manok

Infected with psw.onlinegames4.algt

30 posts in this topic

avg says im infected with psw.onlinegames4.algt but it cant remove it I also get random adds in box lower right corner when browsing and email account hacked sends random adds every other day , please help thanks in advance

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/8/2010 5:36:04 PM

System Uptime: 6/12/2013 5:24:01 AM (10 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3

Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz | Socket 1156 | 1173/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 931 GiB total, 717.342 GiB free.

D: is CDROM ()

F: is FIXED (NTFS) - 466 GiB total, 218.922 GiB free.

G: is Removable

Y: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: Compact Flash

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&1C4905A4&0&058F63646476&1#

Manufacturer: Generic-

Name: F:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&1C4905A4&0&058F63646476&1#

Service: WUDFRd

.

Class GUID:

Description: Marvell 91xx Config ATA Device

Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&379EA885&0&1.1.0

Manufacturer:

Name: Marvell 91xx Config ATA Device

PNP Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&379EA885&0&1.1.0

Service:

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: SD/MMC

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#7&1C4905A4&0&058F63646476&0#

Manufacturer: Generic-

Name: E:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#7&1C4905A4&0&058F63646476&0#

Service: WUDFRd

.

==== System Restore Points ===================

.

RP478: 6/7/2013 9:12:20 AM - Scheduled Checkpoint

RP479: 6/12/2013 5:17:56 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

ACDSee Pro 3

ACDSee Pro 6

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 ActiveX 64-bit

Adobe Media Player

Adobe Photoshop CS5

Adobe Photoshop Elements 9

Adobe Photoshop.com Inspiration Browser

Adobe Reader XI (11.0.02)

Akamai NetSession Interface

Akamai NetSession Interface Service

Aleks 3.15

Anti-phishing Domain Advisor

Any Video Converter 3.1.5

AnyDVD

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2013

AVG SafeGuard toolbar

Bonjour

Canon Utilities ImageBrowser EX

Collectorz.com Movie Collector

CyberLink PhotoDirector 4

CyberLink PowerDirector

CyberLink PowerDirector 11

CyberLink WaveEditor

D3DX10

Diamond One Touch Video Capture Software

Diamond VC500 WinXPVista7 Installation

Dropbox

DVD-Cloner V10.00 Build 1201

DVDFab 8.2.0.7 (25/08/2012) Qt

DVDFab 9.0.1.6 (14/12/2012) Qt

Elements 9 Organizer

Elements STI Installer

Firebird SQL Server - MAGIX Edition

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP webOS® Doctor™ Build 71.68, webOS 3.0.2

ImgBurn

iTunes

Java Auto Updater

Java™ 6 Update 32

Junk Mail filter update

LessTabs

MAGIX 3D Maker (embedded MSI)

MAGIX Online Print Service

MAGIX PhotoStory on CD & DVD 9 deluxe Download Version

MAGIX Screenshare

MAGIX Speed 2 (MSI)

MAGIX Xtreme Photo Designer 6

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Report Viewer Redistributable 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime v1.0 (x86)

Microsoft Sync Framework Services v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Movie Collector

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

MyFreeCodec

Newblue Art Effects for PowerDirector

Nitro Pro 8

Novacomd

Nuance OmniPage 18

One Touch Video Capture

PDF Settings CS5

Photodex Presenter

Picture Collage Maker Pro 2.4.6

Picture Cutout Guide Lite 2.0.2

ProShow Producer

QuickTime

Renesas Electronics USB 3.0 Host Controller Driver

ResumeMaker

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

SmartSound Quicktracks 5

SpeedFan (remove only)

Spybot - Search & Destroy

SyncToy 2.0 (x86)

Ten Thumbs 4.7

The Ultimate Troubleshooter

Transfer Utility

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wmniper

TurboTax 2010 wmsiper

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wmniper

TurboTax 2011 wmsiper

TurboTax 2011 wrapper

TurboTax 2012

TurboTax 2012 WinPerFedFormset

TurboTax 2012 WinPerReleaseEngine

TurboTax 2012 WinPerTaxSupport

TurboTax 2012 wmniper

TurboTax 2012 wrapper

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC500 Driver

Vegas Pro 9.0 (64-bit)

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 1.1.11

Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

WinZip 14.5

Xara Designer Pro 7

Xilisoft Video Converter Ultimate 6

Yahoo! BrowserPlus 2.9.8

.

==== Event Viewer Messages From Past Week ========

.

6/8/2013 10:36:18 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

6/12/2013 5:25:35 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

6/12/2013 5:25:35 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

6/12/2013 5:25:35 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

6/12/2013 5:24:47 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

6/12/2013 5:24:25 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

6/12/2013 5:24:25 AM, Error: atikmdag [43029] - Display is not active

6/12/2013 2:58:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/8/2010 5:36:04 PM

System Uptime: 6/12/2013 5:24:01 AM (10 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3

Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz | Socket 1156 | 1173/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 931 GiB total, 717.342 GiB free.

D: is CDROM ()

F: is FIXED (NTFS) - 466 GiB total, 218.922 GiB free.

G: is Removable

Y: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: Compact Flash

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&1C4905A4&0&058F63646476&1#

Manufacturer: Generic-

Name: F:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#7&1C4905A4&0&058F63646476&1#

Service: WUDFRd

.

Class GUID:

Description: Marvell 91xx Config ATA Device

Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&379EA885&0&1.1.0

Manufacturer:

Name: Marvell 91xx Config ATA Device

PNP Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\6&379EA885&0&1.1.0

Service:

.

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}

Description: SD/MMC

Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#7&1C4905A4&0&058F63646476&0#

Manufacturer: Generic-

Name: E:\

PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#7&1C4905A4&0&058F63646476&0#

Service: WUDFRd

.

==== System Restore Points ===================

.

RP478: 6/7/2013 9:12:20 AM - Scheduled Checkpoint

RP479: 6/12/2013 5:17:56 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20

ACDSee Pro 3

ACDSee Pro 6

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 ActiveX 64-bit

Adobe Media Player

Adobe Photoshop CS5

Adobe Photoshop Elements 9

Adobe Photoshop.com Inspiration Browser

Adobe Reader XI (11.0.02)

Akamai NetSession Interface

Akamai NetSession Interface Service

Aleks 3.15

Anti-phishing Domain Advisor

Any Video Converter 3.1.5

AnyDVD

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2013

AVG SafeGuard toolbar

Bonjour

Canon Utilities ImageBrowser EX

Collectorz.com Movie Collector

CyberLink PhotoDirector 4

CyberLink PowerDirector

CyberLink PowerDirector 11

CyberLink WaveEditor

D3DX10

Diamond One Touch Video Capture Software

Diamond VC500 WinXPVista7 Installation

Dropbox

DVD-Cloner V10.00 Build 1201

DVDFab 8.2.0.7 (25/08/2012) Qt

DVDFab 9.0.1.6 (14/12/2012) Qt

Elements 9 Organizer

Elements STI Installer

Firebird SQL Server - MAGIX Edition

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP webOS® Doctor™ Build 71.68, webOS 3.0.2

