Jump to content
Sign in to follow this  
Rev-Roy

Have I been Hijacked?

Recommended Posts

Looking for advice on slow and poor performance with websites opening.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:20:23 PM, on 10/29/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Users\Rockin Rev\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\AWS\WeatherBug\Weather.exe

C:\Users\Rockin Rev\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

O4 - HKCU\..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dropbox.lnk = Rockin Rev\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 9018 bytes

Share this post


Link to post
Share on other sites

Good Morning:

 

If I open a new tab it will say Babylon Search at the top of the tab. I stay on top of making sure antivirus, etc are kept up to date. I was sure I had removed everything associated with Babylon but apparently something is still messing with me.

Share this post


Link to post
Share on other sites

Hello there,

 

Thanks for your feedback.

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
===================================================

 

Please download aswMBR.exe and save it to your desktop.

  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

     

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

 

Download TDSSKiller.exe and save it to your desktop

 

Execute TDSSKiller.exe by doubleclicking on it.

Press Start Scan

If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.

Once complete, a log will be produced at the root drive which is typically C: ,for example, C:TDSSKiller.<version_date_time>log.txt

 

===================================================

 

On your next reply please post :

DDS log

aswMBR log

TDSSKiller log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Share this post


Link to post
Share on other sites

Thanks for your help.

 

DDS (Ver_2012-10-19.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421

Run by Rockin Rev at 14:50:50 on 2012-10-31

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.1872 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k RPCSS

C:Windowssystem32atiesrxx.exe

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32atieclxx.exe

C:Program FilesDellDellDockDockLogin.exe

C:Windowssystem32svchost.exe -k NetworkService

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program Files (x86)MicrosoftBingBarSeaPort.EXE

C:ProgramDataEPSONEPW!3 SSRPE_S40STB.EXE

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe

C:Program Files (x86)Dell DataSafe Local Backupsftservice.EXE

C:Windowssystem32svchost.exe -k imgsvc

C:Windowssystem32WUDFHost.exe

C:Windowssystem32taskhost.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Program Files (x86)Dell DataSafe Local BackupTOASTER.EXE

C:Program Files (x86)Dell DataSafe Local BackupCOMPONENTSSCHEDULERSTSERVICE.EXE

C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpd.exe

C:UsersRockin RevAppDataRoamingDropboxbinDropbox.exe

C:Windowssystem32SearchIndexer.exe

C:Program Files (x86)Yahoo!Messengerymsgr_tray.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

c:Program FilesMicrosoft Security ClientMsMpEng.exe

C:Program FilesMicrosoft Security Clientmsseces.exe

C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe

C:Windowssystem32taskhost.exe

C:WindowsSystem32svchost.exe -k LocalServicePeerNet

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:Program Files (x86)Mozilla Firefoxplugin-container.exe

C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_4_402_287.exe

C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_4_402_287.exe

C:Program Files (x86)AWSWeatherBugWeather.exe

C:Program Files (x86)Microsoft OfficeOffice12OUTLOOK.EXE

C:Windowssystem32SearchProtocolHost.exe

C:Windowssystem32SearchFilterHost.exe

C:Windowssystem32conhost.exe

C:Windowssystem32wbemwmiprvse.exe

C:WindowsSystem32cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.my.yahoo.com/

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:Program Files (x86)DivXDivX Plus Web PlayerieDivXHTML5DivXHTML5.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRun: [Weather] C:Program Files (x86)AWSWeatherBugWeather.exe 1

uRun: [Messenger (Yahoo!)] "C:PROGRA~2Yahoo!MESSEN~1YahooMessenger.exe" -quiet

uRun: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRunOnce: ["C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"] "C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"

StartupFolder: C:UsersROCKIN~1AppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupDropbox.lnk - C:UsersRockin RevAppDataRoamingDropboxbinDropbox.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:WindowsSystem32GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~1Office12EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

TCP: NameServer = 209.55.24.10 209.55.27.13 8.8.8.8

TCP: Interfaces{DB887993-8B81-4006-9962-D38A9B9E9232} : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces{EC65B112-7899-4765-9125-B7D3AC103FC9} : DHCPNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

SSODL: WebCheck - <orphaned>

x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-Run: [MSC] "c:Program FilesMicrosoft Security Clientmsseces.exe" -hide -runkey

x64-Notify: GoToAssist - C:Program Files (x86)CitrixGoToAssist514G2AWinLogon_x64.dll

x64-Notify: LBTWlgn - c:program filescommon fileslogishrdbluetoothLBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.default

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=114066&tt=3412_1&babsrc=KW_ss&mntrId=52d33c9000000000000000262d1bb039&q=

FF - component: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_4.0.0.127coFFPlgncomponentscoFFPlgn.dll

FF - component: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_4.0.0.127IPSFFPlgncomponentsIPSFFPl.dll

FF - component: C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}componentsRadioWMPCore.dll

FF - component: C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}componentsRadioWMPCoreGecko19.dll

FF - component: C:UsersRockin RevAppDa[email protected]conduit.comcomponentsRadioWMPCore.dll

FF - component: C:UsersRockin RevAppDa[email protected]conduit.comcomponentsRadioWMPCoreGecko19.dll

FF - plugin: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll

FF - plugin: C:Program Files (x86)DivXDivX OVS Helpernpovshelper.dll

FF - plugin: C:Program Files (x86)DivXDivX Plus Web Playernpdivx32.dll

FF - plugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll

FF - plugin: C:Program Files (x86)GooglePicasa3npPicasa3.dll

FF - plugin: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll

FF - plugin: C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll

FF - plugin: c:Program Files (x86)Microsoft Silverlight4.1.10329.0npctrlui.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsNPcol400.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpCouponPrinter.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpMozCouponPrinter.dll

FF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

FF - plugin: C:UsersRockin RevAppDataRoamingMove Networkspluginsnpqmp071706000001.dll

FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_287.dll

FF - plugin: C:WindowsSysWOW64npdeployJava1.dll

FF - plugin: C:WindowsSysWOW64npmproxy.dll

FF - ExtSQL: !HIDDEN! 2012-06-05 21:43; [email protected]_4n.com; C:Program Files (x86)ConservativeTalkNow_4nbar1.bin

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:WindowsSystem32driversMpFilter.sys [2012-8-30 228768]

R0 PxHlpa64;PxHlpa64;C:WindowsSystem32driversPxHlpa64.sys [2010-9-1 55856]

R1 vwififlt;Virtual WiFi Filter Driver;C:WindowsSystem32driversvwififlt.sys [2009-7-13 59904]

R2 AMD External Events Utility;AMD External Events Utility;C:WindowsSystem32atiesrxx.exe [2010-4-1 203776]

R2 BBUpdate;BBUpdate;C:Program Files (x86)MicrosoftBingBarSeaPort.EXE [2011-10-13 249648]

R2 DockLoginService;Dock Login Service;C:Program FilesDellDellDockDockLogin.exe [2009-6-9 155648]

R2 MBAMScheduler;MBAMScheduler;C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-10-13 399432]

R2 SftService;SoftThinks Agent Service;C:Program Files (x86)Dell DataSafe Local BackupSftService.exe [2010-4-1 1692480]

R3 amdkmdag;amdkmdag;C:WindowsSystem32driversatikmdag.sys [2011-4-20 9319936]

R3 amdkmdap;amdkmdap;C:WindowsSystem32driversatikmpag.sys [2011-4-20 306176]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:WindowsSystem32driversk57nd60a.sys [2009-10-16 321064]

R3 MBAMProtector;MBAMProtector;C:WindowsSystem32driversmbam.sys [2011-4-11 25928]

R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:WindowsSystem32driversnetr28ux.sys [2009-9-15 1061888]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:Program FilesDell Support Centerpcdsrvc_x64.pkms [2011-5-12 25072]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-10-13 676936]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-8-23 115168]

S3 NisDrv;Microsoft Network Inspection System;C:WindowsSystem32driversNisDrvWFP.sys [2012-8-30 128456]

S3 NisSrv;Microsoft Network Inspection;C:Program FilesMicrosoft Security ClientNisSrv.exe [2012-9-12 368896]

S3 StorSvc;Storage Service;C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:WindowsSystem32driversTsUsbFlt.sys [2011-3-18 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:WindowsSystem32driversusbaapl64.sys [2012-7-9 52736]

S3 VCR2PC;VCR2PC Analog Capture;C:WindowsSystem32drivers0140_ION.sys [2008-9-22 301504]

S3 WatAdminSvc;Windows Activation Technologies Service;C:WindowsSystem32WatWatAdminSvc.exe [2010-7-19 1255736]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-7-27 63960]

S4 AdvancedSystemCareService;Advanced SystemCare Service;C:Program Files (x86)IObitAdvanced SystemCare 4ASCService.exe [2011-4-27 328536]

S4 AERTFilters;Andrea RT Filters Service;C:Program FilesRealtekAudioHDAAERTSr64.exe [2010-9-28 92160]

S4 BBSvc;Bing Bar Update Service;C:Program Files (x86)MicrosoftBingBarBBSvc.EXE [2011-10-21 196176]

S4 FlipShareServer;FlipShare Server;C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe [2010-12-15 1085440]

S4 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2010-8-5 136176]

S4 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2010-8-5 136176]

S4 TeamViewer7;TeamViewer 7;C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe [2011-11-17 2855808]

.

=============== File Associations ===============

.

FileExt: .vbe: VBEFile=C:WindowsSysWow64CScript.exe "%1" %*

FileExt: .vbs: VBSFile=C:WindowsSysWow64CScript.exe "%1" %*

FileExt: .js: JSFile=C:WindowsSysWow64CScript.exe "%1" %*

FileExt: .jse: JSEFile=C:WindowsSysWow64CScript.exe "%1" %*

FileExt: .wsf: WSFFile=C:WindowsSysWow64CScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-10-31 10:39:07 9291768 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{F3F51F2F-07A8-44F4-B3DA-CB05C7695A4C}mpengine.dll

2012-10-31 06:16:07 9291768 ------w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2012-10-28 10:30:20 972192 ------w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{C5CC51DC-71D3-444A-9AAD-91DB7D44EEDF}gapaengine.dll

2012-10-28 10:30:03 279656 ------w- C:WindowsSystem32MpSigStub.exe

2012-10-28 10:27:40 -------- d-----w- C:Program Files (x86)Microsoft Security Client

2012-10-28 10:27:27 -------- d-----w- C:Program FilesMicrosoft Security Client

2012-10-28 10:27:13 -------- d-----w- C:2ec2d0b144d4460af3db177cbd0e59

2012-10-16 17:58:51 -------- d-----w- C:UsersRockin RevAppDataLocalDDMSettings

2012-10-11 11:18:34 -------- d-----w- C:Airprint

2012-10-09 22:27:22 2048 ----a-w- C:WindowsSysWow64tzres.dll

2012-10-09 22:27:22 2048 ----a-w- C:WindowsSystem32tzres.dll

2012-10-09 22:25:51 5559664 ----a-w- C:WindowsSystem32ntoskrnl.exe

2012-10-09 22:25:50 3968880 ----a-w- C:WindowsSysWow64ntkrnlpa.exe

2012-10-09 22:25:50 3914096 ----a-w- C:WindowsSysWow64ntoskrnl.exe

2012-10-09 22:25:47 245760 ----a-w- C:WindowsSystem32OxpsConverter.exe

2012-10-09 22:25:45 715776 ----a-w- C:WindowsSystem32kerberos.dll

2012-10-09 22:25:45 542208 ----a-w- C:WindowsSysWow64kerberos.dll

2012-10-09 22:25:43 950128 ----a-w- C:WindowsSystem32driversndis.sys

2012-10-09 22:25:43 41472 ----a-w- C:WindowsSystem32driversRNDISMP.sys

2012-10-09 22:25:42 220160 ----a-w- C:WindowsSystem32wintrust.dll

2012-10-09 22:25:42 172544 ----a-w- C:WindowsSysWow64wintrust.dll

2012-10-09 22:23:39 1464320 ----a-w- C:WindowsSystem32crypt32.dll

2012-10-09 22:23:38 1159680 ----a-w- C:WindowsSysWow64crypt32.dll

2012-10-09 22:23:35 184320 ----a-w- C:WindowsSystem32cryptsvc.dll

2012-10-09 22:23:35 140288 ----a-w- C:WindowsSysWow64cryptsvc.dll

2012-10-09 22:23:35 140288 ----a-w- C:WindowsSystem32cryptnet.dll

2012-10-09 22:23:35 103936 ----a-w- C:WindowsSysWow64cryptnet.dll

2012-10-09 22:23:02 751104 ----a-w- C:WindowsSystem32win32spl.dll

2012-10-09 22:23:02 67072 ----a-w- C:Windowssplwow64.exe

2012-10-09 22:23:02 559104 ----a-w- C:WindowsSystem32spoolsv.exe

2012-10-09 22:23:02 492032 ----a-w- C:WindowsSysWow64win32spl.dll

.

==================== Find3M ====================

.

