pixeles Libres\Documents\Microsoft.Office.2010.ProfessionalPlus.VL.Edition.x86.and.x64-ZWTiSO:Mac_Metadata
    @Alternate Data Stream - 20 bytes -> C:\TheVolumeSettingsFolder:Mac_Metadata
    @Alternate Data Stream - 20 bytes -> C:\.Trashes:Mac_Metadata
    @Alternate Data Stream - 20 bytes -> C:\.TemporaryItems:Mac_Metadata
    @Alternate Data Stream - 1330 bytes -> C:\Users\Pixeles Libres\AppData\Local\Temp:GIf3pd5xbNqwedaxFi2fNzfr4zX18
    @Alternate Data Stream - 108 bytes -> C:\Windows:
    IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}: "URL" = http://www.startnow....ion=6.1-x64-SP0
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q="
    [2012/06/13 09:16:40 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
    [2012/06/21 10:55:02 | 000,000,919 | ---- | M] () -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\searchplugins\conduit.xml
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Link to post
Share on other sites

Hi, Gringo.

So I ran the script, then it asked me to reboot. I did so, and when Windows was loading up, it seemed to be applying some kind of update. I don't know if it's related to the script or not. Either way, once I logged into Windows, I opened Firefox and the Whitesmoke toolbar was gone. However, I also opened up Chrome, and it still looked strange to me. Looking deeper into it, it turns out there's search bar for mysearchresults.com. A quick google seach tells me this is also another kind of virus/malware/spyware/key-logger. This is very frustrating. I can't believe that downloading an update for a app I've been using for years (Super) would mess up my machine so bad. Anyway, are these two things related? I don't want to abuse your kindness, but Is there something we can do about this too?

Here's the log for the script:

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

ADS C:\ProgramData\TEMP:8B4F37E5 deleted successfully.

ADS C:\Users\Pixeles Libres\Documents\Microsoft.Office.2010.ProfessionalPlus.VL.Edition.x86.and.x64-ZWTiSO:Mac_Metadata deleted successfully.

ADS C:\TheVolumeSettingsFolder:Mac_Metadata deleted successfully.

ADS C:\.Trashes:Mac_Metadata deleted successfully.

ADS C:\.TemporaryItems:Mac_Metadata deleted successfully.

ADS C:\Users\Pixeles Libres\AppData\Local\Temp:GIf3pd5xbNqwedaxFi2fNzfr4zX18 deleted successfully.

Unable to delete ADS C:\Windows: .

Registry key HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA4B13CA-FDBF-E716-8E65-65F1231BD0D7}\ not found.

Prefs.js: "http://search.conduit.com/?ctid=CT3198785&SearchSource=13" removed from browser.startup.homepage

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=" removed from keyword.URL

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\Plugins folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\modules folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\META-INF folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\lib folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults\preferences folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\skin folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\sl folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\lib folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\core folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\css folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\resources folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\img folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\script folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\resources folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\Css folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\images folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\css folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\img folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\css folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\404 folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\img folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\css folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\img folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\css folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gadgetFrame folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd\images folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui folder moved successfully.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\js folder moved successfully.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js\resources folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\images folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\css folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\myStuffDialogs folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js\resources folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\api folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\res folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\img folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\css folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\js folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\images folder moved successfully.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox folder moved successfully.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} scheduled to be moved on reboot.

C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\searchplugins\conduit.xml moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Pixeles Libres\Desktop\cmd.bat deleted successfully.

C:\Users\Pixeles Libres\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Pixeles Libres

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 56502 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Pixeles Libres

->Flash cache emptied: 3131 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.51.0 log created on 06232012_162450

Files\Folders moved on Reboot...

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome scheduled to be moved on reboot.

Folder move failed. C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} scheduled to be moved on reboot.

Registry entries deleted on Reboot...

=============================================================

Thanks again.

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Hello again.

I followed your instructions, but this time ComboFix did not ask me to reboot, but I did anyways. After the reboot, I opened up Chrome and it still loads the mysearchresults.com homepage :(. I find it odd that I haven't come acorss any authentic discussions about this malware anywhere online. But I'm confident you will find a way to get rid of this evil thing. Thanks again for all your time and efforts, Gringo.