ImgBurn

iTunes

Java Auto Updater

Java™ 6 Update 32

Junk Mail filter update

LessTabs

MAGIX 3D Maker (embedded MSI)

MAGIX Online Print Service

MAGIX PhotoStory on CD & DVD 9 deluxe Download Version

MAGIX Screenshare

MAGIX Speed 2 (MSI)

MAGIX Xtreme Photo Designer 6

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Report Viewer Redistributable 2005

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime v1.0 (x86)

Microsoft Sync Framework Services v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Movie Collector

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

MyFreeCodec

Newblue Art Effects for PowerDirector

Nitro Pro 8

Novacomd

Nuance OmniPage 18

One Touch Video Capture

PDF Settings CS5

Photodex Presenter

Picture Collage Maker Pro 2.4.6

Picture Cutout Guide Lite 2.0.2

ProShow Producer

QuickTime

Renesas Electronics USB 3.0 Host Controller Driver

ResumeMaker

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

SmartSound Quicktracks 5

SpeedFan (remove only)

Spybot - Search & Destroy

SyncToy 2.0 (x86)

Ten Thumbs 4.7

The Ultimate Troubleshooter

Transfer Utility

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wmniper

TurboTax 2010 wmsiper

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wmniper

TurboTax 2011 wmsiper

TurboTax 2011 wrapper

TurboTax 2012

TurboTax 2012 WinPerFedFormset

TurboTax 2012 WinPerReleaseEngine

TurboTax 2012 WinPerTaxSupport

TurboTax 2012 wmniper

TurboTax 2012 wrapper

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC500 Driver

Vegas Pro 9.0 (64-bit)

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 1.1.11

Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

WinZip 14.5

Xara Designer Pro 7

Xilisoft Video Converter Ultimate 6

Yahoo! BrowserPlus 2.9.8

.

==== Event Viewer Messages From Past Week ========

.

6/8/2013 10:36:18 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

6/12/2013 5:25:35 AM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

6/12/2013 5:25:35 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

6/12/2013 5:25:35 AM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

6/12/2013 5:24:47 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

6/12/2013 5:24:25 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

6/12/2013 5:24:25 AM, Error: atikmdag [43029] - Display is not active

6/12/2013 2:58:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Welcome to the forum. Can you post the DDS log.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and
Please don't waste my time by leaving before that
.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Share this post


Link to post
Share on other sites

here is my log thank u for your help and time

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : claire [Admin rights]

Mode : Scan -- Date : 06/13/2013 08:35:57

| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [7] -> KILLED [TermProc]

[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\claire\AppData\Local\{8868A0A9-EC45-4C07-ADFD-B4127394B1D9}\{04871419-1710-4DE9-B41D-5A1CC0D30D2B}\ipjbcpjp.dll [x] -> KILLED [TermProc]

[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\claire\AppData\Local\DirectShow\yvgvfvlj.dll [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 26 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Cyberlink (rundll32 "C:\Users\claire\AppData\Local\Diagnostics\Cyberlink\mmuoa.dll",srWrapperVideoInitW) [x] -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : {04871419-1710-4DE9-B41D-5A1CC0D30D2B} (rundll32 "C:\Users\claire\AppData\Local\{8868A0A9-EC45-4C07-ADFD-B4127394B1D9}\{04871419-1710-4DE9-B41D-5A1CC0D30D2B}\ipjbcpjp.dll",DllRegisterServer) [-] -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : DirectShow (Rundll32.exe C:\Users\claire\AppData\Local\DirectShow\yvgvfvlj.dll,_DllMain@12) [x] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1024692414-803969711-3360781052-1001[...]\Run : Cyberlink (rundll32 "C:\Users\claire\AppData\Local\Diagnostics\Cyberlink\mmuoa.dll",srWrapperVideoInitW) [x] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1024692414-803969711-3360781052-1001[...]\Run : {04871419-1710-4DE9-B41D-5A1CC0D30D2B} (rundll32 "C:\Users\claire\AppData\Local\{8868A0A9-EC45-4C07-ADFD-B4127394B1D9}\{04871419-1710-4DE9-B41D-5A1CC0D30D2B}\ipjbcpjp.dll",DllRegisterServer) [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1024692414-803969711-3360781052-1001[...]\Run : DirectShow (Rundll32.exe C:\Users\claire\AppData\Local\DirectShow\yvgvfvlj.dll,_DllMain@12) [x] -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") [7] -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 : (C:\Users\claire\AppData\Local\Temp\svjsicp\sirryuw\wow64.dll) [x] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-1024692414-803969711-3360781052-1001\$2134ae87ea29dd4454856db3060689a4\n [-] --> FOUND

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1024692414-803969711-3360781052-1001\$2134ae87ea29dd4454856db3060689a4\@ [-] --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1024692414-803969711-3360781052-1001\$2134ae87ea29dd4454856db3060689a4\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1024692414-803969711-3360781052-1001\$2134ae87ea29dd4454856db3060689a4\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++

--- User ---

[MBR] c3e4a8d0e644afcaf93cac0cc2021cd1

[bSP] f577c2deec1de1d51ee7973c8c4cf415 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Seagate FreeAgent USB Device +++++

--- User ---

[MBR] edcb9eebffb0f68739f7afa21337fb06

[bSP] f9cd422792b94100f8cb845a6a7c9835 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2]_S_06132013_02d0835.txt >>

RKreport[1]_S_06132013_02d0833.txt ; RKreport[2]_S_06132013_02d0835.txt

Share this post


Link to post
Share on other sites

Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan also.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKCU\[...]\Run : Cyberlink (rundll32 "C:\Users\claire\AppData\Local\Diagnostics\Cyberlink\mmuoa.dll",srWrapperVideoInitW) [x] -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : {04871419-1710-4DE9-B41D-5A1CC0D30D2B} (rundll32 "C:\Users\claire\AppData\Local\{8868A0A9-EC45-4C07-ADFD-B4127394B1D9}\{04871419-1710-4DE9-B41D-5A1CC0D30D2B}\ipjbcpjp.dll",DllRegisterServer) [-] -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : DirectShow (Rundll32.exe C:\Users\claire\AppData\Local\DirectShow\yvgvfvlj.dll,_DllMain@12) [x] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1024692414-803969711-3360781052-1001[...]\Run : Cyberlink (rundll32 "C:\Users\claire\AppData\Local\Diagnostics\Cyberlink\mmuoa.dll",srWrapperVideoInitW) [x] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1024692414-803969711-3360781052-1001[...]\Run : {04871419-1710-4DE9-B41D-5A1CC0D30D2B} (rundll32 "C:\Users\claire\AppData\Local\{8868A0A9-EC45-4C07-ADFD-B4127394B1D9}\{04871419-1710-4DE9-B41D-5A1CC0D30D2B}\ipjbcpjp.dll",DllRegisterServer) [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1024692414-803969711-3360781052-1001[...]\Run : DirectShow (Rundll32.exe C:\Users\claire\AppData\Local\DirectShow\yvgvfvlj.dll,_DllMain@12) [x] -> FOUND