2012-10-09 22:43:46 73656 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2012-10-09 22:43:46 696760 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe

2012-09-29 23:54:26 25928 ----a-w- C:WindowsSystem32driversmbam.sys

2012-09-28 12:56:37 4096000 ----a-w- C:Program Files (x86)GUT2B35.tmp

2012-08-31 18:19:35 1659760 ----a-w- C:WindowsSystem32driversntfs.sys

2012-08-31 02:03:48 228768 ----a-w- C:WindowsSystem32driversMpFilter.sys

2012-08-31 02:03:48 128456 ----a-w- C:WindowsSystem32driversNisDrvWFP.sys

2012-08-24 10:31:32 2312704 ----a-w- C:WindowsSystem32jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:WindowsSystem32wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:WindowsSystem32ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:WindowsSystem32vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:WindowsSysWow64jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:WindowsSysWow64wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:WindowsSysWow64vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:WindowsSystem32driverstcpip.sys

2012-08-22 18:12:40 376688 ----a-w- C:WindowsSystem32driversnetio.sys

2012-08-22 18:12:33 288624 ----a-w- C:WindowsSystem32driversFWPKCLNT.SYS

2012-08-21 17:01:20 33240 ----a-w- C:WindowsSystem32driversGEARAspiWDM.sys

2012-08-21 17:01:20 125872 ----a-w- C:WindowsSystem32GEARAspi64.dll

2012-08-21 17:01:20 106928 ----a-w- C:WindowsSysWow64GEARAspi.dll

2012-08-20 18:48:44 362496 ----a-w- C:WindowsSystem32wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:WindowsSystem32wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:WindowsSystem32wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:WindowsSystem32winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:WindowsSystem32ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:WindowsSystem32KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:WindowsSystem32conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:WindowsSysWow64ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:Windowsapppatchacwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:WindowsSysWow64setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:WindowsSysWow64wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:WindowsSysWow64KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:WindowsSysWow64instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:WindowsSysWow64user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 14:51:15.28 ===============

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-10-31 14:52:14

-----------------------------

14:52:14.312 OS Version: Windows x64 6.1.7601 Service Pack 1

14:52:14.312 Number of processors: 2 586 0x602

14:52:14.312 ComputerName: ROCKINREV-PC UserName: Rockin Rev

14:52:16.714 Initialize success

14:54:54.354 AVAST engine defs: 12103100

14:54:59.674 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0

14:54:59.674 Disk 0 Vendor: ST3500418AS CC45 Size: 476940MB BusType: 11

14:54:59.674 Disk 0 MBR read successfully

14:54:59.689 Disk 0 MBR scan

14:54:59.689 Disk 0 Windows VISTA default MBR code

14:54:59.689 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

14:54:59.705 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920

14:54:59.705 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920

14:54:59.720 Disk 0 scanning C:Windowssystem32drivers

14:55:13.729 Service scanning

14:55:42.714 Modules scanning

14:55:42.730 Disk 0 trace - called modules:

14:55:42.745 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

14:55:42.745 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa8004621380]

14:55:42.761 3 CLASSPNP.SYS[fffff8800190f43f] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-0[0xfffffa80045af060]

14:55:45.085 AVAST engine scan C:Windows

14:55:48.003 AVAST engine scan C:Windowssystem32

14:59:51.722 AVAST engine scan C:Windowssystem32drivers

15:00:24.809 AVAST engine scan C:UsersRockin Rev

15:01:57.661 Disk 0 MBR has been saved successfully to "C:UsersRockin RevDesktopMBR.dat"

15:01:57.676 The log file has been saved successfully to "C:UsersRockin RevDesktopaswMBR.txt"

 

 

There were no threats found by TDSSKiller so log was created.

 

I f I did anything wrond let me know.

Share this post


Link to post
Share on other sites

Hi,

 

You're doing a good job on this. :)

 

Please read through these instructions to familiarize yourself with what to expect when this tool runs

 

Refer to the ComboFix User's Guide

 

 

Download ComboFix from one of these locations:

Link 1

Link 2

 

 

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

 

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs

 

 

====================================================

 

 

Double click on combofix.exe & follow the prompts.

 

 

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply for further review.

Share this post


Link to post
Share on other sites

Really appreciate you folks!

 

ComboFix 12-10-31.03 - Rockin Rev 11/01/2012 7:10.1.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.2131 [GMT -4:00]

Running from: c:usersRockin RevDesktopComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:windowsCOUPon~1.ocx

.

.

((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))

.

.

2012-11-01 10:38 . 2012-10-12 04:19 9291768 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{275DB137-D882-40D2-B94D-B8CD9C3DAAE7}mpengine.dll

2012-11-01 06:16 . 2012-10-12 04:19 9291768 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2012-10-28 10:30 . 2012-10-28 10:30 972192 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{C5CC51DC-71D3-444A-9AAD-91DB7D44EEDF}gapaengine.dll

2012-10-28 10:30 . 2012-01-31 12:44 279656 ------w- c:windowssystem32MpSigStub.exe

2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- c:program files (x86)Microsoft Security Client

2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- c:program filesMicrosoft Security Client

2012-10-16 17:58 . 2012-10-16 17:58 -------- d-----w- c:usersRockin RevAppDataLocalDDMSettings

2012-10-11 11:18 . 2012-10-11 11:18 -------- d-----w- C:Airprint

2012-10-09 22:27 . 2012-09-14 19:19 2048 ----a-w- c:windowssystem32tzres.dll

2012-10-09 22:27 . 2012-09-14 18:28 2048 ----a-w- c:windowsSysWow64tzres.dll

2012-10-09 22:25 . 2012-08-30 18:03 5559664 ----a-w- c:windowssystem32ntoskrnl.exe

2012-10-09 22:25 . 2012-08-30 17:12 3968880 ----a-w- c:windowsSysWow64ntkrnlpa.exe

2012-10-09 22:25 . 2012-08-30 17:12 3914096 ----a-w- c:windowsSysWow64ntoskrnl.exe

2012-10-09 22:25 . 2012-08-21 21:01 245760 ----a-w- c:windowssystem32OxpsConverter.exe

2012-10-09 22:25 . 2012-08-11 00:56 715776 ----a-w- c:windowssystem32kerberos.dll

2012-10-09 22:25 . 2012-08-10 23:56 542208 ----a-w- c:windowsSysWow64kerberos.dll

2012-10-09 22:25 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys

2012-10-09 22:25 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys

2012-10-09 22:25 . 2012-08-24 18:05 220160 ----a-w- c:windowssystem32wintrust.dll

2012-10-09 22:25 . 2012-08-24 16:57 172544 ----a-w- c:windowsSysWow64wintrust.dll

2012-10-09 22:23 . 2012-06-02 05:41 1464320 ----a-w- c:windowssystem32crypt32.dll

2012-10-09 22:23 . 2012-06-02 04:36 1159680 ----a-w- c:windowsSysWow64crypt32.dll

2012-10-09 22:23 . 2012-06-02 05:41 184320 ----a-w- c:windowssystem32cryptsvc.dll

2012-10-09 22:23 . 2012-06-02 05:41 140288 ----a-w- c:windowssystem32cryptnet.dll

2012-10-09 22:23 . 2012-06-02 04:36 140288 ----a-w- c:windowsSysWow64cryptsvc.dll

2012-10-09 22:23 . 2012-06-02 04:36 103936 ----a-w- c:windowsSysWow64cryptnet.dll

2012-10-09 22:23 . 2012-02-11 06:43 751104 ----a-w- c:windowssystem32win32spl.dll

2012-10-09 22:23 . 2012-02-11 06:36 559104 ----a-w- c:windowssystem32spoolsv.exe

2012-10-09 22:23 . 2012-02-11 06:36 67072 ----a-w- c:windowssplwow64.exe

2012-10-09 22:23 . 2012-02-11 05:43 492032 ----a-w- c:windowsSysWow64win32spl.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 22:43 . 2012-06-24 11:42 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-10-09 22:43 . 2012-06-24 11:42 696760 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-10-09 22:31 . 2010-07-20 17:01 65309168 ----a-w- c:windowssystem32MRT.exe

2012-09-29 23:54 . 2011-04-12 02:53 25928 ----a-w- c:windowssystem32driversmbam.sys

2012-09-28 12:56 . 2012-09-28 12:56 4096000 ----a-w- c:program files (x86)GUT2B35.tmp

2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:windowssystem32driversMpFilter.sys

2012-08-31 02:03 . 2012-08-31 02:03 128456 ----a-w- c:windowssystem32driversNisDrvWFP.sys

2012-08-24 11:15 . 2012-09-28 12:53 17810944 ----a-w- c:windowssystem32mshtml.dll

2012-08-24 10:39 . 2012-09-28 12:53 10925568 ----a-w- c:windowssystem32ieframe.dll

2012-08-24 10:31 . 2012-09-28 12:53 2312704 ----a-w- c:windowssystem32jscript9.dll

2012-08-24 10:22 . 2012-09-28 12:53 1346048 ----a-w- c:windowssystem32urlmon.dll

2012-08-24 10:21 . 2012-09-28 12:53 1392128 ----a-w- c:windowssystem32wininet.dll

2012-08-24 10:20 . 2012-09-28 12:53 1494528 ----a-w- c:windowssystem32inetcpl.cpl

2012-08-24 10:18 . 2012-09-28 12:53 237056 ----a-w- c:windowssystem32url.dll

2012-08-24 10:17 . 2012-09-28 12:53 85504 ----a-w- c:windowssystem32jsproxy.dll

2012-08-24 10:14 . 2012-09-28 12:53 173056 ----a-w- c:windowssystem32ieUnatt.exe

2012-08-24 10:14 . 2012-09-28 12:53 816640 ----a-w- c:windowssystem32jscript.dll

2012-08-24 10:13 . 2012-09-28 12:53 599040 ----a-w- c:windowssystem32vbscript.dll

2012-08-24 10:12 . 2012-09-28 12:53 2144768 ----a-w- c:windowssystem32iertutil.dll

2012-08-24 10:11 . 2012-09-28 12:53 729088 ----a-w- c:windowssystem32msfeeds.dll

2012-08-24 10:10 . 2012-09-28 12:53 96768 ----a-w- c:windowssystem32mshtmled.dll

2012-08-24 10:09 . 2012-09-28 12:53 2382848 ----a-w- c:windowssystem32mshtml.tlb

2012-08-24 10:04 . 2012-09-28 12:53 248320 ----a-w- c:windowssystem32ieui.dll

2012-08-24 06:59 . 2012-09-28 12:53 1800704 ----a-w- c:windowsSysWow64jscript9.dll

2012-08-24 06:51 . 2012-09-28 12:53 1129472 ----a-w- c:windowsSysWow64wininet.dll

2012-08-24 06:51 . 2012-09-28 12:53 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl

2012-08-24 06:47 . 2012-09-28 12:53 142848 ----a-w- c:windowsSysWow64ieUnatt.exe

2012-08-24 06:47 . 2012-09-28 12:53 420864 ----a-w- c:windowsSysWow64vbscript.dll

2012-08-24 06:43 . 2012-09-28 12:53 2382848 ----a-w- c:windowsSysWow64mshtml.tlb

2012-08-22 18:12 . 2012-09-28 12:49 1913200 ----a-w- c:windowssystem32driverstcpip.sys

2012-08-22 18:12 . 2012-09-28 12:49 376688 ----a-w- c:windowssystem32driversnetio.sys

2012-08-22 18:12 . 2012-09-28 12:49 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS

2012-08-21 17:01 . 2012-10-01 13:32 33240 ----a-w- c:windowssystem32driversGEARAspiWDM.sys

2012-08-21 17:01 . 2010-07-17 19:05 125872 ----a-w- c:windowssystem32GEARAspi64.dll

2012-08-21 17:01 . 2010-07-17 19:05 106928 ----a-w- c:windowsSysWow64GEARAspi.dll

2012-08-20 17:38 . 2012-10-09 22:26 44032 ----a-w- c:windowsapppatchacwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Weather"="c:program files (x86)AWSWeatherBugWeather.exe" [2010-10-29 1652736]

"Messenger (Yahoo!)"="c:progra~2Yahoo!MESSEN~1YahooMessenger.exe" [2012-01-04 6497592]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2012-09-10 421776]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce]

"c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"="c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe" [2011-10-24 559616]

.

c:usersRockin RevAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Dropbox.lnk - c:usersRockin RevAppDataRoamingDropboxbinDropbox.exe [2012-5-24 27112840]

.

c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Dell Dock First Run.lnk - c:program filesDellDellDockDellDock.exe [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-09-29 676936]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:program files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-10-27 115168]

R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientNisSrv.exe [2012-09-13 368896]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:program filesdell support centerpcdsrvc_x64.pkms [2011-05-12 25072]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2012-07-09 52736]

R3 VCR2PC;VCR2PC Analog Capture;c:windowssystem32DRIVERS0140_ION.sys [2010-09-01 301504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-07-19 1255736]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-07-27 63960]

R4 AdvancedSystemCareService;Advanced SystemCare Service;c:program files (x86)IObitAdvanced SystemCare 4ASCService.exe [2011-08-09 328536]

R4 AERTFilters;Andrea RT Filters Service;c:program filesRealtekAudioHDAAERTSr64.exe [2009-03-31 92160]

R4 BBSvc;Bing Bar Update Service;c:program files (x86)MicrosoftBingBarBBSvc.EXE [2011-10-21 196176]

R4 FlipShareServer;FlipShare Server;c:program files (x86)Flip VideoFlipShareServerFlipShareServer.exe [2010-12-15 1085440]

R4 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 136176]

R4 gupdatem;Google Update Service (gupdatem);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 136176]

R4 TeamViewer7;TeamViewer 7;c:program files (x86)TeamViewerVersion7TeamViewer_Service.exe [2011-11-14 2855808]

S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2010-03-19 55856]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2011-04-20 203776]

S2 BBUpdate;BBUpdate;c:program files (x86)MicrosoftBingBarSeaPort.EXE [2011-10-13 249648]

S2 DockLoginService;Dock Login Service;c:program filesDellDellDockDockLogin.exe [2009-06-09 155648]

S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-09-29 399432]

S2 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2009-10-20 47632]

S2 SftService;SoftThinks Agent Service;c:program files (x86)Dell DataSafe Local Backupsftservice.EXE [2011-08-18 1692480]

S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2011-04-20 9319936]

S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2011-04-20 306176]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys [2009-10-16 321064]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-09-29 25928]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:windowssystem32DRIVERSnetr28ux.sys [2009-09-15 1061888]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-01 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 22:54]

.

