Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: lavasoft adware blekko search engine


(!)

isasooner's Avatar
isasooner isasooner is offline
Computer Specs
Member with 111 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Intermediate
22-Oct-2012, 08:26 PM #1
lavasoft adware blekko search engine
I cannot remove lavasoft adware and blekko search engine from my laptop. Tried everything. going to registry, my computer,manage search engines and even deleted all unwanted search engines from my hard-drive.and nothing.
I need help.
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 534 posts.
 
Join Date: Jan 2009
Location: Devon, UK
23-Oct-2012, 03:25 AM #2
Hello isasooner and welcome to TSG.

My name is Satchfan and I would be glad to help you with your computer problem.




Please read the following guidelines which will help to make cleaning your machine easier:
  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


===================================================

Download and run AdwCleaner




Download AdwCleaner from here and save it to your desktop.
  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply
===================================================




Download and run OTL
  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT
  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.
===================================================




Run aswMBR
  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply.Note - do NOT attempt any Fix yet.
Logs to include with next post:

AdwCleaner log
OTL.txt
Extras.txt
aswMBR log

Thanks

Satchfan
isasooner's Avatar
isasooner isasooner is offline
Computer Specs
Member with 111 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Intermediate
23-Oct-2012, 05:55 PM #3
lavasoft adware blekko search engine
# AdwCleaner v2.005 - Logfile created 10/23/2012 at 17:11:17
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Idris - ISASOONER
# Boot Mode : Normal
# Running from : C:\Users\Idris\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : DefaultTabSearch

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Idris\AppData\Roaming\DefaultTab
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\ex tensions\addon@defaulttab.com.xpi
File Deleted : C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\se archplugins\my-web-search.xml
File Deleted : C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\se archplugins\search-here.xml
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\Idris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Folder Deleted : C:\Users\Idris\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Idris\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\ex tensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
Folder Deleted : C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\ex tensions\wecarereminder@bryan

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebk mbilgmlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfkcangbigakljkjeglcofao mihpejif
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Defaul tTab
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Defaul tTab Chrome
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search TheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\pr efs.js

C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\us er.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "2B1774DE9070D776E3E1F8D8CA116C48");
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "56bf00b80000000000009cb70dc61088");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15622");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=114336&tt=031012[...]
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "18");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 9);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.0.717:54:10");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "15.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "about:home");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 88387859);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.sg", "tzb");
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "bbcln");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.0.717:54:10");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "56bf00b8000000000000e840f26ee24e");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "56bf00b8000000000000e840f26ee24e");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15445");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.717:54:10");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.babylon.com/?babsrc=KW_def&AF=17284&q=[...]
Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Idris\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.20] : urls_to_restore_on_startup = [ "hxxp://www.msn.com/", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1 847E150840B7333", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1 847E15084341867", "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ]
Deleted [l.62] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.65] : keyword = "search.conduit.com",
Deleted [l.68] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149",
Deleted [l.2263] : urls_to_restore_on_startup = [ "hxxp://www.msn.com/", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1 847E150840B7333", "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1 847E15084341867", "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=48" ]

*************************

AdwCleaner[S1].txt - [21381 octets] - [23/10/2012 17:11:17]

########## EOF - C:\AdwCleaner[S1].txt - [21442 octets] ##########
isasooner's Avatar
isasooner isasooner is offline
Computer Specs
Member with 111 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Intermediate
23-Oct-2012, 05:56 PM #4
lavasoft adware blekko search engine
OTL logfile created on: 10/23/2012 5:25:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Idris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.61 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 69.89% Memory free
8.98 Gb Paging File | 7.82 Gb Available in Paging File | 87.16% Paging File free
Paging file location(s): c:\pagefile.sys 5500 8500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.88 Gb Total Space | 236.50 Gb Free Space | 83.90% Space Free | Partition Type: NTFS

Computer Name: ISASOONER | User Name: Idris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/23 17:18:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Idris\Downloads\OTL.exe
PRC - [2012/10/20 17:39:55 | 000,107,520 | ---- | M] () -- C:\Users\Idris\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2010/11/29 15:54:58 | 002,402,696 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/29 15:54:58 | 002,402,696 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Scan\KSS.exe
MOD - [2010/11/29 15:54:54 | 000,092,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Scan\KSS_WMI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/10 00:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/08 00:54:56 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/17 17:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 17:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/20 17:39:55 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Idris\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/10/14 20:01:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 17:10:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/22 08:38:06 | 000,628,624 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) [Auto | Running] -- C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe -- (WINZIPSSDiskOptimizer)
SRV - [2011/07/11 20:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/23 18:12:40 | 000,133,640 | ---- | M] () [Disabled | Stopped] -- c:\UBIOS\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/05 12:45:36 | 001,675,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011/06/08 01:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/08 00:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/23 20:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 22:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 22:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/29 19:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer: source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer: source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm044YYus&ptnrS=XPxdm044YYus&si=CI6ruuum4K8CFQkFnQodM2cb _A&ptb=0A0BAC9F-FAD7-4DC9-BDB9-72E03A2050F1&psa=&ind=2012050120&st=sb&n=77ed72c8&searchfor={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{6743C0EC-A765-45D2-896D-DD10C68A4FFD}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer: source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=S1122&geo=US&ver=6
IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{CF006ECD-C343-4ED5-932C-0D2A120861F3}: "URL" = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{E1CF7D1B-C719-49A2-B7C0-544A7DBD37CF}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8C21AF89554D5ADF1847E150843 41867&q={searchTerms}
IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20121042,6859,0,62,0"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1 847E15084341867"
FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0
FF - prefs.js..extensions.enabledAddons: addon@defaulttab.com:1.4.2
FF - prefs.js..extensions.enabledAddons: wecarereminder@bryan:4.1.15.22
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={C13E0375-04DC-4629-A9DE-02BC5F26BB3C}&Version=3.6.5&Vintage=20121042&Defaultbrowserid=62&Productid= 2722&Vendorid=3852&Offerid=6894&searchterm="
FF - prefs.js..keyword.URL: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=8C21AF89554D5ADF1847E1508402 E0A9&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Idris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Idris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/22 21:58:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee .com: C:\Program Files\McAfee\MSK

[2012/04/13 18:23:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Idris\AppData\Roaming\Mozilla\Extensions
[2012/10/23 17:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\ex tensions
[2012/10/21 10:15:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\ex tensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/10/21 10:13:43 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\ex tensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/09/09 09:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\IDRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAZ6112F.DEFAULT\EX TENSIONS\{C9B68337-E93A-44EA-94DC-CB300EC06444}
File not found (No name found) -- C:\USERS\IDRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAZ6112F.DEFAULT\EX TENSIONS\ADDON@DEFAULTTAB.COM.XPI
File not found (No name found) -- C:\USERS\IDRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAZ6112F.DEFAULT\EX TENSIONS\WECAREREMINDER@BRYAN
[2012/10/14 20:01:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/21 13:44:26 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/08/29 10:36:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/03 09:49:53 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/10/14 20:01:59 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Idris\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperF lash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Idris\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogl eNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Idris\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Idris\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000..\Run: [Speech Recognition] C:\windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412D3727-274D-4DC1-B8EF-4D06A73288A7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3C8C90F-BDB6-4028-A7B6-8BA1AEFD3CCA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3C8C90F-BDB6-4028-A7B6-8BA1AEFD3CCA}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1e1ceb5e-6dc2-11e1-8862-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1e1ceb5e-6dc2-11e1-8862-806e6f6e6963}\Shell\AutoRun\command - "" = D:\install.EXE id= ver=1.0.0.0
O33 - MountPoints2\{f620bbdf-7f79-11e1-b565-e840f26ee24e}\Shell - "" = AutoRun
O33 - MountPoints2\{f620bbdf-7f79-11e1-b565-e840f26ee24e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