Here's the report:

ComboFix 12-06-21.03 - Pixeles Libres 06/23/2012 19:03:10.2.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.14367 [GMT -6:00]

Running from: c:\users\Pixeles Libres\Desktop\ComboFix.exe

Command switches used :: c:\users\Pixeles Libres\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))

.

.

2012-06-24 01:14 . 2012-06-24 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-23 22:24 . 2012-06-23 22:24 -------- d-----w- C:\_OTL

2012-06-23 22:22 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-23 22:22 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-23 22:22 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-23 22:22 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-23 22:22 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-23 22:22 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-23 22:22 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-23 22:21 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-23 22:21 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-22 23:33 . 2012-06-22 23:33 -------- d-----w- c:\windows\system32\appmgmt

2012-06-21 18:40 . 2012-06-21 18:40 4126880 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-06-21 16:57 . 2012-06-21 16:57 -------- d-----w- c:\users\Pixeles Libres\AppData\Local\Macromedia

2012-06-13 15:17 . 2012-06-13 15:17 -------- d-----w- c:\program files (x86)\DefaultTab

2012-06-13 14:34 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A209EA0-1699-4C59-B108-C882B9841ABB}\mpengine.dll

2012-06-13 14:31 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-06-13 14:31 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-13 14:31 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-13 14:31 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-13 14:31 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-06-13 14:31 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-06-13 14:28 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-06-13 14:26 . 2012-06-13 14:26 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-13 14:26 . 2012-06-13 14:26 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-21 18:40 . 2012-04-29 06:23 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-21 18:40 . 2011-05-22 04:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2006-05-03 18:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 19:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 21:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-07 06:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-22_23.01.06 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-06-21 18:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-06-23 22:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-06-21 18:40 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-23 22:26 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-21 18:40 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-23 22:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-05-12 00:39 . 2012-06-24 00:57 69912 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-24 00:57 34790 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-12 00:39 . 2012-06-23 22:29 14658 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3525391006-1020723365-2236347363-1000_UserData.bin

+ 2012-06-02 21:19 . 2012-06-02 21:19 79232 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe

+ 2009-07-14 04:46 . 2012-06-24 01:00 87696 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-06-24 00:55 . 2012-06-24 00:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-22 22:59 . 2012-06-22 22:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-24 00:55 . 2012-06-24 00:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-22 22:59 . 2012-06-22 22:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-06-22 22:58 473312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-23 17:18 473312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:45 . 2012-06-23 22:27 5980419 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2012-06-22 22:32 5980419 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 02:34 . 2012-06-23 22:25 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2012-06-13 14:53 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2011-05-11 20:02 . 2012-06-23 17:18 16066532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3525391006-1020723365-2236347363-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"ACPW05EN"="c:\program files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-17 822384]

.

c:\users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-5-21 576000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DefaultTabSearch;DefaultTabSearch;c:\program files (x86)\DefaultTab\DefaultTabSearch.exe [2012-05-18 563200]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 257696]

R3 ALSysIO;ALSysIO;c:\users\PIXELE~1\AppData\Local\Temp\ALSysIO64.sys [x]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 MDFSYSNT;MacDrive file system driver; [x]

S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [x]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2010-07-20 205312]

S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 149504]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-08-16 19:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-29 18:41]

.

2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000Core.job

- c:\users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 21:24]

.

2012-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000UA.job

- c:\users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 21:24]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]

"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 193536]

"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 146432]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.daum.net/

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchURL,(Default) = hxxp://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: Interfaces\{89F81B29-6BC8-4668-A49A-114987D904F5}: NameServer = 209.18.47.61,209.18.47.62

FF - ProfilePath - c:\users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.032"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.apd"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.arw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bay"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.bw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cel"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.cs1"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.dcx"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djv"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.djvu"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fff"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.flc"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fli"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.fpx"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.icn"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iff"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ilbm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.int"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.inta"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.iw4"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2c"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.j2k"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jbr"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jfif"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jif"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jp2"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpc"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpe"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpeg"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

@Denied: (2) (LocalSystem)

"Progid"="PhotoViewer.FileAssoc.Jpeg"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpk"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.jpx"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.kar"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.kdc"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.lbm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.m15"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

@Denied: (2) (LocalSystem)

"Progid"="PotPlayer64.M1A"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

@Denied: (2) (LocalSystem)

"Progid"="PotPlayer64.M2A"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.m75"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mef"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mos"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.mpv"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.nrw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pbr"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pcx"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pgm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pics"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pix"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ppm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.psp"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspbrush"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.pspimage"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.qcp"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.qtpf"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ras"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.raw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgb"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rgba"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rsb"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rw2"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.rwl"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sdv"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sfil"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sgi"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.smf"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.smil"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sml"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.sr2"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srf"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.srw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.swa"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.thm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tif"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tiff"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tsdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.tsdr"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.ulw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40po"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40pp"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.v40ppf"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.v50po"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.v50pp"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.v50ppf"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.vfw"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.wbmp"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xbm"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xif"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-3525391006-1020723365-2236347363-1000)

"Progid"="ACDSee Pro 5.xmp"

.