2012-11-01 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 22:54]

.

2012-10-25 c:windowsTasksPCDoctorBackgroundMonitorTask.job

- c:program filesDell Support Centeruaclauncher.exe [2011-06-21 18:09]

.

2012-11-01 c:windowsTasksSystemToolsDailyTest.job

- c:program filesDell Support Centeruaclauncher.exe [2011-06-21 18:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://www.my.yahoo.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office12EXCEL.EXE/3000

TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

FF - ProfilePath - c:usersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.default

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=114066&tt=3412_1&babsrc=KW_ss&mntrId=52d33c9000000000000000262d1bb039&q=

FF - ExtSQL: !HIDDEN! 2012-06-05 21:43; [email protected]_4n.com; c:program files (x86)ConservativeTalkNow_4nbar1.bin

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

------- File Associations -------

.

JSEFile=%SystemRoot%SysWow64CScript.exe "%1" %*

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-MobileDocuments - c:program files (x86)Common FilesAppleInternet Servicesubd.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesPCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="??c:program filesdell support centerpcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:program files (x86)IObitAdvanced SystemCare 4PMonitor.exe

c:program files (x86)Dell DataSafe Local BackupTOASTER.EXE

c:program files (x86)Dell DataSafe Local BackupCOMPONENTSSCHEDULERSTSERVICE.EXE

.

**************************************************************************

.

Completion time: 2012-11-01 07:22:44 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-01 11:22

.

Pre-Run: 92,027,400,192 bytes free

Post-Run: 92,115,124,224 bytes free

.

- - End Of File - - 7DEC7682BE1BA3C5FDA1EB4A1113D612

Share this post


Link to post
Share on other sites

Hello,

 

Please follow all previous instructions regarding security programs.

 

Open a new Notepad session

  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.

  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

FireFox::
FF - ProfilePath - c:usersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=114066&tt=3412_1&babsrc=KW_ss&mntrId=52d33c9000000000000000262d1bb039&q=

 

In the notepad

  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

 

This will start ComboFix again.Close all browser/windows first.

 

When finished, it shall produce a log for you. Please post that log, C:ComboFix.txt, in your next reply.

 

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

 

Posted Image

Share this post


Link to post
Share on other sites

ComboFix 12-10-31.03 - Rockin Rev 11/01/2012 14:17:16.2.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.2606 [GMT -4:00]

Running from: c:usersRockin RevDesktopComboFix.exe

Command switches used :: c:usersRockin RevDesktopCFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))

.

.

2012-11-01 18:23 . 2012-11-01 18:23 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp

2012-11-01 18:23 . 2012-11-01 18:23 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-11-01 06:16 . 2012-10-12 04:19 9291768 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2012-10-28 10:30 . 2012-10-28 10:30 972192 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{C5CC51DC-71D3-444A-9AAD-91DB7D44EEDF}gapaengine.dll

2012-10-28 10:30 . 2012-01-31 12:44 279656 ------w- c:windowssystem32MpSigStub.exe

2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- c:program files (x86)Microsoft Security Client

2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- c:program filesMicrosoft Security Client

2012-10-16 17:58 . 2012-10-16 17:58 -------- d-----w- c:usersRockin RevAppDataLocalDDMSettings

2012-10-11 11:18 . 2012-10-11 11:18 -------- d-----w- C:Airprint

2012-10-09 22:27 . 2012-09-14 19:19 2048 ----a-w- c:windowssystem32tzres.dll

2012-10-09 22:27 . 2012-09-14 18:28 2048 ----a-w- c:windowsSysWow64tzres.dll

2012-10-09 22:25 . 2012-08-30 18:03 5559664 ----a-w- c:windowssystem32ntoskrnl.exe

2012-10-09 22:25 . 2012-08-30 17:12 3968880 ----a-w- c:windowsSysWow64ntkrnlpa.exe

2012-10-09 22:25 . 2012-08-30 17:12 3914096 ----a-w- c:windowsSysWow64ntoskrnl.exe

2012-10-09 22:25 . 2012-08-21 21:01 245760 ----a-w- c:windowssystem32OxpsConverter.exe

2012-10-09 22:25 . 2012-08-11 00:56 715776 ----a-w- c:windowssystem32kerberos.dll

2012-10-09 22:25 . 2012-08-10 23:56 542208 ----a-w- c:windowsSysWow64kerberos.dll

2012-10-09 22:25 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys

2012-10-09 22:25 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys

2012-10-09 22:25 . 2012-08-24 18:05 220160 ----a-w- c:windowssystem32wintrust.dll

2012-10-09 22:25 . 2012-08-24 16:57 172544 ----a-w- c:windowsSysWow64wintrust.dll

2012-10-09 22:23 . 2012-06-02 05:41 1464320 ----a-w- c:windowssystem32crypt32.dll

2012-10-09 22:23 . 2012-06-02 04:36 1159680 ----a-w- c:windowsSysWow64crypt32.dll

2012-10-09 22:23 . 2012-06-02 05:41 184320 ----a-w- c:windowssystem32cryptsvc.dll

2012-10-09 22:23 . 2012-06-02 05:41 140288 ----a-w- c:windowssystem32cryptnet.dll

2012-10-09 22:23 . 2012-06-02 04:36 140288 ----a-w- c:windowsSysWow64cryptsvc.dll

2012-10-09 22:23 . 2012-06-02 04:36 103936 ----a-w- c:windowsSysWow64cryptnet.dll

2012-10-09 22:23 . 2012-02-11 06:43 751104 ----a-w- c:windowssystem32win32spl.dll

2012-10-09 22:23 . 2012-02-11 06:36 559104 ----a-w- c:windowssystem32spoolsv.exe

2012-10-09 22:23 . 2012-02-11 06:36 67072 ----a-w- c:windowssplwow64.exe

2012-10-09 22:23 . 2012-02-11 05:43 492032 ----a-w- c:windowsSysWow64win32spl.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 22:43 . 2012-06-24 11:42 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-10-09 22:43 . 2012-06-24 11:42 696760 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-10-09 22:31 . 2010-07-20 17:01 65309168 ----a-w- c:windowssystem32MRT.exe

2012-09-29 23:54 . 2011-04-12 02:53 25928 ----a-w- c:windowssystem32driversmbam.sys

2012-09-28 12:56 . 2012-09-28 12:56 4096000 ----a-w- c:program files (x86)GUT2B35.tmp

2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:windowssystem32driversMpFilter.sys

2012-08-31 02:03 . 2012-08-31 02:03 128456 ----a-w- c:windowssystem32driversNisDrvWFP.sys

2012-08-24 11:15 . 2012-09-28 12:53 17810944 ----a-w- c:windowssystem32mshtml.dll

2012-08-24 10:39 . 2012-09-28 12:53 10925568 ----a-w- c:windowssystem32ieframe.dll

2012-08-24 10:31 . 2012-09-28 12:53 2312704 ----a-w- c:windowssystem32jscript9.dll

2012-08-24 10:22 . 2012-09-28 12:53 1346048 ----a-w- c:windowssystem32urlmon.dll

2012-08-24 10:21 . 2012-09-28 12:53 1392128 ----a-w- c:windowssystem32wininet.dll

2012-08-24 10:20 . 2012-09-28 12:53 1494528 ----a-w- c:windowssystem32inetcpl.cpl

2012-08-24 10:18 . 2012-09-28 12:53 237056 ----a-w- c:windowssystem32url.dll

2012-08-24 10:17 . 2012-09-28 12:53 85504 ----a-w- c:windowssystem32jsproxy.dll

2012-08-24 10:14 . 2012-09-28 12:53 173056 ----a-w- c:windowssystem32ieUnatt.exe

2012-08-24 10:14 . 2012-09-28 12:53 816640 ----a-w- c:windowssystem32jscript.dll

2012-08-24 10:13 . 2012-09-28 12:53 599040 ----a-w- c:windowssystem32vbscript.dll

2012-08-24 10:12 . 2012-09-28 12:53 2144768 ----a-w- c:windowssystem32iertutil.dll

2012-08-24 10:11 . 2012-09-28 12:53 729088 ----a-w- c:windowssystem32msfeeds.dll

2012-08-24 10:10 . 2012-09-28 12:53 96768 ----a-w- c:windowssystem32mshtmled.dll

2012-08-24 10:09 . 2012-09-28 12:53 2382848 ----a-w- c:windowssystem32mshtml.tlb

2012-08-24 10:04 . 2012-09-28 12:53 248320 ----a-w- c:windowssystem32ieui.dll

2012-08-24 06:59 . 2012-09-28 12:53 1800704 ----a-w- c:windowsSysWow64jscript9.dll

2012-08-24 06:51 . 2012-09-28 12:53 1129472 ----a-w- c:windowsSysWow64wininet.dll

2012-08-24 06:51 . 2012-09-28 12:53 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl

2012-08-24 06:47 . 2012-09-28 12:53 142848 ----a-w- c:windowsSysWow64ieUnatt.exe

2012-08-24 06:47 . 2012-09-28 12:53 420864 ----a-w- c:windowsSysWow64vbscript.dll

2012-08-24 06:43 . 2012-09-28 12:53 2382848 ----a-w- c:windowsSysWow64mshtml.tlb

2012-08-22 18:12 . 2012-09-28 12:49 1913200 ----a-w- c:windowssystem32driverstcpip.sys

2012-08-22 18:12 . 2012-09-28 12:49 376688 ----a-w- c:windowssystem32driversnetio.sys

2012-08-22 18:12 . 2012-09-28 12:49 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS

2012-08-21 17:01 . 2012-10-01 13:32 33240 ----a-w- c:windowssystem32driversGEARAspiWDM.sys

2012-08-21 17:01 . 2010-07-17 19:05 125872 ----a-w- c:windowssystem32GEARAspi64.dll

2012-08-21 17:01 . 2010-07-17 19:05 106928 ----a-w- c:windowsSysWow64GEARAspi.dll

2012-08-20 17:38 . 2012-10-09 22:26 44032 ----a-w- c:windowsapppatchacwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Weather"="c:program files (x86)AWSWeatherBugWeather.exe" [2010-10-29 1652736]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2012-09-10 421776]

.

c:usersRockin RevAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Dropbox.lnk - c:usersRockin RevAppDataRoamingDropboxbinDropbox.exe [2012-5-24 27112840]

.

c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Dell Dock First Run.lnk - c:program filesDellDellDockDellDock.exe [N/A]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 DockLoginService;Dock Login Service;c:program filesDellDellDockDockLogin.exe [x]

R2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-09-29 676936]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:program files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-10-27 115168]

R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientNisSrv.exe [2012-09-13 368896]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2012-07-09 52736]

R3 VCR2PC;VCR2PC Analog Capture;c:windowssystem32DRIVERS0140_ION.sys [2010-09-01 301504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-07-19 1255736]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-07-27 63960]

R4 AERTFilters;Andrea RT Filters Service;c:program filesRealtekAudioHDAAERTSr64.exe [2009-03-31 92160]

R4 BBSvc;Bing Bar Update Service;c:program files (x86)MicrosoftBingBarBBSvc.EXE [2011-10-21 196176]

R4 FlipShareServer;FlipShare Server;c:program files (x86)Flip VideoFlipShareServerFlipShareServer.exe [2010-12-15 1085440]

R4 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 136176]

R4 gupdatem;Google Update Service (gupdatem);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 136176]

R4 TeamViewer7;TeamViewer 7;c:program files (x86)TeamViewerVersion7TeamViewer_Service.exe [2011-11-14 2855808]

S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2010-03-19 55856]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-14 59904]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:program files (x86)IObitAdvanced SystemCare 5ASCService.exe [2012-05-26 913792]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2011-04-20 203776]

S2 BBUpdate;BBUpdate;c:program files (x86)MicrosoftBingBarSeaPort.EXE [2011-10-13 249648]

S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-09-29 399432]

S2 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2009-10-20 47632]

S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2011-04-20 9319936]

S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2011-04-20 306176]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys [2009-10-16 321064]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-09-29 25928]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:windowssystem32DRIVERSnetr28ux.sys [2009-09-15 1061888]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:program filesdell support centerpcdsrvc_x64.pkms [2011-05-12 25072]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-01 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 22:54]

.

2012-11-01 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 22:54]

.

2012-10-25 c:windowsTasksPCDoctorBackgroundMonitorTask.job

- c:program filesDell Support Centeruaclauncher.exe [2011-06-21 18:09]

.

2012-11-01 c:windowsTasksSystemToolsDailyTest.job

- c:program filesDell Support Centeruaclauncher.exe [2011-06-21 18:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://www.my.yahoo.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office12EXCEL.EXE/3000

TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

FF - ProfilePath - c:usersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.default

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - ExtSQL: !HIDDEN! 2012-06-05 21:43; [email protected]_4n.com; c:program files (x86)ConservativeTalkNow_4nbar1.bin

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-RunOnce-c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe - c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe

AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:programdata{D19C2D22-6043-47E7-B400-83A351841204}delldock.exe

.

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesPCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="??c:program filesdell support centerpcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-01 14:25:02

ComboFix-quarantined-files.txt 2012-11-01 18:25

ComboFix2.txt 2012-11-01 11:22

.

Pre-Run: 92,273,221,632 bytes free

Post-Run: 91,869,147,136 bytes free

.

- - End Of File - - CCE4A239684FD1B002758B4F1D467DEB

Share this post


Link to post
Share on other sites

ComboFix 12-10-31.03 - Rockin Rev 11/01/2012 14:17:16.2.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3839.2606 [GMT -4:00]

Running from: c:usersRockin RevDesktopComboFix.exe

Command switches used :: c:usersRockin RevDesktopCFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))

.