***CREATERESTOREPOINT***
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/22 22:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/10/22 22:13:19 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\CRE
[2012/10/22 21:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/10/22 21:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/10/22 20:38:52 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\WinZip
[2012/10/22 20:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2012/10/22 20:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Security Scan
[2012/10/22 20:36:33 | 000,019,344 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\windows\SysNative\roboot64.exe
[2012/10/22 20:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip System Utilities Suite
[2012/10/22 20:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip System Utilities Suite
[2012/10/21 16:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012/10/21 15:22:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/10/21 15:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/21 15:14:17 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{E3C75C48-3941-4419-9C5B-4244C33261A0}
[2012/10/21 10:50:37 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\LavasoftStatistics
[2012/10/21 10:14:10 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\Downloaded Installations
[2012/10/21 10:08:45 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\Ad-Aware Antivirus
[2012/10/20 20:05:36 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{483AA1B8-E94E-4CE6-9D20-961CA22C3640}
[2012/10/20 17:39:55 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\DefaultTab
[2012/10/11 15:56:24 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{D93733F2-DD7A-4D20-AB39-46B4057599D6}
[2012/10/10 22:30:16 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{9E19B52D-6091-43A9-BAB7-4E7D8144DA38}
[2012/10/10 05:40:53 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/10/10 05:40:52 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/10/10 05:40:52 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/10/10 05:40:40 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2012/10/10 05:40:40 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2012/10/10 05:40:39 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2012/10/10 05:40:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2012/10/10 05:40:39 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2012/10/10 05:40:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2012/10/10 05:40:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2012/10/10 05:40:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2012/10/10 05:40:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2012/10/10 05:40:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2012/10/10 05:40:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2012/10/10 05:40:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2012/10/10 05:40:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 05:40:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 05:40:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 05:40:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 05:40:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 05:40:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 05:40:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 05:40:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 05:40:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 05:40:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 05:40:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 05:40:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 05:40:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 05:40:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 05:40:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 05:40:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 05:40:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 05:40:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 05:40:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 05:40:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2012/10/10 05:40:22 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/10/10 05:39:40 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/10/10 05:39:39 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/10/09 17:38:59 | 000,145,408 | ---- | C] (Hewlett-Packard Company) -- C:\windows\SysNative\hpfll70v.dll
[2012/10/09 17:37:07 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\windows\SysNative\hpzids40.dll
[2012/10/09 17:37:07 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\windows\SysNative\hppldcoi.dll
[2012/10/05 07:26:16 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2012/10/04 18:38:02 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{BAFE6A3C-69D1-4D7E-86B9-07B85B221AF9}
[2012/10/03 22:52:56 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{0A0D1650-1C29-46DE-AE10-50678F93F366}
[2012/10/03 06:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/10/02 18:37:44 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{F5020D98-8397-40DE-BD20-4238B046EB12}
[2012/10/02 18:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeChat
[2012/10/02 18:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Headset
[2012/10/02 17:20:31 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/10/02 16:25:50 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\Malwarebytes
[2012/10/02 12:12:21 | 000,000,000 | ---D | C] -- C:\Toshiba
[2012/10/02 11:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/10/01 21:35:12 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\InstallShield
[2012/10/01 20:40:07 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe
[2012/10/01 18:07:45 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Roaming\AVG
[2012/10/01 18:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/10/01 18:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/10/01 17:36:20 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\LogMeIn Rescue Applet
[2012/10/01 17:21:23 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\WLDI
[2012/10/01 17:14:35 | 000,000,000 | ---D | C] -- C:\Users\Idris\AppData\Local\{ADD48B29-9002-4876-92F9-B32437067C38}
[2012/10/01 17:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeChat
[2012/09/24 16:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

========== Files - Modified Within 30 Days ==========

[2012/10/23 17:22:01 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/23 17:22:01 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/23 17:15:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/23 17:14:49 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012/10/23 17:14:48 | 000,000,510 | ---- | M] () -- C:\windows\tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
[2012/10/23 17:14:48 | 000,000,472 | ---- | M] () -- C:\windows\tasks\WINZIPSS-WINZIPSSOneClickCare.job
[2012/10/23 17:14:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/23 17:14:32 | 2904,666,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/23 17:10:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/23 16:48:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/23 16:48:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3987105026-2523861380-3924649800-1000UA.job
[2012/10/23 16:48:01 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3987105026-2523861380-3924649800-1000Core.job
[2012/10/23 07:14:12 | 000,001,277 | ---- | M] () -- C:\Users\Idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/10/22 22:13:36 | 000,000,009 | ---- | M] () -- C:\END
[2012/10/22 21:58:31 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/10/22 20:36:43 | 000,001,812 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
[2012/10/22 20:36:43 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
[2012/10/22 20:36:29 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\WinZip System Utilities Suite - Smart Scan.lnk
[2012/10/22 20:36:29 | 000,002,305 | ---- | M] () -- C:\Users\Idris\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip System Utilities Suite.lnk
[2012/10/22 18:46:29 | 000,778,866 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/22 18:46:29 | 000,660,332 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/22 18:46:29 | 000,121,228 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/21 15:22:35 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/10/20 16:20:27 | 000,066,416 | ---- | M] () -- C:\Users\Idris\Documents\Bank of America _ Online Banking _ Accounts _ Account Details _ Account Activity.pdf
[2012/10/10 21:01:39 | 000,002,500 | ---- | M] () -- C:\Users\Idris\Desktop\Google Chrome.lnk
[2012/10/09 20:11:33 | 000,117,229 | ---- | M] () -- C:\Users\Idris\Documents\Untitled (4).wma
[2012/10/09 17:56:13 | 000,000,286 | ---- | M] () -- C:\windows\reimage.ini
[2012/10/09 17:45:35 | 000,136,568 | ---- | M] () -- C:\windows\hphins33.dat
[2012/10/09 17:10:22 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 17:10:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/02 11:52:25 | 000,008,039 | ---- | M] () -- C:\Users\Idris\Documents\bookmark.htm
[2012/10/01 16:22:23 | 000,103,759 | ---- | M] () -- C:\Users\Idris\Documents\Untitled (3).wma
[2012/09/26 01:11:04 | 001,476,738 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1401010.002\Cat.DB
[2012/09/25 15:42:05 | 000,008,888 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1401010.002\VT20120921.034