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") [7] -> FOUND

[HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 : (C:\Users\claire\AppData\Local\Temp\svjsicp\sirryuw\wow64.dll) [x] -> FOUND

Now click Delete on the right hand column under Options

--------------------------

Next click on the Files tab and put a check next to these and uncheck the rest. (if found)

[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-1024692414-803969711-3360781052-1001\$2134ae87ea29dd4454856db3060689a4\n [-] --> FOUND

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1024692414-803969711-3360781052-1001\$2134ae87ea29dd4454856db3060689a4\@ [-] --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1024692414-803969711-3360781052-1001\$2134ae87ea29dd4454856db3060689a4\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1024692414-803969711-3360781052-1001\$2134ae87ea29dd4454856db3060689a4\L --> FOUND

Now click Delete on the right hand column under Options

-------------

Last:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Share this post


Link to post
Share on other sites

here is the logs I am still getting the add pop up in small box lower right corner

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.13.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16614

claire :: CLAIRE-PC [administrator]

6/13/2013 11:25:22 AM

mbar-log-2013-06-13 (11-25-22).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 256691

Time elapsed: 14 minute(s), 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16614

Java version: 1.6.0_32

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 2.798000 GHz

Memory total: 4290240512, free: 1692717056

Downloaded database version: v2013.06.13.06

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

06/13/2013 10:47:27

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\SysWOW64\speedfan.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx64.sys

\SystemRoot\system32\DRIVERS\avgloga.sys

\SystemRoot\system32\DRIVERS\avgmfx64.sys

\SystemRoot\system32\DRIVERS\avgidsha.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\Windows\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\avgtdia.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\Drivers\ElbyCDIO.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avgldx64.sys

\SystemRoot\system32\DRIVERS\avgidsdrivera.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\AnyDVD.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\system32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\DRIVERS\udfs.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\drivers\mrxdav.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR5

Upper Device Object: 0xfffffa8005a44060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007e\

Lower Device Object: 0xfffffa8005a35060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa8005a43060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007d\

Lower Device Object: 0xfffffa8005a40060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa8005a42060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007c\

Lower Device Object: 0xfffffa8005a60a20

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8005a41060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007b\

Lower Device Object: 0xfffffa8005a10b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8005a26790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000076\

Lower Device Object: 0xfffffa8005a26060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004721790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-6\

Lower Device Object: 0xfffffa800419d060

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004721790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80047212c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004721790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004132e40, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa800419d060, DeviceName: \Device\Ide\IdeDeviceP5T0L0-6\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CC891FE7

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 1953314816

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8005a26790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80059e19d0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005a26790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005a26060, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D4C353E6

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 976768002

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Done!

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8005a41060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005a41b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005a41060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005a10b60, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa8005a42060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005a42b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005a42060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005a60a20, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa8005a43060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005a43b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005a43060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005a40060, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 5, DevicePointer: 0xfffffa8005a44060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005a44b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005a44060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8005a35060, DeviceName: \Device\0000007e\, DriverName: \Driver\USBSTOR\

------------ End ----------

Read File: File "c:\programdata\avg2013\chjw\36f4e77bf4e73bad.dat:1299654d-491d-422d-8952-e9001b5c316d" is sparse (flags = 32768)

Read File: File "c:\programdata\avg2013\chjw\6ad4d46ad4d43a51.dat:55170d77-5572-4b03-b803-6753970abc03" is sparse (flags = 32768)

Infected: c:\Users\claire\AppData\Local\Temp\msimg32.dll --> [Malware.Packer.WT]

Infected: c:\$RECYCLE.BIN\S-1-5-21-1024692414-803969711-3360781052-1001\$R2CF94C5E --> [Malware.Packer.WT]

Infected: c:\Users\claire\AppData\Local\Temp\scsprpv\scjhmkb\wow64.dll --> [Rootkit.0Access]

Infected: c:\$RECYCLE.BIN\S-1-5-21-1024692414-803969711-3360781052-1001\$2134ae87ea29dd4454856db3060689a4 --> [Trojan.Siredef.C]

Scan finished

Creating System Restore point...

Cleaning up...

Executing an action fixdamage.exe...

Success!

Queuing an action fixdamage.exe

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16614

Java version: 1.6.0_32

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 2.798000 GHz

Memory total: 4290240512, free: 2193096704

Initializing...

------------ Kernel report ------------

06/13/2013 11:25:19

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\SysWOW64\speedfan.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx64.sys

\SystemRoot\system32\DRIVERS\avgloga.sys

\SystemRoot\system32\DRIVERS\avgmfx64.sys

\SystemRoot\system32\DRIVERS\avgidsha.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\Windows\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\avgtdia.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\Drivers\ElbyCDIO.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avgldx64.sys

\SystemRoot\system32\DRIVERS\avgidsdrivera.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\AnyDVD.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\system32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\drivers\spsys.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR5

Upper Device Object: 0xfffffa8005808060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007d\

Lower Device Object: 0xfffffa80057f5660

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa8005807060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007c\

Lower Device Object: 0xfffffa80057f5060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa800580b060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007b\

Lower Device Object: 0xfffffa80057f5b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8005806060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007a\

Lower Device Object: 0xfffffa80057fbb60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa80057cf060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000075\

Lower Device Object: 0xfffffa80057e2060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800473a790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-6\

Lower Device Object: 0xfffffa8004268680

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800473a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800473a2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800473a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004161e40, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8004268680, DeviceName: \Device\Ide\IdeDeviceP5T0L0-6\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: CC891FE7

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 1953314816

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa80057cf060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80057cf910, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80057cf060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80057e2060, DeviceName: \Device\00000075\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: D4C353E6

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 976768002

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Done!

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8005806060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005806b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005806060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80057fbb60, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa800580b060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800580bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800580b060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80057f5b60, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa8005807060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005807b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005807060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80057f5060, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 5, DevicePointer: 0xfffffa8005808060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8005808b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8005808060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80057f5660, DeviceName: \Device\0000007d\, DriverName: \Driver\USBSTOR\

------------ End ----------

Read File: File "c:\programdata\avg2013\chjw\36f4e77bf4e73bad.dat:1299654d-491d-422d-8952-e9001b5c316d" is sparse (flags = 32768)

Read File: File "c:\programdata\avg2013\chjw\6ad4d46ad4d43a51.dat:55170d77-5572-4b03-b803-6753970abc03" is sparse (flags = 32768)

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...