.

2012-11-01 18:23 . 2012-11-01 18:23 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp

2012-11-01 18:23 . 2012-11-01 18:23 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-11-01 06:16 . 2012-10-12 04:19 9291768 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll

2012-10-28 10:30 . 2012-10-28 10:30 972192 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{C5CC51DC-71D3-444A-9AAD-91DB7D44EEDF}gapaengine.dll

2012-10-28 10:30 . 2012-01-31 12:44 279656 ------w- c:windowssystem32MpSigStub.exe

2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- c:program files (x86)Microsoft Security Client

2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- c:program filesMicrosoft Security Client

2012-10-16 17:58 . 2012-10-16 17:58 -------- d-----w- c:usersRockin RevAppDataLocalDDMSettings

2012-10-11 11:18 . 2012-10-11 11:18 -------- d-----w- C:Airprint

2012-10-09 22:27 . 2012-09-14 19:19 2048 ----a-w- c:windowssystem32tzres.dll

2012-10-09 22:27 . 2012-09-14 18:28 2048 ----a-w- c:windowsSysWow64tzres.dll

2012-10-09 22:25 . 2012-08-30 18:03 5559664 ----a-w- c:windowssystem32ntoskrnl.exe

2012-10-09 22:25 . 2012-08-30 17:12 3968880 ----a-w- c:windowsSysWow64ntkrnlpa.exe

2012-10-09 22:25 . 2012-08-30 17:12 3914096 ----a-w- c:windowsSysWow64ntoskrnl.exe

2012-10-09 22:25 . 2012-08-21 21:01 245760 ----a-w- c:windowssystem32OxpsConverter.exe

2012-10-09 22:25 . 2012-08-11 00:56 715776 ----a-w- c:windowssystem32kerberos.dll

2012-10-09 22:25 . 2012-08-10 23:56 542208 ----a-w- c:windowsSysWow64kerberos.dll

2012-10-09 22:25 . 2012-08-22 18:12 950128 ----a-w- c:windowssystem32driversndis.sys

2012-10-09 22:25 . 2012-07-04 20:26 41472 ----a-w- c:windowssystem32driversRNDISMP.sys

2012-10-09 22:25 . 2012-08-24 18:05 220160 ----a-w- c:windowssystem32wintrust.dll

2012-10-09 22:25 . 2012-08-24 16:57 172544 ----a-w- c:windowsSysWow64wintrust.dll

2012-10-09 22:23 . 2012-06-02 05:41 1464320 ----a-w- c:windowssystem32crypt32.dll

2012-10-09 22:23 . 2012-06-02 04:36 1159680 ----a-w- c:windowsSysWow64crypt32.dll

2012-10-09 22:23 . 2012-06-02 05:41 184320 ----a-w- c:windowssystem32cryptsvc.dll

2012-10-09 22:23 . 2012-06-02 05:41 140288 ----a-w- c:windowssystem32cryptnet.dll

2012-10-09 22:23 . 2012-06-02 04:36 140288 ----a-w- c:windowsSysWow64cryptsvc.dll

2012-10-09 22:23 . 2012-06-02 04:36 103936 ----a-w- c:windowsSysWow64cryptnet.dll

2012-10-09 22:23 . 2012-02-11 06:43 751104 ----a-w- c:windowssystem32win32spl.dll

2012-10-09 22:23 . 2012-02-11 06:36 559104 ----a-w- c:windowssystem32spoolsv.exe

2012-10-09 22:23 . 2012-02-11 06:36 67072 ----a-w- c:windowssplwow64.exe

2012-10-09 22:23 . 2012-02-11 05:43 492032 ----a-w- c:windowsSysWow64win32spl.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 22:43 . 2012-06-24 11:42 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-10-09 22:43 . 2012-06-24 11:42 696760 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-10-09 22:31 . 2010-07-20 17:01 65309168 ----a-w- c:windowssystem32MRT.exe

2012-09-29 23:54 . 2011-04-12 02:53 25928 ----a-w- c:windowssystem32driversmbam.sys

2012-09-28 12:56 . 2012-09-28 12:56 4096000 ----a-w- c:program files (x86)GUT2B35.tmp

2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:windowssystem32driversMpFilter.sys

2012-08-31 02:03 . 2012-08-31 02:03 128456 ----a-w- c:windowssystem32driversNisDrvWFP.sys

2012-08-24 11:15 . 2012-09-28 12:53 17810944 ----a-w- c:windowssystem32mshtml.dll

2012-08-24 10:39 . 2012-09-28 12:53 10925568 ----a-w- c:windowssystem32ieframe.dll

2012-08-24 10:31 . 2012-09-28 12:53 2312704 ----a-w- c:windowssystem32jscript9.dll

2012-08-24 10:22 . 2012-09-28 12:53 1346048 ----a-w- c:windowssystem32urlmon.dll

2012-08-24 10:21 . 2012-09-28 12:53 1392128 ----a-w- c:windowssystem32wininet.dll

2012-08-24 10:20 . 2012-09-28 12:53 1494528 ----a-w- c:windowssystem32inetcpl.cpl

2012-08-24 10:18 . 2012-09-28 12:53 237056 ----a-w- c:windowssystem32url.dll

2012-08-24 10:17 . 2012-09-28 12:53 85504 ----a-w- c:windowssystem32jsproxy.dll

2012-08-24 10:14 . 2012-09-28 12:53 173056 ----a-w- c:windowssystem32ieUnatt.exe

2012-08-24 10:14 . 2012-09-28 12:53 816640 ----a-w- c:windowssystem32jscript.dll

2012-08-24 10:13 . 2012-09-28 12:53 599040 ----a-w- c:windowssystem32vbscript.dll

2012-08-24 10:12 . 2012-09-28 12:53 2144768 ----a-w- c:windowssystem32iertutil.dll

2012-08-24 10:11 . 2012-09-28 12:53 729088 ----a-w- c:windowssystem32msfeeds.dll

2012-08-24 10:10 . 2012-09-28 12:53 96768 ----a-w- c:windowssystem32mshtmled.dll

2012-08-24 10:09 . 2012-09-28 12:53 2382848 ----a-w- c:windowssystem32mshtml.tlb

2012-08-24 10:04 . 2012-09-28 12:53 248320 ----a-w- c:windowssystem32ieui.dll

2012-08-24 06:59 . 2012-09-28 12:53 1800704 ----a-w- c:windowsSysWow64jscript9.dll

2012-08-24 06:51 . 2012-09-28 12:53 1129472 ----a-w- c:windowsSysWow64wininet.dll

2012-08-24 06:51 . 2012-09-28 12:53 1427968 ----a-w- c:windowsSysWow64inetcpl.cpl

2012-08-24 06:47 . 2012-09-28 12:53 142848 ----a-w- c:windowsSysWow64ieUnatt.exe

2012-08-24 06:47 . 2012-09-28 12:53 420864 ----a-w- c:windowsSysWow64vbscript.dll

2012-08-24 06:43 . 2012-09-28 12:53 2382848 ----a-w- c:windowsSysWow64mshtml.tlb

2012-08-22 18:12 . 2012-09-28 12:49 1913200 ----a-w- c:windowssystem32driverstcpip.sys

2012-08-22 18:12 . 2012-09-28 12:49 376688 ----a-w- c:windowssystem32driversnetio.sys

2012-08-22 18:12 . 2012-09-28 12:49 288624 ----a-w- c:windowssystem32driversFWPKCLNT.SYS

2012-08-21 17:01 . 2012-10-01 13:32 33240 ----a-w- c:windowssystem32driversGEARAspiWDM.sys

2012-08-21 17:01 . 2010-07-17 19:05 125872 ----a-w- c:windowssystem32GEARAspi64.dll

2012-08-21 17:01 . 2010-07-17 19:05 106928 ----a-w- c:windowsSysWow64GEARAspi.dll

2012-08-20 17:38 . 2012-10-09 22:26 44032 ----a-w- c:windowsapppatchacwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Weather"="c:program files (x86)AWSWeatherBugWeather.exe" [2010-10-29 1652736]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2012-09-10 421776]

.

c:usersRockin RevAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Dropbox.lnk - c:usersRockin RevAppDataRoamingDropboxbinDropbox.exe [2012-5-24 27112840]

.

c:usersDefault UserAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup

Dell Dock First Run.lnk - c:program filesDellDellDockDellDock.exe [N/A]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 DockLoginService;Dock Login Service;c:program filesDellDellDockDockLogin.exe [x]

R2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-09-29 676936]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:program files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-10-27 115168]

R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientNisSrv.exe [2012-09-13 368896]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2012-07-09 52736]

R3 VCR2PC;VCR2PC Analog Capture;c:windowssystem32DRIVERS0140_ION.sys [2010-09-01 301504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-07-19 1255736]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-07-27 63960]

R4 AERTFilters;Andrea RT Filters Service;c:program filesRealtekAudioHDAAERTSr64.exe [2009-03-31 92160]

R4 BBSvc;Bing Bar Update Service;c:program files (x86)MicrosoftBingBarBBSvc.EXE [2011-10-21 196176]

R4 FlipShareServer;FlipShare Server;c:program files (x86)Flip VideoFlipShareServerFlipShareServer.exe [2010-12-15 1085440]

R4 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 136176]

R4 gupdatem;Google Update Service (gupdatem);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 136176]

R4 TeamViewer7;TeamViewer 7;c:program files (x86)TeamViewerVersion7TeamViewer_Service.exe [2011-11-14 2855808]

S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2010-03-19 55856]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-14 59904]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:program files (x86)IObitAdvanced SystemCare 5ASCService.exe [2012-05-26 913792]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2011-04-20 203776]

S2 BBUpdate;BBUpdate;c:program files (x86)MicrosoftBingBarSeaPort.EXE [2011-10-13 249648]

S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-09-29 399432]

S2 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2009-10-20 47632]

S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatikmdag.sys [2011-04-20 9319936]

S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [2011-04-20 306176]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys [2009-10-16 321064]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-09-29 25928]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:windowssystem32DRIVERSnetr28ux.sys [2009-09-15 1061888]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:program filesdell support centerpcdsrvc_x64.pkms [2011-05-12 25072]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-01 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 22:54]

.

2012-11-01 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-08-05 22:54]

.

2012-10-25 c:windowsTasksPCDoctorBackgroundMonitorTask.job

- c:program filesDell Support Centeruaclauncher.exe [2011-06-21 18:09]

.

2012-11-01 c:windowsTasksSystemToolsDailyTest.job

- c:program filesDell Support Centeruaclauncher.exe [2011-06-21 18:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersRockin RevAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://www.my.yahoo.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office12EXCEL.EXE/3000

TCP: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

FF - ProfilePath - c:usersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.default

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - ExtSQL: !HIDDEN! 2012-06-05 21:43; [email protected]_4n.com; c:program files (x86)ConservativeTalkNow_4nbar1.bin

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-RunOnce-c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe - c:program files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe

AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:programdata{D19C2D22-6043-47E7-B400-83A351841204}delldock.exe

.

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesPCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="??c:program filesdell support centerpcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-01 14:25:02

ComboFix-quarantined-files.txt 2012-11-01 18:25

ComboFix2.txt 2012-11-01 11:22

.

Pre-Run: 92,273,221,632 bytes free

Post-Run: 91,869,147,136 bytes free

.

- - End Of File - - CCE4A239684FD1B002758B4F1D467DEB

Share this post


Link to post
Share on other sites

You shouldn't be seeing Babylon now. How about the overall performance of your computer?

Share this post


Link to post
Share on other sites

Good Morning:

 

I am sorry to say that Babylon Search still shows up when I am on MyYahoo page and I click to open a new blank tab...Babylon Search comes up. Thanks for all your help. The computer is running better but some sites are still hanging during download and taking a long time. Must be some setting with the Shentel Service. I never had this problem when I was with Comcast but have just moved here to Lynchburg VA area and had to get the new service.

 

Again thanks for your time and help.

 

Rev Roy

Share this post


Link to post
Share on other sites

Rev Roy,

 

That's odd. CF isn't showing anymore.

 

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
  • Click the OK button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Share this post


Link to post
Share on other sites

Thanks...here are the scans:

 

OTL logfile created on: 11/2/2012 7:10:38 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersRockin RevDesktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.75 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 67.47% Memory free

7.50 Gb Paging File | 6.12 Gb Available in Paging File | 81.59% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 451.07 Gb Total Space | 84.92 Gb Free Space | 18.83% Space Free | Partition Type: NTFS

 

Computer Name: ROCKINREV-PC | User Name: Rockin Rev | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersRockin RevDesktopOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe (IObit)

PRC - C:UsersRockin RevAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.)

PRC - C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (DockLoginService) -- C:Program FilesDellDellDockDockLogin.exe File not found

SRV:64bit: - (NisSrv) -- c:Program FilesMicrosoft Security ClientNisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:Program FilesMicrosoft Security ClientMsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:WindowsSysNativeatiesrxx.exe (AMD)

SRV:64bit: - (LBTServ) -- C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe (Logitech, Inc.)

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:WindowsSysNativeappmgmts.dll (Microsoft Corporation)

SRV:64bit: - (AERTFilters) -- C:Program FilesRealtekAudioHDAAERTSr64.exe (Andrea Electronics Corporation)

SRV - (MozillaMaintenance) -- C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

SRV - (AdvancedSystemCareService5) -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe (IObit)

SRV - (TeamViewer7) -- C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (BBSvc) -- C:Program Files (x86)MicrosoftBingBarBBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (Microsoft Corporation)

SRV - (FlipShare Service) -- C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe ()

SRV - (FlipShareServer) -- C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe ()

SRV - (GoToAssist) -- C:Program Files (x86)CitrixGoToAssist514g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (ACDaemon) -- C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe (ArcSoft Inc.)