========== Files Created - No Company Name ==========

[2012/10/22 22:13:34 | 000,000,009 | ---- | C] () -- C:\END
[2012/10/22 21:58:31 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/10/22 20:36:52 | 000,000,510 | ---- | C] () -- C:\windows\tasks\WINZIPSS-WINZIPSSAutoCheckUpdate7Days.job
[2012/10/22 20:36:51 | 000,000,472 | ---- | C] () -- C:\windows\tasks\WINZIPSS-WINZIPSSOneClickCare.job
[2012/10/22 20:36:43 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
[2012/10/22 20:36:43 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
[2012/10/22 20:36:29 | 000,002,337 | ---- | C] () -- C:\Users\Public\Desktop\WinZip System Utilities Suite - Smart Scan.lnk
[2012/10/22 20:36:29 | 000,002,305 | ---- | C] () -- C:\Users\Idris\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip System Utilities Suite.lnk
[2012/10/21 15:22:35 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/10/21 15:22:21 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/20 16:20:27 | 000,066,416 | ---- | C] () -- C:\Users\Idris\Documents\Bank of America _ Online Banking _ Accounts _ Account Details _ Account Activity.pdf
[2012/10/09 20:11:33 | 000,117,229 | ---- | C] () -- C:\Users\Idris\Documents\Untitled (4).wma
[2012/10/09 17:55:58 | 000,000,286 | ---- | C] () -- C:\windows\reimage.ini
[2012/10/09 17:37:21 | 000,136,568 | ---- | C] () -- C:\windows\hphins33.dat
[2012/10/09 17:37:21 | 000,000,512 | ---- | C] () -- C:\windows\hphmdl33.dat
[2012/10/08 08:53:54 | 000,001,277 | ---- | C] () -- C:\Users\Idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/10/02 11:52:25 | 000,008,039 | ---- | C] () -- C:\Users\Idris\Documents\bookmark.htm
[2012/10/01 20:17:01 | 000,065,536 | ---- | C] () -- C:\windows\SysNative\Ikeext.etl
[2012/10/01 16:22:23 | 000,103,759 | ---- | C] () -- C:\Users\Idris\Documents\Untitled (3).wma
[2012/07/04 06:53:07 | 000,772,714 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/23 11:40:19 | 000,135,200 | ---- | C] () -- C:\windows\hpoins37.dat
[2012/06/23 11:40:19 | 000,000,558 | ---- | C] () -- C:\windows\hpomdl37.dat
[2012/03/14 07:02:36 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/03/14 06:57:55 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2012/03/14 06:56:54 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/03/14 06:53:56 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/02/03 22:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< **%SYSTEMDRIVE%\*.exe** >

< MD5 for: AMD64_MICROSOFT-WINDOWS-S..ONTROLLER.RESOURCES_31BF3856AD364E35_6.1.7600.16385_EN-US_C5F238BE3FA63468_SERVICES.EXE.MUI_86EA5E71 >
[2010/11/21 03:06:45 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468_services.exe.mui_86ea5e71

< MD5 for: AMD64_MICROSOFT-WINDOWS-S..S-SERVICECONTROLLER_31BF3856AD364E35_6.1.7600.16385_NONE_2B54B20EE6FA07B1_SER VICES.EXE_ABFC33DA >
[2009/07/13 22:58:23 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1_ser vices.exe_abfc33da

< MD5 for: AMD64_MICROSOFT-WINDOWS-WINLOGON.RESOURCES_31BF3856AD364E35_6.1.7601.17514_EN-US_291E96FA1AB5FC7B_WINLOGON.EXE.MUI_3280FC46 >
[2010/11/21 03:06:45 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b_winlogon.exe.mui_3280fc46

< MD5 for: AMD64_MICROSOFT-WINDOWS-WINLOGON_31BF3856AD364E35_6.1.7601.17514_NONE_CDE90685EB910636_WINLOGON.EXE _AC37D0C5 >
[2010/11/20 23:27:05 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\Backup\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636_winlogon.exe _ac37d0c5

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2010/11/21 03:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2010/11/21 03:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2010/11/21 03:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2010/11/21 03:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2012/10/23 17:22:38 | 000,028,526 | ---- | M] () MD5=EE809EC411DEA85AAC6EC98FF3607577 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
[2010/11/21 03:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SMSVCHOST.EXE >
[2009/06/10 16:30:46 | 000,116,560 | ---- | M] (Microsoft Corporation) MD5=3E5A36127E201DDF663176B66828FAFE -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
[2009/06/10 16:30:46 | 000,116,560 | ---- | M] (Microsoft Corporation) MD5=3E5A36127E201DDF663176B66828FAFE -- C:\Windows\winsxs\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.1.7600.16385_none_c7f13af70ac77b22\SMSvcHost.e xe
[2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) MD5=D22CD77D4F0D63D1169BB35911BFF12D -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
[2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) MD5=D22CD77D4F0D63D1169BB35911BFF12D -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
[2010/11/20 23:24:53 | 000,128,848 | ---- | M] () MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost. exe
[2010/11/20 23:24:53 | 000,128,848 | ---- | M] (Microsoft Corporation) MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
[2010/11/20 23:24:53 | 000,128,848 | ---- | M] (Microsoft Corporation) MD5=F476EC40033CDB91EFBE73EB99B8362D -- C:\Windows\winsxs\msil_smsvchost_b03f5f7f11d50a3a_6.1.7601.17514_none_e6b62 2bd1115139e\SMSvcHost.exe

< MD5 for: SMSVCHOST.EXE.CONFIG >
[2009/07/14 01:32:32 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config
[2009/07/14 01:32:32 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config
[2009/06/10 16:30:46 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\winsxs\amd64_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.1.7600.16385_none_50a8efa432beeea2\S MSvcHost.exe.config
[2009/06/10 17:14:05 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\winsxs\x86_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.1.7600.16385_none_f48a54207a617d6c\S MSvcHost.exe.config
[2010/03/18 00:10:40 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.config
[2010/03/18 00:10:40 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.config

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/03/01 04:10:51 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=635455A95EB8EC47AC72142E501465ED -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_14271b75353e4391\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\windows\SysNative\svchost.exe
[2011/03/01 04:07:49 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=6F68F63794097E54F36474ED4384B759 -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_13af509c1c123937\svchost.exe
[2011/03/01 04:07:49 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=A91A288C91F9D9F1CFA4FAA9893C4D55 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.21671_none_b8087ff17ce0d25b\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\SysWOW64\svchost.exe
[2011/03/01 04:05:31 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=ECDB182F885292145826C58252B53000 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.17568_none_b790b51863b4c801\svchost.exe

< MD5 for: SVCHOST.EXE.MUI >
[2010/11/21 03:06:19 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=712EBAA6DD6DBA7DDEE0A3D03C98E6D1 -- C:\windows\SysNative\en-US\svchost.exe.mui
[2010/11/21 03:06:19 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=712EBAA6DD6DBA7DDEE0A3D03C98E6D1 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad3de280c12aaa17\svchost.exe.mui
[2010/11/21 03:06:14 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=FBC18BEE67E9179F02E7894EB548F18D -- C:\Windows\SysWOW64\en-US\svchost.exe.mui
[2010/11/21 03:06:14 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=FBC18BEE67E9179F02E7894EB548F18D -- C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_511f46fd08cd38e1\svchost.exe.mui