[HKEY_USERS\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 4.xpm"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-23 19:15:43

ComboFix-quarantined-files.txt 2012-06-24 01:15

ComboFix2.txt 2012-06-22 23:07

.

Pre-Run: 12,166,598,656 bytes free

Post-Run: 11,983,736,832 bytes free

.

- - End Of File - - B0AA5CF96890F6C56F6A88E286ECB7D2

Link to post
Share on other sites

I never use IE, so I wouldn't be too sure. Right now it had a Chinese website as homepage and search engine (www.daum.net), but I was able to switch homepage and search engine back to defaults without any conflict. After closing it and opening it again, the defaults are still set and it appears to behave normally. I'm not sure about this, but I think the homepage and search engine were modified on IE when I installed a media player called PotPlayer, since this program was installed in a folder called Daum under Program Files. Still, I would find it odd if a virus or malware would mess up FF and Chrome, and not IE. Anyway, here's the new report:

OTL logfile created on: 6/24/2012 11:15:57 AM - Run 2

OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Pixeles Libres\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 13.85 Gb Available Physical Memory | 86.70% Memory free

25.67 Gb Paging File | 23.29 Gb Available in Paging File | 90.73% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 74.43 Gb Total Space | 13.06 Gb Free Space | 17.55% Space Free | Partition Type: NTFS

Drive D: | 923.74 Gb Total Space | 66.47 Gb Free Space | 7.20% Space Free | Partition Type: HFSJ

Drive E: | 931.19 Gb Total Space | 87.99 Gb Free Space | 9.45% Space Free | Partition Type: HFSJ

Drive M: | 931.19 Gb Total Space | 81.37 Gb Free Space | 8.74% Space Free | Partition Type: HFSJ

Computer Name: PIXELESLIBRES | User Name: Pixeles Libres | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pixeles Libres\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (Mediafour Corporation)

PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()

MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()

MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)

SRV:64bit: - (MacDrive8Service) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation)

SRV:64bit: - (Intel® PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (DefaultTabSearch) -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe ()

SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)

SRV - (M4LIC) -- C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE (Mediafour Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)

DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)

DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)

DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)

DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)

DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)

DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)

DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)

DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)

DRV:64bit: - (MDPMGRNT) -- C:\Windows\SysNative\drivers\MDPMGRNT.SYS (Mediafour Corporation)

DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (MDFSYSNT) -- C:\Windows\SysNative\drivers\MDFSYSNT.SYS (Mediafour Corporation)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)

DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (CBDisk) -- C:\Windows\SysNative\drivers\CBDisk.sys (EldoS Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 68 91 C2 2C 52 CD 01 [binary data]

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E18E798C-0A7E-410C-9C9C-349E0F52DEF7}&mid=924e7ba387c847d0b25fd16fc5f055f5-9a54de853bd847c8b5527f75a6f131027a770287〈=en&ds=gm011&pr=sa&d=2012-04-28 23:08:16&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/05/11 15:45:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 12:59:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/05/11 18:44:05 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 12:59:22 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/05/11 13:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Extensions

[2012/06/23 16:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions

[2012/04/28 23:19:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2012/04/29 00:09:01 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Pixeles Libres\AppData\Roaming\Mozilla\Firefox\Profiles\ckpncn01.default\extensions\firefox@ghostery.com

[2011/05/11 13:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/05/11 15:27:25 | 000,413,408 | ---- | M] () (No name found) -- C:\USERS\PIXELES LIBRES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CKPNCN01.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI

[2012/04/28 23:19:28 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PIXELES LIBRES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CKPNCN01.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/06/13 08:26:34 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\PIXELES LIBRES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CKPNCN01.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI

[2012/06/21 12:59:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/04/28 23:08:12 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012/04/28 23:05:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/04/28 23:05:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\plugins/npDefaultTabSearch.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Pixeles Libres\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: YouTube = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google Search = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: DefaultTab = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.3_0\