Removal finished

Share this post


Link to post
Share on other sites

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

here is the combofix file thanks again

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4091.2232 [GMT -5:00]

Running from: c:\users\claire\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - Windows: deleted 192 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\claire\AppData\Roaming\inst.exe

c:\windows\SysWow64\muzapp.exe

.

---- Previous Run -------

.

c:\programdata\Microsoft\Windows\DRM\86CD.tmp

c:\programdata\Microsoft\Windows\DRM\86CE.tmp

c:\users\claire\AppData\Local\Diagnostics\Cyberlink\mmuoa.dll

c:\users\claire\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll

c:\users\claire\AppData\Roaming\Duov\ryymq.rou

c:\users\claire\AppData\Roaming\Microsoft\Windows\Recent\DVDFab Passkey.url

c:\users\claire\AppData\Roaming\Microsoft\Windows\Recent\DVDFab.url

c:\users\claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk

c:\users\claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk

c:\windows\svchost.exe

c:\windows\SysWow64\System32\MASetupCleaner.exe

c:\windows\SysWow64\System32\muzapp.exe

F:\Autorun.inf

F:\Setup.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-05-14 to 2013-06-14 )))))))))))))))))))))))))))))))

.

.

2013-06-14 02:01 . 2013-06-14 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-14 01:23 . 2013-06-14 01:24 -------- d-----w- c:\program files (x86)\ERUNT

2013-06-13 15:47 . 2013-06-13 23:42 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-13 07:40 . 2013-06-13 07:58 -------- d-----w- c:\users\claire\AppData\Local\DirectShow

2013-06-12 10:18 . 2013-05-17 01:25 1767936 ----a-w- c:\windows\SysWow64\wininet.dll

2013-06-12 10:18 . 2013-05-17 01:25 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-06-12 10:18 . 2013-05-17 00:59 2241024 ----a-w- c:\windows\system32\wininet.dll

2013-06-12 10:18 . 2013-05-17 00:58 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-06-12 10:18 . 2013-05-17 00:58 53248 ----a-w- c:\windows\system32\jsproxy.dll

2013-06-12 10:18 . 2013-05-17 00:58 15404544 ----a-w- c:\windows\system32\ieframe.dll

2013-06-12 10:18 . 2013-05-17 00:58 19233792 ----a-w- c:\windows\system32\mshtml.dll

2013-06-05 18:46 . 2013-06-05 19:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-06-05 18:46 . 2013-06-05 18:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2013-05-21 19:08 . 2013-05-21 19:08 -------- d-----w- c:\program files (x86)\LessTabs

2013-05-21 19:07 . 2013-05-21 19:11 -------- d-----w- c:\users\claire\AppData\Roaming\Paint.NET.3.5.10.Install

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-06-12 10:19 . 2010-08-09 00:38 75825640 ----a-w- c:\windows\system32\MRT.exe

2013-05-20 23:04 . 2013-04-02 18:33 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-05-10 08:21 . 2013-05-10 08:21 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-05-10 08:21 . 2013-05-10 08:21 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-05-10 08:21 . 2013-05-10 08:21 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-05-10 08:21 . 2013-05-10 08:21 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-05-10 08:21 . 2013-05-10 08:21 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-05-10 08:21 . 2013-05-10 08:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-05-10 08:21 . 2013-05-10 08:21 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-05-10 08:21 . 2013-05-10 08:21 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-05-10 08:21 . 2013-05-10 08:21 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-05-10 08:21 . 2013-05-10 08:21 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-05-10 08:21 . 2013-05-10 08:21 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-05-10 08:21 . 2013-05-10 08:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-05-10 08:21 . 2013-05-10 08:21 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-05-10 08:21 . 2013-05-10 08:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-05-10 08:21 . 2013-05-10 08:21 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-05-10 08:21 . 2013-05-10 08:21 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-05-10 08:21 . 2013-05-10 08:21 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-05-10 08:21 . 2013-05-10 08:21 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-05-10 08:21 . 2013-05-10 08:21 81408 ----a-w- c:\windows\system32\icardie.dll

2013-05-10 08:21 . 2013-05-10 08:21 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-05-10 08:21 . 2013-05-10 08:21 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-05-10 08:21 . 2013-05-10 08:21 441856 ----a-w- c:\windows\system32\html.iec

2013-05-10 08:21 . 2013-05-10 08:21 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-05-10 08:21 . 2013-05-10 08:21 216064 ----a-w- c:\windows\system32\msls31.dll

2013-05-10 08:21 . 2013-05-10 08:21 197120 ----a-w- c:\windows\system32\msrating.dll

2013-05-10 08:21 . 2013-05-10 08:21 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-05-10 08:21 . 2013-05-10 08:21 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-05-10 08:21 . 2013-05-10 08:21 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-05-10 08:21 . 2013-05-10 08:21 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-05-10 08:21 . 2013-05-10 08:21 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-05-10 08:21 . 2013-05-10 08:21 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-05-10 08:21 . 2013-05-10 08:21 235008 ----a-w- c:\windows\system32\url.dll

2013-05-10 08:21 . 2013-05-10 08:21 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-05-10 08:21 . 2013-05-10 08:21 144896 ----a-w- c:\windows\system32\wextract.exe

2013-05-10 08:21 . 2013-05-10 08:21 102912 ----a-w- c:\windows\system32\inseng.dll

2013-05-10 08:21 . 2013-05-10 08:21 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-05-10 08:21 . 2013-05-10 08:21 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-05-10 08:21 . 2013-05-10 08:21 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-05-10 08:21 . 2013-05-10 08:21 149504 ----a-w- c:\windows\system32\occache.dll

2013-05-10 08:21 . 2013-05-10 08:21 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-05-10 08:21 . 2013-05-10 08:21 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-05-10 08:21 . 2013-05-10 08:21 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-05-10 08:21 . 2013-05-10 08:21 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-05-10 08:21 . 2013-05-10 08:21 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-05-10 08:21 . 2013-05-10 08:21 13824 ----a-w- c:\windows\system32\mshta.exe

2013-05-10 08:21 . 2013-05-10 08:21 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-05-10 08:21 . 2013-05-10 08:21 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-05-10 08:21 . 2013-05-10 08:21 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-05-10 08:21 . 2013-05-10 08:21 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-05-02 20:12 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-04-25 13:44 . 2013-04-25 13:44 142424 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys

2013-04-25 13:44 . 2013-04-25 13:44 142424 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

2013-04-25 01:33 . 2013-04-25 01:33 97176 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll

2013-04-13 05:49 . 2013-05-15 23:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 23:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 23:53 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 23:53 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 23:53 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 23:53 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-23 23:07 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 19:50 . 2012-12-18 07:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-29 07:53 . 2013-03-29 07:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-03-21 08:08 . 2013-03-21 08:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2013-03-20 08:07 . 2013-03-29 17:39 233472 ----a-w- c:\windows\SysWow64\FsUsbExService.Exe