< MD5 for: SVCHOST.EXE-1C37F0CA.PF >
[2012/10/23 12:00:10 | 000,017,092 | ---- | M] () MD5=214344520FA791DE1397B6BF06919C2E -- C:\Windows\Prefetch\SVCHOST.EXE-1C37F0CA.pf

< MD5 for: SVCHOST.EXE-64A5EADA.PF >
[2012/10/23 17:20:07 | 000,016,980 | ---- | M] () MD5=A83DF09BAF5F7F815F8F1AFB270ABFE2 -- C:\Windows\Prefetch\SVCHOST.EXE-64A5EADA.pf

< MD5 for: SVCHOST.EXE-8049FA24.PF >
[2012/10/23 17:26:54 | 000,010,912 | ---- | M] () MD5=DC1893D172505C65A13711AF7BAE1E87 -- C:\Windows\Prefetch\SVCHOST.EXE-8049FA24.pf

< MD5 for: SVCHOST.EXE-8F6A8F43.PF >
[2012/10/23 17:26:58 | 000,018,252 | ---- | M] () MD5=6B46C2BC325CF67421122987BBFFB06B -- C:\Windows\Prefetch\SVCHOST.EXE-8F6A8F43.pf

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: USERINIT.EXE.MUI >
[2010/11/21 03:06:20 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=87AE19DA46FE7D5E293937DD36FF1889 -- C:\windows\SysNative\en-US\userinit.exe.mui
[2010/11/21 03:06:20 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=87AE19DA46FE7D5E293937DD36FF1889 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ebe597d2ec03996d\userinit.exe.mui
[2010/11/21 03:06:15 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=EA67C653ECFED02D7DBFB889A908CAA9 -- C:\Windows\SysWOW64\en-US\userinit.exe.mui
[2010/11/21 03:06:15 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=EA67C653ECFED02D7DBFB889A908CAA9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8fc6fc4f33a62837\userinit.exe.mui

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/21 03:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\windows\SysNative\en-US\winlogon.exe.mui
[2010/11/21 03:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

< MD5 for: WINZIPSSDISKEXPLORER.EXE >
[2012/03/22 08:38:10 | 001,174,416 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) MD5=388CE652E66BC0789851734A4D15C85A -- C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDiskExplorer.exe

< ***%systemroot%\*. /rp /s*** >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS543232A7A384 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 1.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 282.00GB
Starting Offset: 1573912576
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 304240132096
Hidden sectors: 0