SRV - (rpcapd) -- C:Program Files (x86)WinPcaprpcapd.exe (CACE Technologies, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:Program Files (x86)Yahoo!SoftwareUpdateYahooAUService.exe (Yahoo! Inc.)

SRV - (EPSON_EB_RPCV4_01) -- C:ProgramDataEPSONEPW!3 SSRPE_S40STB.EXE (SEIKO EPSON CORPORATION)

SRV - (EPSON_PM_RPCV4_01) -- C:ProgramDataEPSONEPW!3 SSRPE_S40RPB.EXE (SEIKO EPSON CORPORATION)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation)

DRV:64bit: - (NisDrv) -- C:WindowsSysNativedriversNisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation)

DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:Program FilesDell Support Centerpcdsrvc_x64.pkms (PC-Doctor, Inc.)

DRV:64bit: - (atikmdag) -- C:WindowsSysNativedriversatikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdag) -- C:WindowsSysNativedriversatikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:WindowsSysNativedriversatikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (VCR2PC) -- C:WindowsSysNativedrivers0140_ION.sys (Trident Multimedia Technologies Co.,Ltd)

DRV:64bit: - (SCDEmu) -- C:WindowsSysNativedriversscdemu.sys (PowerISO Computing, Inc.)

DRV:64bit: - (PxHlpa64) -- C:WindowsSysNativedriversPxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (NPF) -- C:WindowsSysNativedriversnpf.sys (CACE Technologies, Inc.)

DRV:64bit: - (k57nd60a) -- C:WindowsSysNativedriversk57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (AtiHdmiService) -- C:WindowsSysNativedriversAtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (netr28ux) -- C:WindowsSysNativedriversnetr28ux.sys (Ralink Technology Corp.)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (LMouFilt) -- C:WindowsSysNativedriversLMouFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LHidFilt) -- C:WindowsSysNativedriversLHidFilt.Sys (Logitech, Inc.)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (AtiPcie) -- C:WindowsSysNativedriversAtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (WimFltr) -- C:WindowsSysNativedriversWimFltr.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM..SearchScopes,DefaultScope = {F4F155B9-542E-4132-8E93-719BCAE2D1B6}

IE:64bit: - HKLM..SearchScopes{F4F155B9-542E-4132-8E93-719BCAE2D1B6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

IE - HKLM..SearchScopes,DefaultScope = {38D94A0A-B4A8-4CD4-8D18-1A1627459FD5}

IE - HKLM..SearchScopes{38D94A0A-B4A8-4CD4-8D18-1A1627459FD5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com/ie

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.my.yahoo.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.google.com/ie

IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie

IE - HKCU..SearchScopes,DefaultScope = {09512006-C404-41B9-8064-7DEBD5808D55}

IE - HKCU..SearchScopes{09512006-C404-41B9-8064-7DEBD5808D55}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=380920"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"

FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145

FF - prefs.js..extensions.enabledAddons: [email protected]_4n.com:2.50.0.56219

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: [email protected]:3.3.4

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..extensions.enabledItems: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}:1.0.126.1

FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

 

 

FF:64bit: - [email protected]/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_4_402_287.dll File not found

FF:64bit: - [email protected]/DivX VOD Helper,version=1.0.0: C:Program FilesDivXDivX OVS Helpernpovshelper.dll (DivX, LLC.)

FF:64bit: - [email protected]/GENUINE: disabled File not found

FF - [email protected]/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_287.dll ()

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]_4n.com/Plugin: C:Program Files (x86)ConservativeTalkNow_4nbar1.binNP4nStub.dll File not found

FF - [email protected]/DivX Browser Plugin,version=1.0.0: C:Program Files (x86)DivXDivX Plus Web Playernpdivx32.dll (DivX, LLC)

FF - [email protected]/DivX VOD Helper,version=1.0.0: C:Program Files (x86)DivXDivX OVS Helpernpovshelper.dll (DivX, LLC.)

FF - [email protected]/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google)

FF - [email protected]/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.)

FF - [email protected]/DTPlugin,version=10.5.1: C:WindowsSysWOW64npDeployJava1.dll (Oracle Corporation)

FF - [email protected]/YahooMessengerStatePlugin;version=1.0.0.6: C:Program Files (x86)Yahoo!SharednpYState.dll (Yahoo! Inc.)

FF - [email protected]/GENUINE: disabled File not found

FF - [email protected]/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight4.1.10329.0npctrl.dll ( Microsoft Corporation)

FF - [email protected]/WLPG,version=14.0.8081.0709: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - [email protected]/Quantum Media Player: C:UsersRockin RevAppDataRoamingMove Networkspluginsnpqmp071706000001.dll (Move Networks)

 

FF - [email protected]rvativeTalkNow_4n.com: C:Program Files (x86)ConservativeTalkNow_4nbar1.bin [2012/08/25 18:44:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:Program Files (x86)DivXDivX Plus Web PlayerfirefoxDivXHTML5 [2012/10/16 13:57:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 16.0.2extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/10/27 08:46:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 16.0.2extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/10/27 08:46:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Thunderbird 3.1.10extensionsComponents: C:Program Files (x86)Mozilla Thunderbirdcomponents [2012/06/05 19:52:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Thunderbird 3.1.10extensionsPlugins: C:Program Files (x86)Mozilla Thunderbirdplugins [2012/08/15 19:36:28 | 000,000,000 | ---D | M]

FF - [email protected]networks.com: C:UsersRockin RevAppDataRoamingMove Networks [2011/05/04 19:11:36 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 16.0.2extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/10/27 08:46:28 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 16.0.2extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/10/27 08:46:26 | 000,000,000 | ---D | M]

 

[2010/10/08 07:36:56 | 000,000,000 | ---D | M] (No name found) -- C:UsersRockin RevAppDataRoamingMozillaExtensions

[2010/10/08 07:36:56 | 000,000,000 | ---D | M] (No name found) -- C:UsersRockin RevAppDataRoamingMozillaExtensions{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012/10/25 08:41:05 | 000,000,000 | ---D | M] (No name found) -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions

[2012/10/25 08:41:05 | 000,000,000 | ---D | M] (ConservativeTalkNow) -- C:UsersRockin RevAppData[email protected]ConservativeTalkNow_4n.com

[2012/08/01 20:22:05 | 000,741,958 | ---- | M] () (No name found) -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2010/06/08 11:31:24 | 000,000,923 | ---- | M] () -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultsearchpluginsconduit.xml

[2010/12/13 16:43:42 | 000,002,698 | ---- | M] () -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultsearchpluginstwitter.xml

[2012/10/27 08:46:25 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2012/10/16 13:57:53 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:PROGRAM FILES (X86)DIVXDIVX PLUS WEB PLAYERFIREFOXDIVXHTML5

[2012/10/27 08:46:28 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll

[2011/08/02 12:07:37 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:Program Files (x86)mozilla firefoxpluginsNPcol400.dll

[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpCouponPrinter.dll

[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpMozCouponPrinter.dll

[2012/08/30 17:50:20 | 000,002,465 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml

[2012/10/11 19:57:16 | 000,002,058 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml

 

========== Chrome ==========

 

CHR - homepage:

CHR - homepage:

CHR - Extension: YouTube = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0

CHR - Extension: Google Search = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

CHR - Extension: DivX Plus Web Player HTML5 u003Cvideou003E = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionsnneajnkjbffgblleaoojgaacokifdkhm2.1.2.145_0

CHR - Extension: Gmail = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

 

O1 HOSTS File: ([2012/11/01 07:18:03 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:Program Files (x86)DivXDivX Plus Web PlayerieDivXHTML5DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.)

O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.)

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..Run: [Kernel and Hardware Abstraction Layer] C:WindowsKHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKCU..Run: [Weather] C:Program Files (x86)AWSWeatherBugWeather.exe (AWS Convergence Technologies, Inc.)

O4 - HKLM..RunOnce: ["C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"] "C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe" File not found

O4 - Startup: C:UsersRockin RevAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDropbox.lnk = C:UsersRockin RevAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:Windowssystem32GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:WindowsSysWow64GPhotos.scr (Google Inc.)

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000007 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{DB887993-8B81-4006-9962-D38A9B9E9232}: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{EC65B112-7899-4765-9125-B7D3AC103FC9}: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlerms-help - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O20:64bit: - WinlogonNotifyGoToAssist: DllName - (C:Program Files (x86)CitrixGoToAssist514G2AWinLogon_x64.dll) - File not found

O20:64bit: - WinlogonNotifyLBTWlgn: DllName - (c:program filescommon fileslogishrdbluetoothLBTWlgn.dll) - c:Program FilesCommon FilesLogishrdBluetoothLBTWLgn.dll (Logitech, Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: AppMgmt - C:WindowsSysNativeappmgmts.dll (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/11/02 07:01:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:UsersRockin RevDesktopOTL.exe

[2012/11/01 14:27:36 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN

[2012/11/01 14:25:03 | 000,000,000 | ---D | C] -- C:Windowstemp

[2012/11/01 07:31:01 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAdvanced SystemCare 5

[2012/11/01 07:26:35 | 000,000,000 | ---D | C] -- C:Config.Msi

[2012/11/01 07:08:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe

[2012/11/01 07:08:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe

[2012/11/01 07:08:30 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe

[2012/11/01 07:07:57 | 000,000,000 | ---D | C] -- C:Qoobox

[2012/11/01 07:07:47 | 000,000,000 | ---D | C] -- C:Windowserdnt

[2012/11/01 06:53:45 | 004,991,994 | R--- | C] (Swearware) -- C:UsersRockin RevDesktopComboFix.exe

[2012/10/31 14:48:13 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:UsersRockin RevDesktoptdsskiller.exe

[2012/10/31 14:47:27 | 004,731,392 | ---- | C] (AVAST Software) -- C:UsersRockin RevDesktopaswMBR.exe

[2012/10/31 14:47:10 | 000,687,724 | R--- | C] (Swearware) -- C:UsersRockin RevDesktopdds(1).com

[2012/10/29 12:14:53 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:UsersRockin RevDesktopHijackThis.exe

[2012/10/28 06:27:40 | 000,000,000 | ---D | C] -- C:Program Files (x86)Microsoft Security Client

[2012/10/28 06:27:27 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft Security Client

[2012/10/28 06:21:24 | 013,529,576 | ---- | C] (Microsoft Corporation) -- C:UsersRockin RevDesktopmseinstall.exe

[2012/10/27 08:46:25 | 000,000,000 | ---D | C] -- C:Program Files (x86)Mozilla Firefox

[2012/10/16 13:58:51 | 000,000,000 | ---D | C] -- C:UsersRockin RevAppDataLocalDDMSettings

[2012/10/11 07:18:34 | 000,000,000 | ---D | C] -- C:Airprint

[2012/10/09 18:26:22 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesrcore.dll

[2012/10/09 18:26:15 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived3d10level9.dll

[2012/10/09 18:26:04 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativekernel32.dll

[2012/10/09 18:26:04 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeKernelBase.dll

[2012/10/09 18:26:03 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeconhost.exe

[2012/10/09 18:26:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64.dll

[2012/10/09 18:26:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinsrv.dll

[2012/10/09 18:26:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64setup16.exe

[2012/10/09 18:26:02 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64win.dll

[2012/10/09 18:26:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentvdm64.dll

[2012/10/09 18:26:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntvdm64.dll

[2012/10/09 18:26:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64cpu.dll

[2012/10/09 18:26:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64instnm.exe

[2012/10/09 18:26:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll

[2012/10/09 18:26:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-security-base-l1-1-0.dll

[2012/10/09 18:26:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-file-l1-1-0.dll

[2012/10/09 18:26:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-file-l1-1-0.dll

[2012/10/09 18:26:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wow32.dll

[2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-threadpool-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processthreads-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processthreads-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-sysinfo-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-sysinfo-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-synch-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-synch-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-misc-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localregistry-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localregistry-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localization-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localization-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-rtlsupport-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processenvironment-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processenvironment-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-namedpipe-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-namedpipe-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-misc-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-memory-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-memory-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-libraryloader-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-libraryloader-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-interlocked-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-heap-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-heap-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-xstate-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-util-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-string-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-string-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-profile-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-profile-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-io-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-io-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-interlocked-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-handle-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-handle-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-fibers-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-fibers-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-errorhandling-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-errorhandling-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-delayload-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-delayload-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-debug-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-debug-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-datetime-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-datetime-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-console-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-console-l1-1-0.dll

[2012/10/09 18:26:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64user.exe

[2012/10/09 18:25:51 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentoskrnl.exe

[2012/10/09 18:25:50 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntkrnlpa.exe

[2012/10/09 18:25:50 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntoskrnl.exe

[2012/10/09 18:25:47 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeOxpsConverter.exe

[2012/10/09 18:25:43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversRNDISMP.sys

[2012/10/09 18:25:42 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewintrust.dll

[2012/10/09 18:23:39 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecrypt32.dll

[2012/10/09 18:23:35 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecryptnet.dll

[2012/10/09 18:23:02 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewin32spl.dll

[2012/10/09 18:23:02 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64win32spl.dll

[2012/10/09 18:23:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:Windowssplwow64.exe

[2 C:Program Files (x86)*.tmp files -> C:Program Files (x86)*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/11/02 07:04:21 | 000,779,266 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/11/02 07:04:21 | 000,660,280 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/11/02 07:04:21 | 000,121,208 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/11/02 07:02:00 | 000,000,906 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job

[2012/11/02 07:01:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersRockin RevDesktopOTL.exe