2013-03-20 08:07 . 2013-03-29 17:39 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sys

2013-03-20 08:07 . 2013-03-29 17:39 37344 ----a-w- c:\windows\SysWow64\FsUsbExDisk.Sy_

2013-03-19 06:04 . 2013-04-10 06:27 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 06:26 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 06:26 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 06:26 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 06:26 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 06:26 112640 ----a-w- c:\windows\system32\smss.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-05-20 23:04 1991344 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll" [2013-05-20 1991344]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\claire\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\claire\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\claire\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Device Detector"="DevDetect.exe -autorun" [X]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-08 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Akamai NetSession Interface"="c:\users\claire\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-03-28 310640]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-03-28 1106288]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-03-28 1511792]

"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2013-04-27 94296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]

"OmniPage Preload"="c:\program files (x86)\Nuance\OmniPage18\OmniPage18.exe" [2011-08-15 1892200]

"ACPW06EN"="c:\program files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" [2012-11-14 1133176]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]

"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-05-20 1226928]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2012-01-10 247968]

.

c:\users\claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\claire\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2012-12-3 69120]

Transfer Utility Camera Monitor.lnk - c:\program files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe [2012-12-2 376176]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 U6000ALL;HDTV110 TV Box(ALL);c:\windows\system32\DRIVERS\dmdcap.sys;c:\windows\SYSNATIVE\DRIVERS\dmdcap.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]

S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [x]

S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]

S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-06 01:07 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-08 23:53]

.

2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-08 23:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\claire\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\claire\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\claire\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\claire\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-OpAgent - OpAgent.exe

Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-31143790.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

AddRemove-HP webOS® Doctor Build 71.68, webOS 3.0.2 - c:\windows\system32\javaws.exe

.

.

"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z

[\]^_®\00\00®\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~®\00\00®\00\00\00\00m\00\00\00\00\00\00\00‘’“"

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:42,87,0f,5a,54,1d,cd,01

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.032"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.abr"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ani"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.apd"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.arw"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.bay"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.bmp"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.bw"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.cr2"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.crw"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.cs1"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.cur"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dcr"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dcx"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dib"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.djv"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.djvu"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dng"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.emf"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.eps"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.erf"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.fff"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.fpx"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.gif"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.hdr"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.icl"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.icn"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.ico.15.4"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.iff"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ilbm"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.int"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.inta"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.iw4"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.j2c"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.j2k"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jbr"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jfif"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jif"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jp2"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpc"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpe"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpeg"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpg"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpk"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpx"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.kdc"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.lbm"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.mef"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.mos"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.mrw"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.nef"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.nrw"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.orf"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pbm"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pbr"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pcd"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pct"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pcx"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pef"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pgm"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pic"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pict"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pix"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.png"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ppm"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.psd"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.psp"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pspbrush"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pspimage"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.raf"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ras"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.raw"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rgb"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rgba"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rle"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rsb"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rw2"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rwl"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.sgi"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.sr2"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.srf"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 6.srw"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.tga"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.thm"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.tif"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.tiff"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ttc"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ttf"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.v30po"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.v30pp"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.v30ppf"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60po\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 6.v60po"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60pp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 6.v60pp"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v60ppf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 6.v60ppf"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.wbm"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.wbmp"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.wmf"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xbm"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (S-1-5-21-1024692414-803969711-3360781052-1001)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xif"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 6.xmp"

.

[HKEY_USERS\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xpm"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-13 21:06:19

ComboFix-quarantined-files.txt 2013-06-14 02:06

.

Pre-Run: 820,679,925,760 bytes free

Post-Run: 828,978,913,280 bytes free

.

- - End Of File - - C8FE60025AC5B31A30BEF318B777B8F2

Share this post


Link to post
Share on other sites

Some extra instructions got copied when I posted the instructions to run ComboFix, I have removed them.

Next:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Share this post


Link to post
Share on other sites

here it is comp seems to be better haven't got the random adds yet

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 21:46:23

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : claire - CLAIRE-PC

# Boot Mode : Normal

# Running from : C:\Users\claire\Desktop\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\ProgramData\Anti-phishing Domain Advisor

Folder Found : C:\ProgramData\APN

Folder Found : C:\ProgramData\blekko toolbars

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\claire\AppData\LocalLow\AVG Security Toolbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

Key Found : HKCU\Software\AVG Security Toolbar

Key Found : HKCU\Software\IGearSettings

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\jZip

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\InstallIQ

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKU\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKU\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKU\S-1-5-21-1024692414-803969711-3360781052-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\claire\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8224 octets] - [13/06/2013 21:46:23]

########## EOF - C:\AdwCleaner[R1].txt - [8284 octets] ##########

Share this post


Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Reboot and let me know how it is.....MrC (Be back in the AM)

Share this post


Link to post
Share on other sites

here is the new log

# AdwCleaner v2.303 - Logfile created 06/13/2013 at 22:17:53

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : claire - CLAIRE-PC

# Boot Mode : Normal

# Running from : C:\Users\claire\Desktop\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor

Folder Deleted : C:\ProgramData\APN

Folder Deleted : C:\ProgramData\blekko toolbars

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\claire\AppData\LocalLow\AVG Security Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

Key Deleted : HKCU\Software\AVG Security Toolbar

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\jZip

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\Software\InstallIQ

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\claire\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8331 octets] - [13/06/2013 21:46:23]

AdwCleaner[R2].txt - [8170 octets] - [13/06/2013 22:17:37]

AdwCleaner[s1].txt - [7828 octets] - [13/06/2013 22:17:53]

########## EOF - C:\AdwCleaner[s1].txt - [7888 octets] ##########

Share this post


Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Share this post


Link to post
Share on other sites

good morning the adds are back in lower right corner when downloading security ck it popped up esults of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG AntiVirus Free Edition 2013

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.75.0.1300

Java 6 Update 32

Java version out of Date!

Adobe Reader XI

Google Chrome 27.0.1453.110

Google Chrome 27.0.1453.94

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Spybot Teatimer.exe is disabled!

AVG avgwdsvc.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Please download and run CCleaner to clean out temp files:

http://www.piriform.com/ccleaner <---download

http://www.howtogeek...-9-tips-tricks/ <---CCleaner tutorial

Then.........