========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
isasooner's Avatar
isasooner isasooner is offline
Computer Specs
Member with 111 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Intermediate
23-Oct-2012, 06:02 PM #5
lavasoft adware blekko search engine
OTL Extras logfile created on: 10/22/2012 6:59:38 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Idris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.61 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 65.24% Memory free
8.98 Gb Paging File | 7.58 Gb Available in Paging File | 84.46% Paging File free
Paging file location(s): c:\pagefile.sys 5500 8500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.88 Gb Total Space | 236.47 Gb Free Space | 83.89% Space Free | Partition Type: NTFS
Drive D: | 6.70 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ISASOONER | User Name: Idris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{078BA78D-11B2-4530-9BBB-4CAC13135691}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23165505-B5BB-472C-B127-4B9B7560C379}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F82C531-4986-406E-97BC-C51A8BB4B1DB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{67DBF1CE-1C41-44EA-B3CC-E288A53D56A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69761E04-5AFB-4EE4-8AEC-AF1C022EDC2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B53A9D8-7AB1-4677-AB0B-6FCD396738F9}" = rport=138 | protocol=17 | dir=out | app=system |
"{8DBDFA8C-48BC-44D6-8CA8-0D89B6991EB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{958A9DCF-A0DC-4D08-BA2F-80937B25B19C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9D6CCF67-C6C7-44D6-92F6-168179DB7870}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DACA927-7DD5-4701-8A80-98FCBFA0A887}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F297F33-44AE-40A6-B1DB-8F9D74B5D1F3}" = rport=445 | protocol=6 | dir=out | app=system |
"{A614AE66-9A5E-44A3-85A1-E5C6CF65C4E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA293C63-0388-4A41-92AD-3446B841E417}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4AFA07A-CA30-4EFA-98B7-36751D14D092}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C8E22EB9-1492-4958-ACCA-B52028BAB1D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE6358AF-C4F4-44F6-B861-FD12F664E2B4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D5F16942-1290-4FC0-8245-00BE30504029}" = lport=138 | protocol=17 | dir=in | app=system |
"{DAB3AF3A-0ED2-4020-B517-88BE4A16DCC0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC10A687-F2EE-42C1-8326-1C48D75561DD}" = lport=137 | protocol=17 | dir=in | app=system |
"{DD03D1E5-E494-4D64-8A7D-3B084434F06D}" = lport=445 | protocol=6 | dir=in | app=system |
"{E53F50FD-5CAF-498F-B304-12F0191B4DD3}" = rport=139 | protocol=6 | dir=out | app=system |
"{EA5AAEDD-7A8E-4D68-9D92-4AFC3E47112D}" = lport=139 | protocol=6 | dir=in | app=system |
"{F24A55FB-3D52-471C-9B65-6F9A071B4F9D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F45B0D5B-6A5D-4300-9424-9CA4062C710D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F5A3C46A-08AA-4382-99F1-431005A8F5C0}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0E7DEFF6-9421-4E2D-AE1B-5D13C54E4FDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{12CF42BE-F779-401F-A787-5D6342BF2D23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1626DE2F-3165-4A69-86E9-164B09414EA1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D407A77-25AC-4938-AD9A-6BF3F68DF364}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{205A1C76-A425-4476-8353-E45D4B1BCD13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24C6FDFC-BE03-4435-BBE4-27EEFA2B7282}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2E2C7555-EA94-4FC3-9E11-DDA4B0BCE473}" = protocol=17 | dir=in | app=c:\users\idris\appdata\local\temp\7zs18ae.tmp\symnrt.exe |
"{35E67A5C-F200-4FB3-996E-295147EDC24F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{390C5558-4D70-47BA-B90E-D06249517EEE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3AC431C5-DF76-4FDA-9431-991987F15A3C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{44FD842B-F5C5-45F5-9AC6-8AEA55AEC692}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4B0A7BC4-9260-4608-B9FF-8B1AF32625CE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{548C0174-2F45-4426-A7D0-230FBB48F45F}" = protocol=6 | dir=in | app=c:\users\idris\appdata\local\temp\7zs18ae.tmp\symnrt.exe |
"{5F381420-E665-4BA6-9115-25366B970D7D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{602D0160-3D9B-45B8-8C9B-F7CA259AFA57}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6536F6CE-108F-43CD-9473-4DEFE3AF4002}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{69B648D0-7AEA-4AE4-A249-20CF191DCC17}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{701AC330-6643-4498-BAFD-8EB4AFBBB33D}" = protocol=6 | dir=out | app=system |
"{732CF90F-3BB2-49C0-B4AF-5FEFAE39F15F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{805438AC-BDEF-4E71-B2FA-D1C0F200FB46}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{90DB61B8-A7DF-4F39-BC79-749AC0C6FD03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A210FB6D-EEB4-4FA9-BD4F-7F07030242F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A7B3C5E6-8B53-4D40-B91F-327A55FC80CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AD9A7D35-65D0-4C6D-9637-E24778DA94BD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C14D7370-3530-43DB-BC13-892CFC6F2416}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C5EAB78F-CE9A-43F8-84C0-4E19E26472A8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CC378879-7DA5-451A-9517-25F05435CD87}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CCB99B1F-3751-4D44-A226-484806309BA6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{D0CF8E56-D48B-44A5-90B4-0D133D0BCBDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D48DD8C4-0466-4A41-B62D-6D16AE89A7A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4BEE939-13A1-4796-919A-6A43765A44F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6CB9C3A-02C3-4C0B-A070-650DB983E9D7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DDDE5CD5-F77C-4DEB-9F7A-C3CDC01F7972}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FEBCA0A1-4BD8-400D-8AC7-52A1E3C623AD}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"TCP Query User{1D5A0EE1-44ED-4E6F-91D2-90855076C104}C:\users\idris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\idris\appdata\local\akamai\netsession_win.exe |
"TCP Query User{216D4591-0D74-480D-8A1D-216D9CC35ED4}C:\users\idris\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\idris\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe |
"TCP Query User{77EA341F-8FB2-4444-92A2-68218BD92860}C:\users\idris\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\idris\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe |
"TCP Query User{A6EBD1A0-049C-4D46-BA2C-D0F85E2E0405}C:\users\idris\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\idris\appdata\local\akamai\netsession_win.exe |
"TCP Query User{D02EBA32-2B0F-4DED-9B44-AE0284384521}C:\users\idris\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\idris\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe |
"UDP Query User{067BF0CA-A802-4D77-AF93-4377A7F7CBFB}C:\users\idris\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\idris\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe |
"UDP Query User{0E444F3A-B647-4FCA-8DBC-3C93710E70C0}C:\users\idris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\idris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{20E8DDC0-9EB5-4D35-A1DB-C47F6BB03598}C:\users\idris\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\idris\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe |
"UDP Query User{6E0C1A94-00B1-40D3-9B3C-37849BF3D838}C:\users\idris\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\idris\appdata\local\akamai\netsession_win.exe |
"UDP Query User{E09FC524-A2F1-44C7-A6AA-B103ED807855}C:\users\idris\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\idris\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{4ACA5AE7-E68C-5A48-F8E6-D67946267506}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6316805C-2485-2FF5-974C-750E3BE1DF65}" = AMD Media Foundation Decoders
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.SingleImage_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.SingleImage_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.SingleImage_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.SingleImage_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
"{A34D9B7F-8453-DA02-DC98-EEEE085411C6}" = ccc-utility64
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver 14.0 Rel. 5
"{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}" = Microsoft LifeChat
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0146E330-EEE7-B924-B347-B399460893ED}" = CCC Help Czech
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{09927C92-A652-057A-3A7B-153F23175C58}" = CCC Help Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{109CBCC5-7151-1CC6-DAD6-6F7DD3162A8A}" = Catalyst Control Center InstallProxy
"{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19E40731-8E1A-07FB-DA7D-8A54603F6408}" = CCC Help English
"{1B97813D-74A7-25EB-4837-792413507E82}" = CCC Help Danish
"{1CF94211-A7BB-8151-44B8-6618C5A162F8}" = CCC Help Portuguese
"{1D7FEEAC-6CEE-5B5F-A8B0-9BE7A6BCB7FB}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{247E03D2-485B-7A70-BF5C-AB9BDF6AFB44}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEFB3C4-4706-C2B5-DF69-CF914D87BCE4}" = CCC Help Swedish
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337FDED7-D27B-E476-E888-3674E1C01C69}" = CCC Help Spanish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4485C9D0-A742-F1BB-C0B0-58FC61960D99}" = CCC Help Korean
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{666E35A7-A224-E3E9-48C2-C641837535D9}" = Catalyst Control Center Localization All
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding
"{83601916-2E71-F1C7-EE5F-A1C985BC9217}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A34A135-D405-DD03-9B2E-0EB99238A312}" = CCC Help Finnish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9550EA6C-4CBE-C1F3-1E1C-5E87F2C645ED}" = CCC Help French
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97F67013-3076-4261-DC10-808409655042}" = AMD VISION Engine Control Center
"{986BB897-C295-2FED-8DCA-4ADE3AFCEF84}" = CCC Help Russian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4FF8F4E-D665-712B-07EE-F03ED360E9BE}" = CCC Help Italian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ADB50F70-98FF-067F-DF39-47DD83E32D58}" = CCC Help Chinese Standard
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B83FCE14-53D5-CBF8-87E9-59B8968ADB4C}" = CCC Help Norwegian
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C78E3449-4F24-839B-5F7A-6911C67A5BE9}" = Catalyst Control Center Graphics Previews Common
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6E90970-BA9C-51AA-EFA2-9F80A7AE0956}" = CCC Help Thai
"{D826A52E-0AC9-5A55-61B8-0E088477A1B0}" = CCC Help Greek
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69540AC-FFC3-5519-F925-5ACC8D20DED5}" = CCC Help Hungarian
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{E9D96BD5-7D33-7ED3-0A8E-229FA2524487}" = CCC Help Turkish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5575DD6-8112-45A6-8FFA-C7249C3D8E1F}" = ASPCA Reminder by We-Care.com v4.1.19.1
"{F931F27F-A967-982A-9226-494787D5FBBB}" = CCC Help Japanese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Athan" = Athan Basic 4.2
"DefaultTab" = DefaultTab
"DefaultTab Chrome" = DefaultTab Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WindowsLiveDeviceIntegrator" = Windows Live Device Integrator
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Adobe Connect Add-in" = Adobe Connect Add-in
"AIM" = AIM for Windows
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/1/2012 8:32:32 PM | Computer Name = Isasooner | Source = RasClient | ID = 20227
Description =

Error - 10/1/2012 8:35:11 PM | Computer Name = Isasooner | Source = WinMgmt | ID = 10
Description =

Error - 10/1/2012 8:35:33 PM | Computer Name = Isasooner | Source = Toshiba App Place | ID = 0
Description =

Error - 10/1/2012 9:08:47 PM | Computer Name = Isasooner | Source = WinMgmt | ID = 10
Description =

Error - 10/1/2012 9:10:33 PM | Computer Name = Isasooner | Source = Toshiba App Place | ID = 0
Description =

Error - 10/1/2012 9:28:30 PM | Computer Name = Isasooner | Source = WinMgmt | ID = 10
Description =

Error - 10/1/2012 9:28:40 PM | Computer Name = Isasooner | Source = Toshiba App Place | ID = 0
Description =

Error - 10/2/2012 10:47:42 AM | Computer Name = Isasooner | Source = WinMgmt | ID = 10
Description =

Error - 10/2/2012 10:51:23 AM | Computer Name = Isasooner | Source = WinMgmt | ID = 10
Description =

Error - 10/2/2012 11:21:03 AM | Computer Name = Isasooner | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 5/30/2012 7:40:15 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
Description = 7:40:15 AM - Error connecting to the internet. 7:40:15 AM - Unable
to contact server..

Error - 5/30/2012 7:40:24 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
Description = 7:40:20 AM - Error connecting to the internet. 7:40:20 AM - Unable
to contact server..