[2012/11/02 05:43:31 | 000,014,763 | ---- | M] () -- C:UsersRockin RevDesktopTransactions_110212_054233.pdf

[2012/11/02 02:08:21 | 000,014,256 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/02 02:08:21 | 000,014,256 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/01 14:27:32 | 000,000,902 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job

[2012/11/01 14:27:25 | 000,000,506 | ---- | M] () -- C:WindowstasksSystemToolsDailyTest.job

[2012/11/01 14:27:19 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/11/01 14:27:11 | 3019,091,968 | -HS- | M] () -- C:hiberfil.sys

[2012/11/01 07:31:02 | 000,001,274 | ---- | M] () -- C:UsersPublicDesktopUninstaller.lnk

[2012/11/01 07:31:01 | 000,001,223 | ---- | M] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk

[2012/11/01 07:18:03 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts

[2012/11/01 06:53:58 | 004,991,994 | R--- | M] (Swearware) -- C:UsersRockin RevDesktopComboFix.exe

[2012/10/31 15:01:57 | 000,000,512 | ---- | M] () -- C:UsersRockin RevDesktopMBR.dat

[2012/10/31 14:48:27 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:UsersRockin RevDesktoptdsskiller.exe

[2012/10/31 14:48:01 | 004,731,392 | ---- | M] (AVAST Software) -- C:UsersRockin RevDesktopaswMBR.exe

[2012/10/31 14:47:14 | 000,687,724 | R--- | M] (Swearware) -- C:UsersRockin RevDesktopdds(1).com

[2012/10/29 12:14:54 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:UsersRockin RevDesktopHijackThis.exe

[2012/10/28 06:28:02 | 000,001,945 | ---- | M] () -- C:Windowsepplauncher.mif

[2012/10/28 06:21:34 | 013,529,576 | ---- | M] (Microsoft Corporation) -- C:UsersRockin RevDesktopmseinstall.exe

[2012/10/27 09:41:18 | 000,001,111 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/10/27 09:12:21 | 000,000,824 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk

[2012/10/25 08:47:56 | 000,000,564 | ---- | M] () -- C:WindowstasksPCDoctorBackgroundMonitorTask.job

[2012/10/20 09:11:52 | 000,704,578 | ---- | M] () -- C:UsersRockin RevDesktopimg036.pdf

[2012/10/16 13:57:56 | 000,001,622 | ---- | M] () -- C:UsersRockin RevDesktopDivX Movies.lnk

[2012/10/16 13:57:31 | 000,001,114 | ---- | M] () -- C:UsersPublicDesktopDivX Plus Player.lnk

[2012/10/09 18:43:46 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2012/10/09 18:43:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2012/10/09 18:42:11 | 000,550,600 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT

[2 C:Program Files (x86)*.tmp files -> C:Program Files (x86)*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/11/02 05:43:31 | 000,014,763 | ---- | C] () -- C:UsersRockin RevDesktopTransactions_110212_054233.pdf

[2012/11/01 07:31:02 | 000,001,274 | ---- | C] () -- C:UsersPublicDesktopUninstaller.lnk

[2012/11/01 07:31:01 | 000,001,223 | ---- | C] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk

[2012/11/01 07:08:30 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe

[2012/11/01 07:08:30 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe

[2012/11/01 07:08:30 | 000,098,816 | ---- | C] () -- C:Windowssed.exe

[2012/11/01 07:08:30 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe

[2012/11/01 07:08:30 | 000,068,096 | ---- | C] () -- C:Windowszip.exe

[2012/10/31 15:01:57 | 000,000,512 | ---- | C] () -- C:UsersRockin RevDesktopMBR.dat

[2012/10/28 06:28:02 | 000,001,945 | ---- | C] () -- C:Windowsepplauncher.mif

[2012/10/28 06:27:52 | 000,002,119 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Security Essentials.lnk

[2012/10/20 09:11:51 | 000,704,578 | ---- | C] () -- C:UsersRockin RevDesktopimg036.pdf

[2012/10/16 13:57:31 | 000,001,114 | ---- | C] () -- C:UsersPublicDesktopDivX Plus Player.lnk

[2011/11/19 08:34:13 | 000,000,061 | ---- | C] () -- C:WindowsTaxACT11.ini

[2011/05/21 17:50:00 | 000,000,109 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.32.bc

[2011/05/21 17:47:03 | 000,772,990 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

[2011/05/12 14:52:31 | 000,001,940 | ---- | C] () -- C:UsersRockin RevAppDataLocal{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:WindowsSysWow64atipblag.dat

[2010/12/14 14:58:13 | 000,004,096 | -H-- | C] () -- C:UsersRockin RevAppDataLocalkeyfile3.drm

[2010/12/13 08:56:41 | 000,000,048 | ---- | C] () -- C:WindowsTaxACT10.ini

[2010/09/15 17:37:18 | 000,009,728 | ---- | C] () -- C:UsersRockin RevAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:WindowsassemblyDesktop.ini

 

[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64

 

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

 

[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64

 

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64

"" = C:WindowsSysNativeshell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

"" = %SystemRoot%system32shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64

"" = C:WindowsSysNativewbemfastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]

"" = %systemroot%system32wbemfastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64

"" = C:WindowsSysNativewbemwbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]

 

========== Custom Scans ==========

 

< %SYSTEMDRIVE%*.exe >

 

< MD5 for: EXPLORER.EXE >

[2010/04/01 12:08:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889explorer.exe

[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25explorer.exe

[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652dexplorer.exe

[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761explorer.exe

[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4explorer.exe

[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202explorer.exe

[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020explorer.exe

[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:Windowserdntcache86explorer.exe

[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:Windowsexplorer.exe

[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0baexplorer.exe

[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332explorer.exe

[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafbexplorer.exe

[2010/04/01 12:08:14 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81explorer.exe

[2010/04/01 12:08:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41cexplorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:WindowsSysWOW64explorer.exe

[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5explorer.exe

[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007explorer.exe

[2010/04/01 12:08:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617explorer.exe

[2004/08/04 03:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:Roy,s Old Computer Files 8-30-2010My DocumentsCWINDOWSexplorer.exe

[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900explorer.exe

[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7explorer.exe

[2010/04/01 12:08:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9explorer.exe

[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566explorer.exe

[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2explorer.exe

[2010/04/01 12:08:14 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568eexplorer.exe

[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9explorer.exe

[2010/04/01 12:08:20 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:Windowswinsxsamd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79aeexplorer.exe

[2010/04/01 12:08:14 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:Windowswinsxswow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7cexplorer.exe

 

< MD5 for: SERVICES.EXE >

[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:Windowserdntcache64services.exe

[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:WindowsSysNativeservices.exe

[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:Windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1services.exe

[2004/08/04 03:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:Roy,s Old Computer Files 8-30-2010My DocumentsCWINDOWSServicePackFilesi386services.exe

 

< MD5 for: SVCHOST.EXE >

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:Windowserdntcache86svchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:WindowsSysWOW64svchost.exe

[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:Windowswinsxsx86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356svchost.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:Program Files (x86)Malwarebytes' Anti-MalwareChameleonsvchost.exe

[2004/08/04 03:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:Roy,s Old Computer Files 8-30-2010My DocumentsCWINDOWSServicePackFilesi386svchost.exe

[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:Windowserdntcache64svchost.exe

[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:WindowsSysNativesvchost.exe

[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:Windowswinsxsamd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48csvchost.exe

 

< MD5 for: USERINIT.EXE >

[2004/08/04 03:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:Roy,s Old Computer Files 8-30-2010My DocumentsCWINDOWSServicePackFilesi386userinit.exe

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:Windowserdntcache86userinit.exe

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:WindowsSysWOW64userinit.exe

[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116userinit.exe

[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7cuserinit.exe

[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:Windowswinsxsamd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2userinit.exe

[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:Windowserdntcache64userinit.exe

[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:WindowsSysNativeuserinit.exe

[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:Windowswinsxsamd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824cuserinit.exe

 

< MD5 for: WINLOGON.EXE >

[2004/08/04 03:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:Roy,s Old Computer Files 8-30-2010My DocumentsCWINDOWSServicePackFilesi386winlogon.exe

[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:Windowserdntcache64winlogon.exe

[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:WindowsSysNativewinlogon.exe

[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636winlogon.exe

[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829cwinlogon.exe

[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:Program Files (x86)Malwarebytes' Anti-MalwareChameleonwinlogon.exe

[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8winlogon.exe

[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:Windowswinsxsamd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042adwinlogon.exe

 

< %systemroot%*. /rp /s >

 

< %systemdrive%$Recycle.Bin|@;true;true;true >

 

========== Drive Information ==========

 

Physical Drives

---------------

 

Drive: .PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: ST3500418AS ATA Device

Partitions: 3

Status: OK

Status Info: 0

 

Drive: .PHYSICALDRIVE1 -

Interface type: USB

Media Type:

Model: Generic- SD/MMC USB Device

Partitions: 0

Status: OK

Status Info: 0

 

Drive: .PHYSICALDRIVE2 -

Interface type: USB

Media Type:

Model: Generic- Compact Flash USB Device

Partitions: 0

Status: OK

Status Info: 0

 

Drive: .PHYSICALDRIVE3 -

Interface type: USB

Media Type:

Model: Generic- SM/xD Picture USB Device

Partitions: 0

Status: OK

Status Info: 0

 

Drive: .PHYSICALDRIVE4 -

Interface type: USB

Media Type:

Model: Generic- MS/MS-Pro USB Device

Partitions: 0

Status: OK

Status Info: 0

 

Drive: .PHYSICALDRIVE5 -

Interface type: USB

Media Type:

Model: EPSON Stylus Storage USB Device

Partitions: 0

Status: OK

Status Info: 0

 

Partitions

---------------

 

DeviceID: Disk #0, Partition #0

PartitionType: Unknown

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 39.00MB

Starting Offset: 32256

Hidden sectors: 0

 

 

DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 15.00GB

Starting Offset: 41943040

Hidden sectors: 0

 

 

DeviceID: Disk #0, Partition #2

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 451.00GB

Starting Offset: 15770583040

Hidden sectors: 0

 

 

< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

 

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

 

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:WindowsSystem32configsystemprofileAppDataLocalApplication Data] -> C:Windowssystem32configsystemprofileAppDataLocal -> Junction

[C:WindowsSystem32configsystemprofileAppDataLocalHistory] -> C:Windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistory -> Junction

[C:WindowsSystem32configsystemprofileAppDataLocalTemporary Internet Files] -> C:Windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files -> Junction

[C:WindowsSystem32configsystemprofileApplication Data] -> C:Windowssystem32configsystemprofileAppDataRoaming -> Junction

[C:WindowsSystem32configsystemprofileLocal Settings] -> C:Windowssystem32configsystemprofileAppDataLocal -> Junction

[C:WindowsSystem32configsystemprofileStart Menu] -> C:Windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsStart Menu -> Junction

[C:WindowsSysWOW64configsystemprofileAppDataLocalApplication Data] -> C:Windowssystem32configsystemprofileAppDataLocal -> Junction

[C:WindowsSysWOW64configsystemprofileAppDataLocalHistory] -> C:Windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistory -> Junction

[C:WindowsSysWOW64configsystemprofileAppDataLocalTemporary Internet Files] -> C:Windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files -> Junction

[C:WindowsSysWOW64configsystemprofileApplication Data] -> C:Windowssystem32configsystemprofileAppDataRoaming -> Junction

[C:WindowsSysWOW64configsystemprofileLocal Settings] -> C:Windowssystem32configsystemprofileAppDataLocal -> Junction

[C:WindowsSysWOW64configsystemprofileStart Menu] -> C:Windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsStart Menu -> Junction

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 105 bytes -> C:ProgramDataTEMP:5C321E34

 

< End of report >


Share this post


Link to post
Share on other sites

Sorry, must have done something wrong with txt extra so here it is:

 

OTL Extras logfile created on: 11/2/2012 7:10:38 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersRockin RevDesktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.75 Gb Total Physical Memory | 2.53 Gb Available Physical Memory | 67.47% Memory free

7.50 Gb Paging File | 6.12 Gb Available in Paging File | 81.59% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 451.07 Gb Total Space | 84.92 Gb Free Space | 18.83% Space Free | Partition Type: NTFS

 

Computer Name: ROCKINREV-PC | User Name: Rockin Rev | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.html[@ = ChromeHTML] -- C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation)

.jse[@ = JSEFile] -- C:WindowsSysWow64CScript.exe (Microsoft Corporation)

.wsf[@ = WSFFile] -- C:WindowsSysWow64CScript.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:Program Files (x86)GoogleChromeApplicationchrome.exe (Google Inc.)