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

MrC

Share this post


Link to post
Share on other sites

would not let me post results said to long all df the log above this was empty folders

umping contents of C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aadbdadadgdcdjdfgcgcgbdjdeggdage

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aagfgcdidddjdggedadgdddddbgddbgd

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aaggdadcddgfdjdjgcggggdjdegfgdgb

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aadbdadadgdcdjdfgcgcgbdjdeggdage\background.html

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aadbdadadgdcdjdfgcgcgbdjdeggdage\background.js

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aadbdadadgdcdjdfgcgcgbdjdeggdage\ContentScript.js

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aadbdadadgdcdjdfgcgcgbdjdeggdage\manifest.json

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aagfgcdidddjdggedadgdddddbgddbgd\background.js

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aagfgcdidddjdggedadgdddddbgddbgd\ContentScript.js

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aagfgcdidddjdggedadgdddddbgddbgd\manifest.json

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aaggdadcddgfdjdjgcggggdjdegfgdgb\background.html

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aaggdadcddgfdjdjgcggggdjdegfgdgb\ContentScript.js

C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default\aaggdadcddgfdjdjgcggggdjdegfgdgb\manifest.json

Successfully deleted: [Folder] C:\Users\claire\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 06/14/2013 at 8:51:50.54

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

Is there any improvement??

If not........

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Share this post


Link to post
Share on other sites

adds still appear was gone last night when we finished but started again this morning no more warning about onlinegames here no log and thank u for the help

OTL logfile created on: 6/14/2013 10:33:54 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\claire\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 37.03% Memory free

7.99 Gb Paging File | 5.51 Gb Available in Paging File | 68.94% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 773.24 Gb Free Space | 83.02% Space Free | Partition Type: NTFS

Drive F: | 465.76 Gb Total Space | 219.61 Gb Free Space | 47.15% Space Free | Partition Type: NTFS

Computer Name: CLAIRE-PC | User Name: claire | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/14 10:32:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\claire\Desktop\OTL.exe

PRC - [2013/05/20 18:04:20 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe

PRC - [2013/04/27 12:15:40 | 007,069,784 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/11/27 14:48:08 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe

PRC - [2012/11/14 11:28:04 | 001,133,176 | R--- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe

PRC - [2012/10/01 02:56:58 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE

PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

PRC - [2012/07/27 15:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

PRC - [2010/11/16 20:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

PRC - [2010/09/16 15:27:40 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2010/09/06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2010/08/19 22:35:32 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe

PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 03:09:12 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ded1c6dbf61d19f839da66c951d8fa9\System.Windows.Forms.ni.dll

MOD - [2013/05/16 03:09:04 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll

MOD - [2013/01/09 05:42:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7a33af3fa6a140afb8ab0d9190ab2c9d\System.Runtime.Remoting.ni.dll

MOD - [2013/01/09 04:37:16 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll

MOD - [2013/01/09 04:37:14 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll

MOD - [2013/01/09 04:37:10 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll

MOD - [2013/01/09 04:37:01 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll

MOD - [2012/11/27 14:48:08 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe

MOD - [2012/11/27 14:38:36 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll

MOD - [2012/02/20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/10/01 02:56:52 | 000,230,920 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)

SRV:64bit: - [2012/09/12 00:14:40 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)

SRV:64bit: - [2011/03/15 16:35:18 | 000,071,168 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)

SRV:64bit: - [2009/08/18 04:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/05/20 18:04:20 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)

SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/10/01 02:56:58 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2010/09/06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)

SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/08/19 22:35:32 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/20 18:04:20 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2013/04/25 08:44:30 | 000,142,424 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/03/29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2013/03/04 07:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2013/02/22 02:17:06 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)

DRV:64bit: - [2013/02/22 02:17:06 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/18 21:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/11/18 21:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/08/18 00:46:54 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)

DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/08/18 05:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)

DRV:64bit: - [2009/07/13 19:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)

DRV:64bit: - [2009/07/13 19:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)

DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2007/06/08 08:06:36 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmdcap.sys -- (U6000ALL)

DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV - [2013/04/25 08:44:30 | 000,142,424 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2013/03/20 03:07:16 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{5C490998-14C3-4D97-8518-C65C7CDB7DFF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)

FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\claire\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/14 03:27:32 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://mysearch.avg.com/?cid=&mid=1799f6ad8ba66f2ffe260b4ec68e688c-4be53513719045de0411c5e4b11bfd1e87faf666〈=en&ds=AVG&pr=fr&d=&pid=safeguard&sg=&v=&sap=hp

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\gcswf32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\claire\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: LessTabs = C:\Users\claire\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb\1.7.0.0_0\

O1 HOSTS File: ([2013/06/13 21:04:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ACPW06EN] C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe (ACD Systems)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)

O4 - HKLM..\Run: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\claire\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)

O4 - HKCU..\Run: [Device Detector] DevDetect.exe -autorun File not found

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)

O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)

O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - Startup: C:\Users\claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\claire\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C518FE8D-C085-4999-9C92-F3711EB8DC82}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/14 10:33:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\claire\Desktop\OTL.exe

[2013/06/14 10:31:22 | 000,000,000 | ---D | C] -- C:\Users\claire\AppData\Local\{83C6461F-EDAA-4E19-A296-E5AE89E1D915}

[2013/06/14 08:50:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/06/14 08:48:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/06/14 08:48:06 | 000,000,000 | ---D | C] -- C:\JRT

[2013/06/14 08:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/06/13 22:35:49 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/06/13 21:18:42 | 000,000,000 | ---D | C] -- C:\Users\claire\Desktop\virus prog

[2013/06/13 20:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2013/06/13 20:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2013/06/13 02:40:38 | 000,000,000 | ---D | C] -- C:\Users\claire\AppData\Local\DirectShow

[2013/06/12 05:19:03 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/06/12 05:19:03 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/06/12 05:19:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/06/12 05:19:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/06/12 05:19:02 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/06/12 05:19:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/06/12 05:19:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/06/12 05:19:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/06/12 05:19:02 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/06/12 05:19:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/06/12 05:19:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/06/12 05:19:01 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/06/12 05:19:01 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/06/12 05:19:01 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/06/12 05:19:01 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/06/12 03:47:41 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/06/12 03:47:41 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/06/12 03:47:31 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll

[2013/06/12 03:47:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll

[2013/06/12 03:47:30 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/06/12 03:47:24 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013/06/12 03:47:24 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe

[2013/06/12 03:47:24 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe

[2013/06/12 03:47:24 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2013/06/12 03:47:24 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll

[2013/06/12 03:47:24 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll

[2013/06/12 03:47:22 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/06/12 03:47:22 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/06/10 09:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013/06/05 13:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2013/06/05 13:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/06/05 13:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2013/05/21 14:08:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LessTabs

[2013/05/21 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\claire\AppData\Roaming\Paint.NET.3.5.10.Install

[2013/05/15 18:53:30 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2013/05/15 18:53:30 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2013/05/15 18:53:18 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/05/15 18:53:18 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/05/15 18:53:17 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/05/15 18:53:17 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/05/15 18:53:11 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll

[2013/01/27 20:01:39 | 005,098,112 | ---- | C] (IO3O LLC ) -- C:\Users\claire\AppData\Roaming\mywifi.exe