Error - 5/30/2012 8:40:28 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
Description = 8:40:28 AM - Error connecting to the internet. 8:40:28 AM - Unable
to contact server..

Error - 5/30/2012 8:40:36 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
Description = 8:40:34 AM - Error connecting to the internet. 8:40:34 AM - Unable
to contact server..

Error - 5/30/2012 9:40:41 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
Description = 9:40:41 AM - Error connecting to the internet. 9:40:41 AM - Unable
to contact server..

Error - 5/30/2012 9:40:48 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
Description = 9:40:46 AM - Error connecting to the internet. 9:40:46 AM - Unable
to contact server..

Error - 6/7/2012 7:26:09 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
Description = 7:26:00 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 400: The server cannot process the request because the syntax is not valid.
)


Error - 6/7/2012 8:26:21 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
Description = 8:26:17 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 400: The server cannot process the request because the syntax is not valid.
)


Error - 6/7/2012 9:26:32 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
Description = 9:26:29 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 400: The server cannot process the request because the syntax is not valid.
)


Error - 6/7/2012 10:26:43 AM | Computer Name = Isasooner | Source = MCUpdate | ID = 0
Description = 10:26:40 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 400: The server cannot process the request because the syntax is not valid.
)


[ System Events ]
Error - 10/21/2012 3:12:27 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/21/2012 4:14:48 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 10/21/2012 4:14:53 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/21/2012 4:28:18 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 10/21/2012 4:28:24 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/22/2012 4:06:35 PM | Computer Name = Isasooner | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:03:55 PM on ?10/?22/?2012 was unexpected.

Error - 10/22/2012 4:06:40 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 10/22/2012 4:06:42 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/22/2012 6:40:18 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7034
Description = The DefaultTabUpdate service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/22/2012 6:42:14 PM | Computer Name = Isasooner | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE


< End of report >
isasooner's Avatar
isasooner isasooner is offline
Computer Specs
Member with 111 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Intermediate
23-Oct-2012, 06:05 PM #6
lavasoft adware blekko search engine
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-23 17:44:08
-----------------------------
17:44:08.542 OS Version: Windows x64 6.1.7601 Service Pack 1
17:44:08.542 Number of processors: 2 586 0x200
17:44:08.542 ComputerName: ISASOONER UserName: Idris
17:44:10.133 Initialize success
17:45:20.130 AVAST engine defs: 12102300
17:50:52.299 The log file has been saved successfully to "C:\Users\Idris\Downloads\aswMBR.txt"
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 534 posts.
 
Join Date: Jan 2009
Location: Devon, UK
24-Oct-2012, 03:35 AM #7
Please can you send the complete aswMBR log.

If that is all there was, run it again and send the new log.

Thanks
isasooner's Avatar
isasooner isasooner is offline
Computer Specs
Member with 111 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Intermediate
24-Oct-2012, 09:41 AM #8
confirmation post aswMBR log.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-24 09:18:11
-----------------------------
09:18:11.267 OS Version: Windows x64 6.1.7601 Service Pack 1
09:18:11.268 Number of processors: 2 586 0x200
09:18:11.270 ComputerName: ISASOONER UserName: Idris
09:18:12.610 Initialize success
09:18:33.978 AVAST engine defs: 12102300
09:18:39.349 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
09:18:39.354 Disk 0 Vendor: Hitachi_HTS543232A7A384 ES2OA70K Size: 305245MB BusType: 11
09:18:39.365 Disk 0 MBR read successfully
09:18:39.371 Disk 0 MBR scan
09:18:39.408 Disk 0 Windows VISTA default MBR code
09:18:39.430 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
09:18:39.506 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 288645 MB offset 3074048
09:18:39.606 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15099 MB offset 594219008
09:18:39.783 Disk 0 scanning C:\windows\system32\drivers
09:19:04.138 Service scanning
09:20:02.273 Modules scanning
09:20:02.289 Disk 0 trace - called modules:
09:20:02.320 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:20:02.335 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c12060]
09:20:02.351 3 CLASSPNP.SYS[fffff880018c043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80046c1060]
09:20:03.646 AVAST engine scan C:\windows
09:20:08.856 AVAST engine scan C:\windows\system32
09:28:01.241 AVAST engine scan C:\windows\system32\drivers
09:28:28.104 AVAST engine scan C:\Users\Idris
09:35:16.154 Disk 0 MBR has been saved successfully to "C:\Users\Idris\Downloads\MBR.dat"
09:35:16.169 The log file has been saved successfully to "C:\Users\Idris\Downloads\aswMBR.txt2.txt"
09:37:15.078 AVAST engine scan C:\ProgramData
09:38:24.507 Scan finished successfully
09:39:44.707 Disk 0 MBR has been saved successfully to "C:\Users\Idris\Downloads\MBR.dat"
09:39:44.723 The log file has been saved successfully to "C:\Users\Idris\Downloads\aswMBR.txt3.txt"
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 534 posts.
 
Join Date: Jan 2009
Location: Devon, UK
24-Oct-2012, 05:53 PM #9
There is still a lot of bad stuff on there even though a lot has been dealt with so we still have a bit of work to do.


Run OTL
  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code:
 
:Services
 
:OTL
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm044YYus&ptnrS=XPxdm044YYus&si=CI6ruuum4K8CFQkFnQodM2cb _A&ptb=0A0BAC9F-FAD7-4DC9-BDB9-72E03A2050F1&psa=&ind=2012050120&st=sb&n=77ed72c8&searchfor={searchTerms}
IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=S1122&geo=US&ver=6
IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{CF006ECD-C343-4ED5-932C-0D2A120861F3}: "URL" = http://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
IE - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\SearchScopes\{E1CF7D1B-C719-49A2-B7C0-544A7DBD37CF}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=8C21AF89554D5ADF1847E150843 41867&q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1 847E15084341867"
FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0
FF - prefs.js..extensions.enabledAddons: addon@defaulttab.com:1.4.2
FF - prefs.js..extensions.enabledAddons: wecarereminder@bryan:4.1.15.22
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={C13E0375-04DC-4629-A9DE-02BC5F26BB3C}&Version=3.6.5&Vintage=20121042&Defaultbrowserid=62&Productid= 2722&Vendorid=3852&Offerid=6894&searchterm="
FF - prefs.js..keyword.URL: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=8C21AF89554D5ADF1847E1508402 E0A9&q="
FF - user.js - File not found
[2012/10/21 10:13:43 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\ex tensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/09/09 09:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
C:\USERS\IDRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAZ6112F.DEFAULT\EX TENSIONS\{C9B68337-E93A-44EA-94DC-CB300EC06444}
File not found (No name found) -- C:\USERS\IDRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAZ6112F.DEFAULT\EX TENSIONS\ADDON@DEFAULTTAB.COM.XPI
File not found (No name found) -- C:\USERS\IDRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AAZ6112F.DEFAULT\EX TENSIONS\WECAREREMINDER@BRYAN
[2012/10/21 13:44:26 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
CHR - default_search_provider: Conduit (Enabled)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Idris\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3987105026-2523861380-3924649800-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
:Commands
[purity]
[emptytemp]
[Reboot]
  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
=====================================================

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It MUST be saved directly to your desktop. Choose save as and then make sure you choose Desktop