CHR - Extension: Gmail = C:\Users\Pixeles Libres\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/06/22 17:00:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [ACPW05EN] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3525391006-1020723365-2236347363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89F81B29-6BC8-4668-A49A-114987D904F5}: NameServer = 209.18.47.61,209.18.47.62

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 17:08:24 | 000,000,000 | R--D | C] -- C:\Users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

[2012/06/23 21:30:56 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/06/23 19:20:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/06/23 19:15:44 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/06/23 16:24:50 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/06/23 16:22:31 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012/06/23 16:22:31 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012/06/23 16:22:31 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012/06/23 16:22:10 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2012/06/23 16:22:10 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2012/06/23 16:22:10 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2012/06/23 16:21:48 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012/06/23 16:21:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012/06/22 20:00:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Pixeles Libres\Desktop\OTL.exe

[2012/06/22 17:33:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2012/06/22 16:53:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/06/22 16:53:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/06/22 16:53:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/06/22 16:53:12 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/06/22 16:52:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/06/22 16:40:25 | 004,565,264 | R--- | C] (Swearware) -- C:\Users\Pixeles Libres\Desktop\ComboFix.exe

[2012/06/21 12:00:21 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Local\{D27F49F9-BE3D-4E4F-B98D-6336B1909080}

[2012/06/21 12:00:04 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Local\{453FB431-1A0F-418B-AF76-C0F23F9E0BD2}

[2012/06/21 11:27:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Pixeles Libres\Desktop\dds.scr

[2012/06/21 10:57:09 | 000,000,000 | ---D | C] -- C:\Users\Pixeles Libres\AppData\Local\Macromedia

[2012/06/13 09:18:04 | 000,327,749 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\drvc.dll

[2012/06/13 09:18:04 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll

[2012/06/13 09:18:03 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax

[2012/06/13 09:18:03 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll

[2012/06/13 09:18:03 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax

[2012/06/13 09:18:03 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax

[2012/06/13 09:18:03 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax

[2012/06/13 09:18:03 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax

[2012/06/13 09:18:03 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll

[2012/06/13 09:18:02 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax

[2012/06/13 09:18:01 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax

[2012/06/13 09:18:01 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax

[2012/06/13 09:18:01 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax

[2012/06/13 09:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab

[2012/06/13 09:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012/06/13 08:32:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/06/13 08:32:22 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/06/13 08:32:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/06/13 08:32:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/06/13 08:32:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/06/13 08:32:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/06/13 08:32:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/06/13 08:32:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/06/13 08:32:18 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/06/13 08:32:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/06/13 08:32:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/06/13 08:32:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/06/13 08:32:17 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/06/13 08:31:14 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/06/13 08:31:09 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/06/13 08:31:08 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/06/13 08:31:08 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2012/06/13 08:30:57 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2012/06/13 08:30:56 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

[2012/06/13 08:30:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2012/06/13 08:30:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll

[2012/06/13 08:30:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe

[2012/06/13 08:30:28 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/06/13 08:30:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

========== Files - Modified Within 30 Days ==========

[2012/06/24 17:08:15 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2012/06/24 17:07:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/24 17:07:36 | 4276,797,438 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/24 11:12:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/24 11:12:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/23 21:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/23 21:35:05 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000UA.job

[2012/06/23 21:35:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000Core.job

[2012/06/23 19:40:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/06/23 19:40:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/06/22 20:01:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Pixeles Libres\Desktop\OTL.exe

[2012/06/22 17:34:33 | 000,001,374 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\Snagit 11.lnk

[2012/06/22 17:00:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/06/22 16:40:31 | 004,565,264 | R--- | M] (Swearware) -- C:\Users\Pixeles Libres\Desktop\ComboFix.exe

[2012/06/22 16:38:37 | 000,881,475 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\SecurityCheck.exe

[2012/06/21 12:56:21 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk

[2012/06/21 11:27:16 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Pixeles Libres\Desktop\dds.scr

[2012/06/21 10:55:32 | 002,296,112 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/21 10:55:32 | 000,701,608 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat

[2012/06/21 10:55:32 | 000,625,722 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat

[2012/06/21 10:55:32 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/21 10:55:32 | 000,137,212 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat

[2012/06/21 10:55:32 | 000,123,890 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat

[2012/06/21 10:55:32 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/13 09:18:05 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk

[2012/06/13 09:14:53 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/06/13 09:11:59 | 000,000,993 | ---- | M] () -- C:\Users\Pixeles Libres\Desktop\PotPlayer x64.lnk

[2012/06/13 08:56:31 | 004,973,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/13 08:50:27 | 000,002,847 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk

[2012/06/02 16:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2012/06/02 16:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012/06/02 16:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012/06/02 16:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2012/06/02 16:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012/06/02 16:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

========== Files Created - No Company Name ==========

[2012/06/23 21:30:31 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000UA.job

[2012/06/23 21:30:31 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3525391006-1020723365-2236347363-1000Core.job

[2012/06/22 17:34:33 | 000,001,374 | ---- | C] () -- C:\Users\Pixeles Libres\Desktop\Snagit 11.lnk

[2012/06/22 16:53:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/06/22 16:53:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/06/22 16:53:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/06/22 16:53:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/06/22 16:53:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/06/22 16:38:33 | 000,881,475 | ---- | C] () -- C:\Users\Pixeles Libres\Desktop\SecurityCheck.exe

[2012/06/13 09:18:03 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax

[2012/06/13 09:18:03 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll

[2012/06/13 09:18:03 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax

[2012/06/13 09:18:02 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax

[2012/06/13 09:18:02 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax

[2012/06/13 09:18:02 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax

[2012/06/13 09:18:01 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax

[2012/06/13 09:18:01 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax

[2012/06/13 09:18:01 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax

[2012/06/13 09:18:01 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax

[2012/06/13 09:14:53 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/06/13 08:50:27 | 000,002,847 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Pro 5.lnk

[2011/05/11 18:34:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/05/11 13:13:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011/05/11 13:13:47 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011/05/11 13:09:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/05/10 18:30:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2011/05/10 18:30:41 | 000,026,612 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/02/22 13:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/02/22 13:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

========== Files - Unicode (All) ==========

[2011/11/08 15:09:16 | 000,004,096 | -H-- | M] ()(C:\._?) -- C:\._

[2011/09/12 11:30:41 | 000,004,096 | -H-- | C] ()(C:\._?) -- C:\._

========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\Windows:

< End of report >

Link to post
Share on other sites

  • Staff

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code

    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    @Alternate Data Stream - 108 bytes -> C:\Windows:
    [2011/11/08 15:09:16 | 000,004,096 | -H-- | M] ()(C:\._?) -- C:\._?
    [2011/09/12 11:30:41 | 000,004,096 | -H-- | C] ()(C:\._?) -- C:\._?
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Link to post
Share on other sites

Hello.

I ran the script but Chrome still brings up the mysearchresults.com (Search Results, LLC) page whenever I open a new tab. Looks like there's nothing I can do about it under Chrome settings either. I did some more research and found two interesting articles about this problem. Here's one, and here's the other one. I don't know if they're legit or not, but the first one gives a method on how to remove it manually. Again, I have not tried it because I don't know if they're for real. Anyway, I thought they might help. What do you think? Thanks so much again, Gringo.

Here's the report from the latest script:

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.

Unable to delete ADS C:\Windows: .

File C:\._? not found.

File C:\._? not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Pixeles Libres\Desktop\cmd.bat deleted successfully.

C:\Users\Pixeles Libres\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Pixeles Libres

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Pixeles Libres

->Flash cache emptied: 798 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.51.0 log created on 06262012_164943

Link to post
Share on other sites

Yes sir, that did it. Thank you so much. Now, before I celebrate in joy, let me ask you a novice question: Should I still be concerned about my computer being infected with malware or virus? Was the problem in Chrome just an isolated aftermath of the initial problem, or was it a problem on its own? I just want to be sure that this Chrome extension didn't just fix the problem in a superficial level, leaving the malware or virus laying somewhere in my computer.

Link to post
Share on other sites

  • Staff

Greetings

it was something that was changed by the virus not that the virus is still there

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

  • Programs to remove
    • StartNow Toolbar 2.0

  • Please download and install
Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe Reader

  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.
    You can download it from
http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
  • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from
here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download
Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware

[*] then click Finish.

[*]If an update is found, it will download and install the latest version.

[*]Once the program has loaded, select Perform quick scan, then click Scan.

[*]When the scan is complete, click OK, then Show Results to view the results.

[*]Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.

[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites

Hi, Gringo.