[2010/08/18 00:46:54 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\claire\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/06/14 10:32:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\claire\Desktop\OTL.exe

[2013/06/14 10:07:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/14 08:40:19 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/06/13 22:28:07 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/13 22:28:07 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/13 22:20:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/13 22:19:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/13 22:19:44 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/13 22:18:05 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

[2013/06/13 21:04:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/06/13 20:23:47 | 000,000,961 | ---- | M] () -- C:\Users\claire\Desktop\NTREGOPT.lnk

[2013/06/10 09:23:00 | 000,001,002 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/06/07 08:43:21 | 000,001,051 | ---- | M] () -- C:\Users\claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/06/07 08:42:53 | 000,001,021 | ---- | M] () -- C:\Users\claire\Desktop\Dropbox.lnk

[2013/06/05 20:08:55 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/06/05 14:38:01 | 000,779,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/06/05 14:38:01 | 000,660,784 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/06/05 14:38:01 | 000,121,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/06/05 13:46:44 | 000,001,319 | ---- | M] () -- C:\Users\claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/05/21 04:03:52 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk

[2013/05/20 18:04:20 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

[2013/05/17 14:06:54 | 000,000,000 | -H-- | M] () -- C:\Users\claire\Documents\Default.rdp

[2013/05/16 20:25:27 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/05/16 20:25:26 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/05/16 20:25:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/05/16 20:25:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/05/16 20:25:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/05/16 19:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/05/16 19:58:20 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/05/16 19:58:10 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/05/16 19:58:10 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/05/16 19:58:08 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/05/16 19:58:08 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/05/16 19:58:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/05/16 19:58:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/05/16 03:33:10 | 004,983,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/06/14 08:40:19 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2013/06/13 22:18:01 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat

[2013/06/13 20:23:47 | 000,000,961 | ---- | C] () -- C:\Users\claire\Desktop\NTREGOPT.lnk

[2013/06/07 08:43:21 | 000,001,051 | ---- | C] () -- C:\Users\claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/06/05 13:46:44 | 000,001,319 | ---- | C] () -- C:\Users\claire\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/05/17 14:06:54 | 000,000,000 | -H-- | C] () -- C:\Users\claire\Documents\Default.rdp

[2013/03/29 12:39:00 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll

[2013/03/29 12:39:00 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys

[2013/01/27 19:59:51 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll

[2012/10/18 11:49:49 | 000,000,403 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2012/10/18 11:44:55 | 000,773,626 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/08/15 03:44:12 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2012/02/11 15:32:49 | 000,000,296 | ---- | C] () -- C:\ProgramData\~f1GeWEHjS2aa0X

[2012/02/11 15:32:49 | 000,000,208 | ---- | C] () -- C:\ProgramData\~f1GeWEHjS2aa0Xr

[2012/02/11 15:32:45 | 000,000,448 | ---- | C] () -- C:\ProgramData\f1GeWEHjS2aa0X

[2012/01/23 18:52:35 | 000,000,774 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2011/10/30 06:15:44 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll

[2011/10/30 06:15:44 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2011/10/30 06:15:44 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ThumbExtract.dll

[2010/12/05 11:24:34 | 000,010,240 | ---- | C] () -- C:\Users\claire\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/24 00:59:33 | 000,937,984 | ---- | C] () -- C:\Users\claire\AppData\Local\filesync.metadata

[2010/08/22 07:36:54 | 000,000,017 | ---- | C] () -- C:\Users\claire\AppData\Local\resmon.resmoncfg

[2010/08/18 00:46:54 | 000,007,859 | ---- | C] () -- C:\Users\claire\AppData\Roaming\pcouffin.cat

[2010/08/18 00:46:54 | 000,001,167 | ---- | C] () -- C:\Users\claire\AppData\Roaming\pcouffin.inf

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:D2F2F703

< End of report >

Share this post


Link to post
Share on other sites

here is the second log TL Extras logfile created on: 6/14/2013 10:33:54 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\claire\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 37.03% Memory free

7.99 Gb Paging File | 5.51 Gb Available in Paging File | 68.94% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.41 Gb Total Space | 773.24 Gb Free Space | 83.02% Space Free | Partition Type: NTFS

Drive F: | 465.76 Gb Total Space | 219.61 Gb Free Space | 47.15% Space Free | Partition Type: NTFS

Computer Name: CLAIRE-PC | User Name: claire | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)

Directory [ACDSee Pro 6.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)

Directory [ACDSee Pro 6.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"TCP Query User{FB1ABFCE-EF64-41E3-8EE8-B333CC5083B8}C:\users\claire\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\claire\appdata\local\akamai\netsession_win.exe |

"UDP Query User{3E90B928-569B-43A8-BAB4-C1A61BFB6152}C:\users\claire\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\claire\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{09350823-BE9F-4CC1-B621-C8F113F714D5}" = AVG 2013

"{0BEFCFE0-4373-41B6-8924-85FA78C9514D}" = Nitro Pro 8

"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour

"{119EEB4B-F32F-4D71-B9C0-E42403F91C9A}" = AVG 2013

"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A2422B02-0D41-43F5-B62E-C7A5E55FCBA8}" = Vegas Pro 9.0 (64-bit)

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"AVG" = AVG 2013

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"NewBlue Art Effects for PowerDirector" = Newblue Art Effects for PowerDirector

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C432DEB-FBF2-A5E0-FDB7-4B39F7FAF0D4}" = Adobe Community Help

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0ECE15AC-CB68-40EC-B70D-1B220717844C}" = Transfer Utility

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3

"{1B9DF2F7-6E59-4F9D-ADE1-F0CF9C7F4B0F}" = Xara Designer Pro 7

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32

"{2D5FDE7E-E784-4FD2-BFD7-7C97AE9B5983}" = MAGIX Speed 2 (MSI)

"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5

"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)

"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer

"{44510C84-AE2A-4079-A75B-D44E68D73B9A}" = CyberLink PhotoDirector 4

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{510182B9-1880-4CEB-BBD4-A7DA9C350000}" = MAGIX PhotoStory on CD & DVD 9 deluxe Download Version

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5F29D5E7-8C01-4695-8A38-9F94BC3EAD40}" = TurboTax 2011 wmniper

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63934E99-A4F7-478C-8BB0-259BB9D78FFF}" = Microsoft Report Viewer Redistributable 2005

"{66DAE93A-9A8A-4B94-9FBF-5B78EF34C2EC}" = TurboTax 2011 wmsiper

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1" = Picture Collage Maker Pro 2.4.6

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74D199FC-CEFB-45AF-B364-754E1A75220E}" = Nuance OmniPage 18

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7880A897-876A-46EB-BE51-9F9B89878A5C}" = MAGIX Online Print Service

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{84BC4E89-97BB-41A3-9254-06E7C675B945}" = TurboTax 2010 wmsiper