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------


Double click on ComboFix.exe & follow the prompts.
  • when finished, it will produce a report for you.
  • please post the C:\ComboFix.txt for further review.
Logs to include in the next post:

OTL fix log
ComboFix.txt

Satchfan
isasooner's Avatar
isasooner isasooner is offline
Computer Specs
Member with 111 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Intermediate
24-Oct-2012, 08:55 PM #10
No program access
The combo fix rebooted my laptop but upon restart, I cant open or access any program or browser on my laptop, so I cant re post. Need more instructions and fast. I attend school on my laptop.
isasooner's Avatar
isasooner isasooner is offline
Computer Specs
Member with 111 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Intermediate
24-Oct-2012, 09:23 PM #11
Something went wrong.
I guess something went wrong because after the combo fix rebooted my computer I couldn't access any program on my computer. I was told they were all marked for deletion so I had to restart my computer because I have a class tonight. Do i need to re-do the whole combo fix process over again? Also for some reason I cannot locate my optical drive on my laptop. It disappeared and I cannot watch movies on my windows media player. does this process have anything to do with that?
isasooner's Avatar
isasooner isasooner is offline
Computer Specs
Member with 111 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Intermediate
24-Oct-2012, 10:46 PM #12
New OTL
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_USERS\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF006ECD-C343-4ED5-932C-0D2A120861F3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF006ECD-C343-4ED5-932C-0D2A120861F3}\ not found.
Registry key HKEY_USERS\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E1CF7D1B-C719-49A2-B7C0-544A7DBD37CF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1CF7D1B-C719-49A2-B7C0-544A7DBD37CF}\ not found.
Prefs.js: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1 847E15084341867" removed from browser.startup.homepage
Prefs.js: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0 removed from extensions.enabledAddons
Prefs.js: addon@defaulttab.com:1.4.2 removed from extensions.enabledAddons
Prefs.js: wecarereminder@bryan:4.1.15.22 removed from extensions.enabledAddons
Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120 removed from extensions.enabledAddons
Prefs.js: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={C13E0375-04DC-4629-A9DE-02BC5F26BB3C}&Version=3.6.5&Vintage=20121042&Defaultbrowserid=62&Productid= 2722&Vendorid=3852&Offerid=6894&searchterm=" removed from extensions.netassistant.keyword.url
Prefs.js: "http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=8C21AF89554D5ADF1847E1508402 E0A9&q=" removed from keyword.URL
Folder C:\Users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\ex tensions\jid1-yZwVFzbsyfMrqQ@jetpack\ not found.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml not found.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3987105026-2523861380-3924649800-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Idris
->Temp folder emptied: 444792 bytes
->Temporary Internet Files folder emptied: 72041 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 31233510 bytes
->Google Chrome cache emptied: 23843955 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4110 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10242012_220710

Files\Folders moved on Reboot...
C:\Users\Idris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Idris\AppData\Local\Temp\~DF00723636C67A489B.TMP not found!
File\Folder C:\Users\Idris\AppData\Local\Temp\~DF15E364971FB082A5.TMP not found!
File\Folder C:\Users\Idris\AppData\Local\Temp\~DF57937BB40C2087ED.TMP not found!
File\Folder C:\Users\Idris\AppData\Local\Temp\~DF6CDC20EAED9D98F0.TMP not found!
File\Folder C:\Users\Idris\AppData\Local\Temp\~DFB1BCC8CDCC8335FF.TMP not found!
File\Folder C:\Users\Idris\AppData\Local\Temp\~DFC32D882D8F319AF5.TMP not found!
File\Folder C:\Users\Idris\AppData\Local\Temp\~DFEC5A4F8665A886BD.TMP not found!
File\Folder C:\Users\Idris\AppData\Local\Temp\~DFF5C61FBE33CC7C6A.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
isasooner's Avatar
isasooner isasooner is offline
Computer Specs
Member with 111 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Intermediate
24-Oct-2012, 10:48 PM #13
Combofix
ComboFix 12-10-24.02 - Idris 10/24/2012 22:28:51.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3693.2573 [GMT -4:00]
Running from: c:\users\Idris\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-25 02:36 . 2012-10-25 02:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-25 02:36 . 2012-10-25 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-25 02:36 . 2012-10-25 02:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-25 01:41 . 2012-10-12 04:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D355A0DB-CD28-4178-B4DF-DB42E36E85B4}\mpengine.dll
2012-10-24 23:17 . 2012-10-24 23:17 -------- d-----w- C:\_OTL
2012-10-23 16:29 . 2012-10-12 04:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-23 02:13 . 2012-10-23 02:13 -------- d-----w- c:\users\Idris\AppData\Local\CRE
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-23 01:57 . 2012-10-24 23:13 -------- d-----w- c:\program files (x86)\QuickTime
2012-10-23 00:38 . 2012-10-25 01:08 -------- d-----w- c:\users\Idris\AppData\Roaming\WinZip
2012-10-21 20:27 . 2012-10-21 20:27 -------- d-----w- c:\program files (x86)\Microsoft
2012-10-21 19:25 . 2012-10-21 19:24 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{871B5673-2EB6-428E-8B47-EFE2BD083C40}\gapaengine.dll
2012-10-21 19:22 . 2012-10-21 19:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-10-21 19:22 . 2012-10-21 19:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-21 14:50 . 2012-10-21 14:50 -------- d-----w- c:\users\Idris\AppData\Roaming\LavasoftStatistics
2012-10-21 14:14 . 2012-10-21 14:14 -------- d-----w- c:\users\Idris\AppData\Local\Downloaded Installations
2012-10-21 14:08 . 2012-10-21 19:10 -------- d-----w- c:\users\Idris\AppData\Roaming\Ad-Aware Antivirus
2012-10-20 21:39 . 2012-10-24 23:41 -------- d-----w- c:\users\Idris\AppData\Roaming\DefaultTab
2012-10-15 00:02 . 2012-10-15 00:02 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-15 00:02 . 2012-10-15 00:02 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-10 09:39 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 09:39 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 09:39 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 09:39 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 09:39 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 09:39 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 09:39 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 09:39 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 21:44 . 2009-04-16 18:08 248320 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70v.dll
2012-10-09 21:38 . 2009-04-16 18:08 145408 ----a-w- c:\windows\system32\hpfll70v.dll
2012-10-09 21:37 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-10-09 21:37 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2012-10-05 11:26 . 2012-10-05 11:26 -------- d-----w- C:\N360_BACKUP
2012-10-03 10:14 . 2012-10-21 14:11 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 09:50 . 2012-04-07 11:10 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 21:10 . 2012-04-13 23:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 21:10 . 2011-11-02 12:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 15:18 . 2012-09-01 15:18 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 15:18 . 2012-07-20 11:59 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-01 15:18 . 2011-11-02 12:01 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-08-31 02:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-28 05:49 . 2012-09-18 13:17 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53B6CFDD-5688-4055-9DAB-18FD12AADC34}\mpengine.dll
2012-08-24 11:15 . 2012-09-22 07:06 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 07:06 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 07:06 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 07:06 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 07:06 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 07:06 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 07:06 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 07:06 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 07:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 07:06 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 07:06 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 07:06 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 07:06 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 07:06 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 07:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 07:06 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 07:06 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:06 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:06 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 01:15 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 01:16 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 01:15 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 01:15 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 09:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 01:15 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 01:15 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"WindowsLiveDeviceIntegrator"="c:\program files (x86)\Windows Live\Device Integrator\wldi.exe" [2010-09-24 245544]
.
c:\users\Idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz134;cpuz134;c:\users\Idris\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2012-01-05 1675840]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 TDEIO;TDEIO; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-07 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]
R4 GFNEXSrv;GFNEX Service;c:\ubios\GFNEXSrv.exe [2010-04-23 133640]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 136176]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-15 115168]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 9360896]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 309760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-24 1142376]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 21:10]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 11:22]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 11:22]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3987105026-2523861380-3924649800-1000Core.job
- c:\users\Idris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 01:31]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3987105026-2523861380-3924649800-1000UA.job
- c:\users\Idris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 01:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B3C8C90F-BDB6-4028-A7B6-8BA1AEFD3CCA}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\
FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1 847E15084341867
FF - ExtSQL: 2012-10-21 10:13; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\ex tensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-24 22:40:50
ComboFix-quarantined-files.txt 2012-10-25 02:40
ComboFix2.txt 2012-10-24 23:50
.
Pre-Run: 255,404,634,112 bytes free
Post-Run: 254,967,721,984 bytes free
.
- - End Of File - - 10B779FD5C78CC048AAFBA9D322C7B17
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 534 posts.
 