I did everything on the list.Here are both reports. Just as a note, Malwarebytes reported 1 infected file, but I chose to ignore it because I believe the program CoreTemp it's not really a threat. If I'm mistaken, please let me know, but according to the developers, most anti-virus and anti-malware programs will detect it as a threat.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.28.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Pixeles Libres :: PIXELESLIBRES [administrator]

6/28/2012 4:28:39 AM

mbam-log-2012-06-28 (04-34-29).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209029

Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Pixeles Libres\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> No action taken.

(end)

=======================================================================

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:39:32 AM, on 6/28/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe

C:\Users\Pixeles Libres\Desktop\Stuff\Snagit 11.0.1.93 Portable\Snagit 11.exe

C:\Users\Pixeles Libres\Desktop\Stuff\Snagit 11.0.1.93 Portable\Snagit 11.exe

C:\Users\Pixeles Libres\Desktop\Stuff\Snagit 11.0.1.93 Portable\Snagit 11.exe

C:\Users\Pixeles Libres\Desktop\Stuff\Snagit 11.0.1.93 Portable\Snagit 11 Editor.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Pixeles Libres\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.daum.net/search?nil_profile=ie&ref_code=ms&q=%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Google Update] "C:\Users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{89F81B29-6BC8-4668-A49A-114987D904F5}: NameServer = 209.18.47.61,209.18.47.62

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mediafour M4LIC service (M4LIC) - Mediafour Corporation - C:\Program Files (x86)\Common Files\Mediafour\M4LIC.EXE

O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11747 bytes

============================================

Thanks again.

Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):


    • O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [ACPW05EN] "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [Google Update] "C:\Users\Pixeles Libres\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe

    [*] Close all open windows and browsers/email, etc...

    [*] Click on the "Fix Checked" button

    [*] When completed, close the application.

    • NOTE**You can research each of those lines
    >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the ActiveX control to install

    • Click Start

    [*]Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]Wait for the scan to finish

    [*] Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Hi, Gringo.

I'm sorry for my late reply. I started following your instructions on your latest post, but when I begun the Eset online scanning, it look like it was going to take more than a couple of hours to complete. Since I had to leave town for the weekend, I didn't want to leave my computre running all that time. Anyway, I removed the start-up entries, and this is what the scan came up with:

C:\Users\Pixeles Libres\AppData\Roaming\OpenCandy\OpenCandy_038F1A986C7045EDB02975550DE4C5B2\GameHouseSupercollapse3_p1v6.exe Win32/OpenCandy application

C:\Users\Pixeles Libres\Desktop\Stuff\Riot-setup.zip Win32/OpenCandy application

C:\Users\Pixeles Libres\Desktop\Stuff\ImTOO.Video.Joiner.2.0.1.Build.0111\video-joiner2.exe Win32/Toolbar.Zugo application

C:\Users\Pixeles Libres\Downloads\adlsoft_uncompressor_3_3_last.exe Win32/Toolbar.Zugo application

C:\Users\Pixeles Libres\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ application

C:\Users\Pixeles Libres\Downloads\MediaInfo_GUI_0.7.47_Windows_x64.exe Win32/OpenCandy application

C:\Users\Pixeles Libres\Downloads\SUPERsetup (1).exe Win32/OpenCandy application

Thanks again.

Link to post
Share on other sites

  • Staff

Hello

There are some minor things in your online scan that should be removed.

delete files

  • Copy all text in the quote box (below)...to Notepad.
    @echo off
    REM: Remove Directory and all sub-directories and files
    rd /s /q "C:\Program Files\Bad\"
    rd /s /q "C:\Program Files\BadDir01\"
    REM: Delete specific files within a Directory
    del /f /s /q "C:\WINDOWS\badfile.exel"
    del /f /s /q "C:\WINDOWS\badfile.dll"
    del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites

Hi, Gringo.

Upon running the delfile.bat file, there was a message in the command line that read something like "Could not find the file directory that was specified". When I saw this, I came back to FF to let you know. A couple of seconds later the window had disappeared, and the bat file was gone from my desktop. Not sure if this is something that I should be concerned about or not. All other tasks in your post were executed as you instructed.

I can't thank you enough for all the incredible help you've provided. You are a good man, Gringo, and you know your stuff very well. My hat goes off to you.

I just want to ask you one more thing, if you don't mind. In your post you mention Microsoft Security Essentials. As you know, I currently use ESET NOD32 Antivirus. Would it be wise for me to switch to MSE and get rid of ESET? Would that just be a matter of preference, or does one do a better job than the other? Thanks again.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.