"{8543A572-5993-4101-BACC-C83884E183A4}" = One Touch Video Capture

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EA5860B-9027-4864-81D0-2A5B82D41821}" = TurboTax 2010 wmniper

"{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1" = Movie Collector

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{94A428DC-441D-4725-AB03-148A9FCC670C}" = MAGIX Screenshare

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A471A73B-EA26-4C1D-B735-DEB0CB57F7DF}" = MAGIX 3D Maker (embedded MSI)

"{A4ECF10E-8914-4E29-9E48-8BE2F57558DC}" = ResumeMaker

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport

"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)

"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B14E295B-939D-4CE0-99CD-CB8C3B4FFF2E}" = TurboTax 2012 wmniper

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D2FB8970-EE99-4BE0-B928-4D8145CC0502}" = MAGIX Xtreme Photo Designer 6

"{D40B2C78-30CA-4A8F-A157-C86B491C73AF}" = ACDSee Pro 6

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = VC500 Driver

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer

"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine

"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser

"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper

"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip 9.20" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9

"Akamai" = Akamai NetSession Interface Service

"Aleks 3.15" = Aleks 3.15

"Any Video Converter_is1" = Any Video Converter 3.1.5

"AnyDVD" = AnyDVD

"AVG SafeGuard toolbar" = AVG SafeGuard toolbar

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Collectorz.com Movie Collector" = Collectorz.com Movie Collector

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Diamond One Touch Video Capture Software" = Diamond One Touch Video Capture Software

"Diamond VC500 WinXPVista7 Installation" = Diamond VC500 WinXPVista7 Installation

"DVD-Cloner 2013_is1" = DVD-Cloner V10.00 Build 1201

"DVDFab 8 Qt_is1" = DVDFab 8.2.0.7 (25/08/2012) Qt

"DVDFab 9_is1" = DVDFab 9.0.1.6 (14/12/2012) Qt

"ERUNT_is1" = ERUNT 1.1j

"Google Chrome" = Google Chrome

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"ImageBrowser EX" = Canon Utilities ImageBrowser EX

"ImgBurn" = ImgBurn

"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5

"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor

"InstallShield_{44510C84-AE2A-4079-A75B-D44E68D73B9A}" = CyberLink PhotoDirector 4

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"LessTabs" = LessTabs

"MAGIX_MSI_Fotos_auf_CD_DVD_9_dlx" = MAGIX PhotoStory on CD & DVD 9 deluxe Download Version

"MAGIX_MSI_Xara_Designer_Pro_7" = Xara Designer Pro 7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005

"Photodex Presenter" = Photodex Presenter

"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser

"Picture Cutout Guide Lite_is1" = Picture Cutout Guide Lite 2.0.2

"ProShow Producer" = ProShow Producer

"SpeedFan" = SpeedFan (remove only)

"Ten Thumbs_is1" = Ten Thumbs 4.7

"The Ultimate Troubleshooter" = The Ultimate Troubleshooter

"TurboTax 2010" = TurboTax 2010

"TurboTax 2011" = TurboTax 2011

"TurboTax 2012" = TurboTax 2012

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite" = Windows Live Essentials

"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"Dropbox" = Dropbox

"MyFreeCodec" = MyFreeCodec

"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/14/2013 11:31:32 AM | Computer Name = claire-PC | Source = Application Error | ID = 1000

Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16611,

time stamp: 0x5191e7aa Faulting module name: LessTabsClientIE.dll, version: 1.7.0.0,

time stamp: 0x515e7eeb Exception code: 0xc0000005 Fault offset: 0x000062c0 Faulting

process id: 0x328 Faulting application start time: 0x01ce69143bd6f7b8 Faulting application

path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:

C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll Report Id: 7ceabe1e-d507-11e2-b3d5-6cf049054eec

Error - 6/14/2013 11:31:35 AM | Computer Name = claire-PC | Source = Application Error | ID = 1000

Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16611,

time stamp: 0x5191e7aa Faulting module name: LessTabsClientIE.dll, version: 1.7.0.0,

time stamp: 0x515e7eeb Exception code: 0xc0000005 Fault offset: 0x000062c0 Faulting

process id: 0x9cc Faulting application start time: 0x01ce691440c6f64a Faulting application

path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:

C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll Report Id: 7ed51996-d507-11e2-b3d5-6cf049054eec

Error - 6/14/2013 11:31:50 AM | Computer Name = claire-PC | Source = Application Error | ID = 1000

Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16611,

time stamp: 0x5191e7aa Faulting module name: LessTabsClientIE.dll, version: 1.7.0.0,

time stamp: 0x515e7eeb Exception code: 0xc0000005 Fault offset: 0x000062c0 Faulting

process id: 0x254 Faulting application start time: 0x01ce691442358a35 Faulting application

path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:

C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll Report Id: 881def61-d507-11e2-b3d5-6cf049054eec

Error - 6/14/2013 11:31:54 AM | Computer Name = claire-PC | Source = Application Error | ID = 1000

Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16611,

time stamp: 0x5191e7aa Faulting module name: LessTabsClientIE.dll, version: 1.7.0.0,

time stamp: 0x515e7eeb Exception code: 0xc0000005 Fault offset: 0x000062c0 Faulting

process id: 0x1b18 Faulting application start time: 0x01ce69144c02e1e8 Faulting application

path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:

C:\Program Files (x86)\LessTabs\IE32\LessTabsClientIE.dll Report Id: 89f6d611-d507-11e2-b3d5-6cf049054eec

< End of report >

Share this post


Link to post
Share on other sites

What browsers are affected??

MrC

Share this post


Link to post
Share on other sites

I am only using internet explorer 10 and it randomelly pops up when opning up different links like this forum etc it is a 2in square video

Share this post


Link to post
Share on other sites

Uninstall LessTabs from your add/remove programs.

Then delete your copy of AdwCleaner and download and run a fresh copy...use the "Delete" option.

Let me know....MrC

Share this post


Link to post
Share on other sites

here it is

AdwCleaner v2.303 - Logfile created 06/14/2013 at 11:46:17

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : claire - CLAIRE-PC

# Boot Mode : Normal

# Running from : C:\Users\claire\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\claire\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8331 octets] - [13/06/2013 21:46:23]

AdwCleaner[R2].txt - [8170 octets] - [13/06/2013 22:17:37]

AdwCleaner[R3].txt - [852 octets] - [14/06/2013 11:46:17]

AdwCleaner[s1].txt - [7935 octets] - [13/06/2013 22:17:53]

########## EOF - C:\AdwCleaner[R3].txt - [971 octets] ##########

Share this post


Link to post
Share on other sites

Were you able to uninstall Less Tabs and is there any difference? MrC

Share this post


Link to post
Share on other sites

I also noticed that when I used craigs list adds were showing up all threw the listing and no block in corner but a banner add at bottom now they are gone

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.