.jse [@ = JSEFile] -- C:WindowsSysWow64CScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:WindowsSysWow64CScript.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USERSOFTWAREClasses<extension>]

.html [@ = FirefoxHTML] -- C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%system32mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

https [open] -- "C:Program Files (x86)GoogleChromeApplicationchrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%System32rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsefile [open] -- %SystemRoot%SysWow64CScript.exe "%1" %* (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

wsffile [open] -- %SystemRoot%SysWow64CScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

https [open] -- "C:Program Files (x86)GoogleChromeApplicationchrome.exe" -- "%1" (Google Inc.)

jsefile [open] -- %SystemRoot%SysWow64CScript.exe "%1" %* (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

wsffile [open] -- %SystemRoot%SysWow64CScript.exe "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

"{070E7D0D-8B17-4776-A626-8F50E10303CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%system32svchost.exe |

"{073DC90F-12A0-4A63-95B4-E6BF2910BDCA}" = rport=137 | protocol=17 | dir=out | app=system |

"{0ED10857-36B0-4AE9-8A64-E19B14F5C34E}" = lport=445 | protocol=6 | dir=in | app=system |

"{2A0C19D2-57EC-48D9-BB88-963938CCA1D9}" = rport=445 | protocol=6 | dir=out | app=system |

"{2BC578CB-0331-4AC2-9383-EF9718F3266E}" = rport=139 | protocol=6 | dir=out | app=system |

"{2ED74930-CA1A-4059-9C28-F3A377098972}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%system32svchost.exe |

"{2F8D7D56-E84B-4884-B994-25119F737E03}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%system32svchost.exe |

"{49048164-CF34-4810-A58E-38CA93094289}" = lport=10243 | protocol=6 | dir=in | app=system |

"{52166989-B3DF-43B0-B5BD-CC6D6D9365F2}" = rport=10243 | protocol=6 | dir=out | app=system |

"{53FB94F5-FD7C-407B-9003-F9033C27A3B4}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |

"{5442B365-3A47-45CF-ACD8-4A60A5AEC9F2}" = lport=137 | protocol=17 | dir=in | app=system |

"{59BA996E-9178-4473-8341-FF73BAFEAB65}" = lport=138 | protocol=17 | dir=in | app=system |

"{61BD4BA9-92AD-4C0A-AF46-2F1A711B041B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{6C0ED348-2FE8-48F7-8025-D5E3FB0A227D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |

"{76189C0B-E794-4187-AE7C-B760BEAD4479}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe |

"{7C6809A3-076C-463C-BBC3-F9850AD47275}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7E86A563-0982-47AF-B7E4-1EE04FA35CD0}" = lport=6004 | protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice12outlook.exe |

"{7F3787C2-6B59-4013-AE75-5AEAB818D2B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |

"{8105771F-E3FC-49EE-91FE-153BC641A0D1}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |

"{902228C8-5226-4A37-80D5-2AC1E090CB63}" = lport=139 | protocol=6 | dir=in | app=system |

"{93CF8622-C338-47BD-A4E9-C6F52772FDF2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%system32svchost.exe |

"{A515DAC9-5FEC-47B0-91C0-51667BE347FE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B36B800B-0A98-4A41-B358-C65B2A72334C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{BBE42DDB-0E04-4476-B24E-FBF48734CAAD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%system32svchost.exe |

"{D61CD8AD-670B-44D1-9678-4B74B5E88AA0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |

"{D75B977E-6F7D-4FCA-B094-E24944E19090}" = rport=138 | protocol=17 | dir=out | app=system |

"{E4759053-4412-4B6A-83F2-2EE502778970}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%system32svchost.exe |

"{F1391560-9DC4-429C-B697-BEBF223E2CD9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |

"{F9ACCA38-33CF-4A20-8EE0-E51F2F891979}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:windowsmicrosoft.netframework64v4.0.30319smsvchost.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

"{122D9423-CE6E-4F3E-A1A7-66ED6CA01D66}" = dir=in | app=c:program files (x86)cyberlinkpowerdvd dxpdvddxsrv.exe |

"{25144595-F361-4E4B-B1F6-216DA7DA116E}" = protocol=6 | dir=in | app=c:program files (x86)bonjourmdnsresponder.exe |

"{28C6EF13-C4F9-44EC-ADDA-898D3402788E}" = protocol=1 | dir=out | [email protected],-28544 |

"{2B0C9458-7495-40B6-9F25-6630F81AD39A}" = protocol=17 | dir=in | app=c:usersrockin revappdataroamingdropboxbindropbox.exe |

"{30673D7F-9CC9-4D3D-9C1A-FD72A84CA011}" = protocol=58 | dir=in | [email protected],-28545 |

"{334A1306-6F09-4078-986C-7CF9E9B232A7}" = protocol=6 | dir=in | app=c:program files (x86)teamviewerversion7teamviewer.exe |

"{374B89B2-132F-49CD-8797-F83A5496099E}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmpnetwk.exe |

"{395D7403-426C-4F61-A997-9F4AF0FA88B3}" = protocol=17 | dir=in | app=c:program filesbonjourmdnsresponder.exe |

"{4118D22D-68DF-4969-BAF8-ED124497BE68}" = protocol=1 | dir=in | [email protected],-28543 |

"{42AE129D-EAF8-4ED5-B15F-180FAED254EF}" = dir=in | app=c:program files (x86)cyberlinkpowerdvd dxpowerdvd.exe |

"{530F8269-6649-49BA-99CD-DB7F8B3B1626}" = dir=in | app=c:program files (x86)windows livemessengermsnmsgr.exe |

"{62442448-617E-445D-877C-AFB246AC9704}" = protocol=58 | dir=out | [email protected],-503 |

"{6F53697A-3383-4C7E-B5B8-39BC8E43739B}" = dir=in | app=c:program files (x86)windows livemessengerwlcsdk.exe |

"{78385FAA-9414-44E8-BBE6-C4F4297C0FEF}" = protocol=17 | dir=in | app=%programfiles(x86)%windows media playerwmplayer.exe |

"{7BCF28A3-5653-4722-B30D-B01CDD58978A}" = protocol=6 | dir=in | app=c:program files (x86)teamviewerversion7teamviewer_service.exe |

"{7D41BB5A-8FDE-4BA5-8A3E-2402E02D7E30}" = protocol=17 | dir=in | app=c:program files (x86)ionez video convertermediatv.exe |

"{7DC69143-E9D2-4406-AE88-A385759684C6}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe |

"{85DC91C7-502A-473C-8A72-34F3CF100D97}" = protocol=6 | dir=in | app=%programfiles%windows media playerwmpnetwk.exe |

"{875B3825-A9A2-47BD-9160-9853DA2E4EC4}" = protocol=17 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe |

"{8941F1BE-1F3C-43F1-8A99-C3C06AC08AF4}" = protocol=17 | dir=in | app=c:program files (x86)videolanvlcvlc.exe |

"{8FD5112E-F919-4305-BF6D-0730EC78AA1D}" = dir=in | app=c:program files (x86)itunesitunes.exe |

"{9119AF32-7E24-4831-8CD2-27EC393017FC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%system32svchost.exe |

"{9C5AE56D-EBE5-4B45-BFAC-89CE2D407698}" = protocol=6 | dir=in | app=c:usersrockin revappdataroamingdropboxbindropbox.exe |

"{A2790462-74F3-40A1-9983-2AB4F3B43E46}" = protocol=6 | dir=in | app=c:program filesbonjourmdnsresponder.exe |

"{A3ED6347-FBA8-4900-9D50-7B6605B710C0}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{A6011328-0BF8-4032-B822-E5D5CF5FF721}" = protocol=6 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe |

"{A8B200BF-1198-40EF-AB20-7504FC93310D}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmpnetwk.exe |

"{AF8EC3FC-8FC5-4242-836F-D7BC421E7B43}" = protocol=6 | dir=in | app=c:program files (x86)ionez video convertermediatv.exe |

"{B11A02F6-0234-4A7A-9ECE-194469CE7904}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{B2E7C03A-963A-4429-81E2-CE547D4A704C}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{B7A3E20E-BF71-40F3-BB0F-0127D6B96A02}" = protocol=17 | dir=in | app=c:program files (x86)yahoo!messengeryahoomessenger.exe |

"{BA80042C-61E4-4579-A429-55E6FA47318D}" = protocol=6 | dir=in | app=c:program files (x86)videolanvlcvlc.exe |

"{CA4549BA-71FA-4006-8A40-3C17A5CDCF0A}" = protocol=6 | dir=in | app=c:program files (x86)yahoo!messengeryahoomessenger.exe |

"{D2B2C2F3-D9F2-4A63-BACD-2F9DD38890A7}" = dir=in | app=c:program files (x86)windows livesyncwindowslivesync.exe |

"{D7472C60-F790-4D04-A41E-A15D0E9BEEDA}" = dir=in | app=c:program files (x86)common filesappleapple application supportwebkit2webprocess.exe |

"{DCEAE4EF-A20D-4E18-86D3-8011BEC17711}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{DD9DE206-F106-49DA-8DDE-FED12AFEA607}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe |

"{E8450675-920C-4F85-A4D7-BBABED0BDA51}" = protocol=58 | dir=out | [email protected],-28546 |

"{F18C8283-D4E5-47C2-946B-0407BA027A98}" = protocol=58 | dir=in | app=system |

"{F28082B7-CFD3-42FE-BD39-F0F0B58B7E3C}" = protocol=17 | dir=in | app=c:program files (x86)teamviewerversion7teamviewer.exe |

"{F6527590-2BD7-4CEF-B59B-FF4623EDDABE}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmpnetwk.exe |

"{FA70FDEB-27B6-4215-9522-7C89B92DB3B9}" = protocol=17 | dir=in | app=c:program files (x86)teamviewerversion7teamviewer_service.exe |

"{FB890A38-B00F-4773-A3F8-630C46165FFC}" = protocol=17 | dir=in | app=c:program files (x86)bonjourmdnsresponder.exe |

"{FD24DBCC-658D-447D-B825-F2BB9AAD0D2D}" = protocol=6 | dir=out | app=system |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center

"{04C8E4DB-C344-BABE-7636-102B3E30C4EA}" = ATI Catalyst Install Manager

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support

"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst

"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client

"{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64

"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"Dell Support Center" = Dell Support Center

"EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall

"Glo Bible Software" = Glo Bible Software

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{04E364F1-4582-4567-A6C8-C7FBBCC86C91}" = ION EZ Video Converter

"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common

"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug

"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228

"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5

"{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare

"{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch

"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy

"{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish

"{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation

"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish

"{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French

"{76247198-4962-41BA-B913-8025C5A658C8}" = NetObjects Fusion 8

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn

"{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English

"{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai

"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar

"{BC650175-58D2-400A-BCF8-B3B473052B70}" = NetObjects Fusion 8

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish

"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8

"{D4C7DAB9-6623-4D86-9B9A-C9F8903BA4D2}" = MediaImpression 2.0 for PENTAX

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian

"{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light

"{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese

"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard

"{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek

"{F84B62D4-2F12-4F17-A274-ADA8032EB44B}" = Envisioneer Express 7

"{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Advanced SystemCare 5_is1" = Advanced SystemCare 5

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"DivX Setup" = DivX Setup

"EPSON Scanner" = EPSON Scan

"ESET Online Scanner" = ESET Online Scanner v3

"FileZilla Client" = FileZilla Client 3.3.4.1

"Google Chrome" = Google Chrome

"GoToAssist" = GoToAssist 8.0.0.514

"iLivid" = iLivid

"ImgBurn" = ImgBurn

"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5

"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader

"InstallShield_{F84B62D4-2F12-4F17-A274-ADA8032EB44B}" = Envisioneer Express 7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Picasa 3" = Picasa 3

"PowerISO" = PowerISO

"PROPLUS" = Microsoft Office Professional Plus 2007

"SpywareBlaster_is1" = SpywareBlaster 4.6

"TaxACT 2009" = TaxACT 2009

"TaxACT 2010" = TaxACT 2010

"TaxACT 2011 - 1040 Edition" = TaxACT 2011 - 1040 Edition

"TeamViewer 7" = TeamViewer 7

"Theophilos 3.0_is1" = Theophilos 3.0

"TRENDnet 200Mbps Powerline Utility" = TRENDnet 200Mbps Powerline Utility

"VLC media player" = VLC media player 1.1.9

"VLC Setup Helper_is1" = VLC Setup Helper 4.05

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.1

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

"YTdetect" = Yahoo! Detect

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"Dropbox" = Dropbox

"f031ef6ac137efc5" = Dell Driver Download Manager

"Move Media Player" = Move Media Player

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 10/1/2012 12:31:48 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:program files (x86)ESETeset

online scannerESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 10/1/2012 12:32:29 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:program files (x86)windows

livephoto galleryMovieMaker.Exe".Error in manifest or policy file "c:program

files (x86)windows livephoto galleryWLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

 

Error - 10/2/2012 12:31:56 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:program files (x86)ESETeset

online scannerESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 10/2/2012 12:32:39 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:program files (x86)windows

livephoto galleryMovieMaker.Exe".Error in manifest or policy file "c:program

files (x86)windows livephoto galleryWLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

 

Error - 10/2/2012 8:48:44 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:UsersRockin RevDesktopNew

Briefcaseesetsmartinstaller_enu.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 10/4/2012 12:32:16 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:program files (x86)ESETeset

online scannerESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 10/4/2012 12:33:05 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:program files (x86)windows

livephoto galleryMovieMaker.Exe".Error in manifest or policy file "c:program

files (x86)windows livephoto galleryWLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

 

Error - 10/5/2012 12:31:59 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:program files (x86)ESETeset

online scannerESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error - 10/5/2012 12:32:47 AM | Computer Name = RockinRev-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:program files (x86)windows

livephoto galleryMovieMaker.Exe".Error in manifest or policy file "c:program

files (x86)windows livephoto galleryWLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

 

Error - 10/6/2012 12:00:05 AM | Computer Name = RockinRev-PC | Source = VSS | ID = 8193

Description =

 

[ Dell Events ]

Error - 3/26/2011 8:29:27 AM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 4/12/2011 8:06:27 AM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 4/12/2011 8:06:27 AM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 4/15/2011 7:24:51 AM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 4/15/2011 7:24:51 AM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 7/20/2011 6:37:30 PM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 7/20/2011 6:37:30 PM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 7/27/2011 2:10:24 PM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 7/27/2011 2:10:24 PM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 1/11/2012 8:48:41 AM | Computer Name = RockinRev-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

[ OSession Events ]

Error - 5/18/2011 8:13:37 AM | Computer Name = RockinRev-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 3405

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 7/8/2011 7:02:25 AM | Computer Name = RockinRev-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 552821

seconds with 3360 seconds of active time. This session ended with a crash.