Join Date: Jan 2009
Location: Devon, UK
25-Oct-2012, 12:11 PM #14
I'm afraid immediate replies are not going to happen. We are volunteers with jobs and families plus we are in different time zones. I do, however, reply as quickly as I can and appreciate that you are keen to get this sorted out.

The ComboFix log you sent me was the second run. Please send the first one. ComboFix logs are located at c:\combofix.txt, older logs are at c:\qoobox\combofix2.txt, c:\qoobox\ComboFix3.txt etc
isasooner's Avatar
isasooner isasooner is offline
Computer Specs
Member with 111 posts.
THREAD STARTER
 
Join Date: Oct 2012
Experience: Intermediate
25-Oct-2012, 08:54 PM #15
Combofix
ComboFix 12-10-24.02 - Idris 10/24/2012 22:28:51.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3693.2573 [GMT -4:00]
Running from: c:\users\Idris\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-25 02:36 . 2012-10-25 02:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-10-25 02:36 . 2012-10-25 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-25 02:36 . 2012-10-25 02:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-25 01:41 . 2012-10-12 04:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D355A0DB-CD28-4178-B4DF-DB42E36E85B4}\mpengine.dll
2012-10-24 23:17 . 2012-10-24 23:17 -------- d-----w- C:\_OTL
2012-10-23 16:29 . 2012-10-12 04:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-23 02:13 . 2012-10-23 02:13 -------- d-----w- c:\users\Idris\AppData\Local\CRE
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-10-23 01:58 . 2012-10-23 01:58 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-10-23 01:57 . 2012-10-24 23:13 -------- d-----w- c:\program files (x86)\QuickTime
2012-10-23 00:38 . 2012-10-25 01:08 -------- d-----w- c:\users\Idris\AppData\Roaming\WinZip
2012-10-21 20:27 . 2012-10-21 20:27 -------- d-----w- c:\program files (x86)\Microsoft
2012-10-21 19:25 . 2012-10-21 19:24 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{871B5673-2EB6-428E-8B47-EFE2BD083C40}\gapaengine.dll
2012-10-21 19:22 . 2012-10-21 19:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-10-21 19:22 . 2012-10-21 19:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-21 14:50 . 2012-10-21 14:50 -------- d-----w- c:\users\Idris\AppData\Roaming\LavasoftStatistics
2012-10-21 14:14 . 2012-10-21 14:14 -------- d-----w- c:\users\Idris\AppData\Local\Downloaded Installations
2012-10-21 14:08 . 2012-10-21 19:10 -------- d-----w- c:\users\Idris\AppData\Roaming\Ad-Aware Antivirus
2012-10-20 21:39 . 2012-10-24 23:41 -------- d-----w- c:\users\Idris\AppData\Roaming\DefaultTab
2012-10-15 00:02 . 2012-10-15 00:02 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-15 00:02 . 2012-10-15 00:02 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-10 09:39 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 09:39 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 09:39 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 09:39 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 09:39 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 09:39 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 09:39 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 09:39 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 21:44 . 2009-04-16 18:08 248320 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70v.dll
2012-10-09 21:38 . 2009-04-16 18:08 145408 ----a-w- c:\windows\system32\hpfll70v.dll
2012-10-09 21:37 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-10-09 21:37 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2012-10-05 11:26 . 2012-10-05 11:26 -------- d-----w- C:\N360_BACKUP
2012-10-03 10:14 . 2012-10-21 14:11 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 09:50 . 2012-04-07 11:10 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 21:10 . 2012-04-13 23:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 21:10 . 2011-11-02 12:01 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 15:18 . 2012-09-01 15:18 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 15:18 . 2012-07-20 11:59 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-01 15:18 . 2011-11-02 12:01 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-08-31 02:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-28 05:49 . 2012-09-18 13:17 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53B6CFDD-5688-4055-9DAB-18FD12AADC34}\mpengine.dll
2012-08-24 11:15 . 2012-09-22 07:06 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 07:06 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 07:06 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 07:06 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 07:06 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 07:06 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 07:06 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 07:06 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 07:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 07:06 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 07:06 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 07:06 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 07:06 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 07:06 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 07:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 07:06 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 07:06 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:06 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:06 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 01:15 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 01:16 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 01:15 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 01:15 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 09:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 01:15 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 01:15 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"WindowsLiveDeviceIntegrator"="c:\program files (x86)\Windows Live\Device Integrator\wldi.exe" [2010-09-24 245544]
.
c:\users\Idris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz134;cpuz134;c:\users\Idris\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2012-01-05 1675840]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 TDEIO;TDEIO; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-07 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]
R4 GFNEXSrv;GFNEX Service;c:\ubios\GFNEXSrv.exe [2010-04-23 133640]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 136176]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-15 115168]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 9360896]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 309760]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-24 1142376]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 21:10]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 11:22]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 11:22]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3987105026-2523861380-3924649800-1000Core.job
- c:\users\Idris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 01:31]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3987105026-2523861380-3924649800-1000UA.job
- c:\users\Idris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 01:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe" [2009-09-24 371712]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B3C8C90F-BDB6-4028-A7B6-8BA1AEFD3CCA}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\
FF - prefs.js: browser.startup.homepage - hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=8C21AF89554D5ADF1 847E15084341867
FF - ExtSQL: 2012-10-21 10:13; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Idris\AppData\Roaming\Mozilla\Firefox\Profiles\aaz6112f.default\ex tensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-24 22:40:50
ComboFix-quarantined-files.txt 2012-10-25 02:40
ComboFix2.txt 2012-10-24 23:50
.
Pre-Run: 255,404,634,112 bytes free
Post-Run: 254,967,721,984 bytes free
.
- - End Of File - - 10B779FD5C78CC048AAFBA9D322C7B17
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