 

Error - 9/14/2011 8:35:02 AM | Computer Name = RockinRev-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 22

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 11/1/2012 7:31:05 AM | Computer Name = RockinRev-PC | Source = Service Control Manager | ID = 7030

Description = The Advanced SystemCare Service 5 service is marked as an interactive

service. However, the system is configured to not allow interactive services.

This service may not function properly.

 

Error - 11/1/2012 7:41:06 AM | Computer Name = RockinRev-PC | Source = DCOM | ID = 10010

Description =

 

Error - 11/1/2012 7:41:54 AM | Computer Name = RockinRev-PC | Source = Service Control Manager | ID = 7000

Description = The Dock Login Service service failed to start due to the following

error: %%2

 

Error - 11/1/2012 7:45:46 AM | Computer Name = RockinRev-PC | Source = Schannel | ID = 36888

Description = The following fatal alert was generated: 10. The internal error state

is 10.

 

Error - 11/1/2012 7:45:46 AM | Computer Name = RockinRev-PC | Source = Schannel | ID = 36888

Description = The following fatal alert was generated: 10. The internal error state

is 10.

 

Error - 11/1/2012 2:21:07 PM | Computer Name = RockinRev-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

 

Error - 11/1/2012 2:23:11 PM | Computer Name = RockinRev-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

 

Error - 11/1/2012 2:26:37 PM | Computer Name = RockinRev-PC | Source = DCOM | ID = 10010

Description =

 

Error - 11/1/2012 2:27:25 PM | Computer Name = RockinRev-PC | Source = Service Control Manager | ID = 7000

Description = The Dock Login Service service failed to start due to the following

error: %%2

 

Error - 11/1/2012 2:27:31 PM | Computer Name = RockinRev-PC | Source = Service Control Manager | ID = 7023

Description = The Server service terminated with the following error: %%14

 

 

< End of report >

Share this post


Link to post
Share on other sites

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=380920"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
    FF - prefs.js..browser.search.param.yahoo-type: "${8}"
    [2010/06/08 11:31:24 | 000,000,923 | ---- | M] () -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultsearchpluginsconduit.xml
    FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
    FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.
===================================================

 

On your next reply please post :

OTL fix log

Fresh OTL log

 

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

 

Good Day!

Share this post


Link to post
Share on other sites

After reboot it asked to let OTL Exe runa nd I did and it created the following:

 

 

FilesFolders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

new log:

 

OTL logfile created on: 11/2/2012 9:27:57 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersRockin RevDesktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.75 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 62.67% Memory free

7.50 Gb Paging File | 6.01 Gb Available in Paging File | 80.12% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 451.07 Gb Total Space | 84.95 Gb Free Space | 18.83% Space Free | Partition Type: NTFS

 

Computer Name: ROCKINREV-PC | User Name: Rockin Rev | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersRockin RevDesktopOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation)

PRC - C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe (IObit)

PRC - C:UsersRockin RevAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.)

PRC - C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (Microsoft Corporation)

PRC - C:Program Files (x86)AWSWeatherBugWeather.exe (AWS Convergence Technologies, Inc.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:Program Files (x86)Mozilla Firefoxmozjs.dll ()

MOD - C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_287.dll ()

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - (DockLoginService) -- C:Program FilesDellDellDockDockLogin.exe File not found

SRV:64bit: - (NisSrv) -- c:Program FilesMicrosoft Security ClientNisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:Program FilesMicrosoft Security ClientMsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:WindowsSysNativeatiesrxx.exe (AMD)

SRV:64bit: - (LBTServ) -- C:Program FilesCommon FilesLogishrdBluetoothLBTServ.exe (Logitech, Inc.)

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:WindowsSysNativeappmgmts.dll (Microsoft Corporation)

SRV:64bit: - (AERTFilters) -- C:Program FilesRealtekAudioHDAAERTSr64.exe (Andrea Electronics Corporation)

SRV - (MozillaMaintenance) -- C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

SRV - (AdvancedSystemCareService5) -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe (IObit)

SRV - (TeamViewer7) -- C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (BBSvc) -- C:Program Files (x86)MicrosoftBingBarBBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:Program Files (x86)MicrosoftBingBarSeaPort.EXE (Microsoft Corporation)

SRV - (FlipShare Service) -- C:Program Files (x86)Flip VideoFlipShareFlipShareService.exe ()

SRV - (FlipShareServer) -- C:Program Files (x86)Flip VideoFlipShareServerFlipShareServer.exe ()

SRV - (GoToAssist) -- C:Program Files (x86)CitrixGoToAssist514g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (ACDaemon) -- C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe (ArcSoft Inc.)

SRV - (rpcapd) -- C:Program Files (x86)WinPcaprpcapd.exe (CACE Technologies, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

SRV - (YahooAUService) -- C:Program Files (x86)Yahoo!SoftwareUpdateYahooAUService.exe (Yahoo! Inc.)

SRV - (EPSON_EB_RPCV4_01) -- C:ProgramDataEPSONEPW!3 SSRPE_S40STB.EXE (SEIKO EPSON CORPORATION)

SRV - (EPSON_PM_RPCV4_01) -- C:ProgramDataEPSONEPW!3 SSRPE_S40RPB.EXE (SEIKO EPSON CORPORATION)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation)

DRV:64bit: - (NisDrv) -- C:WindowsSysNativedriversNisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation)

DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:Program FilesDell Support Centerpcdsrvc_x64.pkms (PC-Doctor, Inc.)

DRV:64bit: - (atikmdag) -- C:WindowsSysNativedriversatikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdag) -- C:WindowsSysNativedriversatikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:WindowsSysNativedriversatikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (VCR2PC) -- C:WindowsSysNativedrivers0140_ION.sys (Trident Multimedia Technologies Co.,Ltd)

DRV:64bit: - (SCDEmu) -- C:WindowsSysNativedriversscdemu.sys (PowerISO Computing, Inc.)

DRV:64bit: - (PxHlpa64) -- C:WindowsSysNativedriversPxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (NPF) -- C:WindowsSysNativedriversnpf.sys (CACE Technologies, Inc.)

DRV:64bit: - (k57nd60a) -- C:WindowsSysNativedriversk57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (AtiHdmiService) -- C:WindowsSysNativedriversAtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (netr28ux) -- C:WindowsSysNativedriversnetr28ux.sys (Ralink Technology Corp.)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (LMouFilt) -- C:WindowsSysNativedriversLMouFilt.Sys (Logitech, Inc.)

DRV:64bit: - (LHidFilt) -- C:WindowsSysNativedriversLHidFilt.Sys (Logitech, Inc.)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (AtiPcie) -- C:WindowsSysNativedriversAtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (WimFltr) -- C:WindowsSysNativedriversWimFltr.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM..SearchScopes,DefaultScope = {F4F155B9-542E-4132-8E93-719BCAE2D1B6}

IE:64bit: - HKLM..SearchScopes{F4F155B9-542E-4132-8E93-719BCAE2D1B6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

IE - HKLM..SearchScopes,DefaultScope = {38D94A0A-B4A8-4CD4-8D18-1A1627459FD5}

IE - HKLM..SearchScopes{38D94A0A-B4A8-4CD4-8D18-1A1627459FD5}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com/ie

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.my.yahoo.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.google.com/ie

IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie

IE - HKCU..SearchScopes,DefaultScope = {09512006-C404-41B9-8064-7DEBD5808D55}

IE - HKCU..SearchScopes{09512006-C404-41B9-8064-7DEBD5808D55}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.param.yahoo-fr: ""

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: ""

FF - prefs.js..browser.search.param.yahoo-type: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"

FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145

FF - prefs.js..extensions.enabledAddons: [email protected]_4n.com:2.50.0.56219

 

 

FF:64bit: - [email protected]/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_4_402_287.dll File not found

FF:64bit: - [email protected]/DivX VOD Helper,version=1.0.0: C:Program FilesDivXDivX OVS Helpernpovshelper.dll (DivX, LLC.)

FF:64bit: - [email protected]/GENUINE: disabled File not found

FF - [email protected]/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32_11_4_402_287.dll ()

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]_4n.com/Plugin: C:Program Files (x86)ConservativeTalkNow_4nbar1.binNP4nStub.dll File not found

FF - [email protected]/DivX Browser Plugin,version=1.0.0: C:Program Files (x86)DivXDivX Plus Web Playernpdivx32.dll (DivX, LLC)

FF - [email protected]/DivX VOD Helper,version=1.0.0: C:Program Files (x86)DivXDivX OVS Helpernpovshelper.dll (DivX, LLC.)

FF - [email protected]/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google)

FF - [email protected]/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.)

FF - [email protected]/DTPlugin,version=10.5.1: C:WindowsSysWOW64npDeployJava1.dll (Oracle Corporation)

FF - [email protected]/YahooMessengerStatePlugin;version=1.0.0.6: C:Program Files (x86)Yahoo!SharednpYState.dll (Yahoo! Inc.)

FF - [email protected]/GENUINE: disabled File not found

FF - [email protected]/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight4.1.10329.0npctrl.dll ( Microsoft Corporation)

FF - [email protected]/WLPG,version=14.0.8081.0709: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - [email protected]/Quantum Media Player: C:UsersRockin RevAppDataRoamingMove Networkspluginsnpqmp071706000001.dll (Move Networks)

 

FF - [email protected]rvativeTalkNow_4n.com: C:Program Files (x86)ConservativeTalkNow_4nbar1.bin [2012/08/25 18:44:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:Program Files (x86)DivXDivX Plus Web PlayerfirefoxDivXHTML5 [2012/10/16 13:57:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 16.0.2extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/10/27 08:46:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 16.0.2extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/10/27 08:46:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Thunderbird 3.1.10extensionsComponents: C:Program Files (x86)Mozilla Thunderbirdcomponents [2012/06/05 19:52:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Thunderbird 3.1.10extensionsPlugins: C:Program Files (x86)Mozilla Thunderbirdplugins [2012/08/15 19:36:28 | 000,000,000 | ---D | M]

FF - [email protected]networks.com: C:UsersRockin RevAppDataRoamingMove Networks [2011/05/04 19:11:36 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 16.0.2extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/10/27 08:46:28 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaMozilla Firefox 16.0.2extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/10/27 08:46:26 | 000,000,000 | ---D | M]

 

[2010/10/08 07:36:56 | 000,000,000 | ---D | M] (No name found) -- C:UsersRockin RevAppDataRoamingMozillaExtensions

[2010/10/08 07:36:56 | 000,000,000 | ---D | M] (No name found) -- C:UsersRockin RevAppDataRoamingMozillaExtensions{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012/10/25 08:41:05 | 000,000,000 | ---D | M] (No name found) -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions

[2012/10/25 08:41:05 | 000,000,000 | ---D | M] (ConservativeTalkNow) -- C:UsersRockin RevAppData[email protected]ConservativeTalkNow_4n.com

[2012/08/01 20:22:05 | 000,741,958 | ---- | M] () (No name found) -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultextensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2010/12/13 16:43:42 | 000,002,698 | ---- | M] () -- C:UsersRockin RevAppDataRoamingMozillaFirefoxProfilesybobkun4.defaultsearchpluginstwitter.xml

[2012/10/27 08:46:25 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2012/10/16 13:57:53 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:PROGRAM FILES (X86)DIVXDIVX PLUS WEB PLAYERFIREFOXDIVXHTML5

[2012/10/27 08:46:28 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll

[2011/08/02 12:07:37 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:Program Files (x86)mozilla firefoxpluginsNPcol400.dll

[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpCouponPrinter.dll

[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:Program Files (x86)mozilla firefoxpluginsnpMozCouponPrinter.dll

[2012/08/30 17:50:20 | 000,002,465 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml

[2012/10/11 19:57:16 | 000,002,058 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml

 

========== Chrome ==========

 

CHR - homepage:

CHR - homepage:

CHR - Extension: YouTube = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0

CHR - Extension: Google Search = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

CHR - Extension: DivX Plus Web Player HTML5 u003Cvideou003E = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionsnneajnkjbffgblleaoojgaacokifdkhm2.1.2.145_0

CHR - Extension: Gmail = C:UsersRockin RevAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

 

O1 HOSTS File: ([2012/11/01 07:18:03 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:Program Files (x86)DivXDivX Plus Web PlayerieDivXHTML5DivXHTML5.dll (DivX, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.)

O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.)

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU..ToolbarWebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4:64bit: - HKLM..Run: [Kernel and Hardware Abstraction Layer] C:WindowsKHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKCU..Run: [Weather] C:Program Files (x86)AWSWeatherBugWeather.exe (AWS Convergence Technologies, Inc.)

O4 - HKLM..RunOnce: ["C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe"] "C:Program Files (x86)Dell DataSafe Local BackupComponentsDSUpdateDSUpdate.exe" File not found

O4 - Startup: C:UsersRockin RevAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupDropbox.lnk = C:UsersRockin RevAppDataRoamingDropboxbinDropbox.exe (Dropbox, Inc.)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 5

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:Windowssystem32GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:WindowsSysWow64GPhotos.scr (Google Inc.)

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000007 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000007 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{DB887993-8B81-4006-9962-D38A9B9E9232}: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{EC65B112-7899-4765-9125-B7D3AC103FC9}: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlerms-help - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O20:64bit: - WinlogonNotifyGoToAssist: DllName - (C:Program Files (x86)CitrixGoToAssist514G2AWinLogon_x64.dll) - File not found

O20:64bit: - WinlogonNotifyLBTWlgn: DllName - (c:program filescommon fileslogishrdbluetoothLBTWlgn.dll) - c:Program FilesCommon FilesLogishrdBluetoothLBTWLgn.dll (Logitech, Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/11/02 09:22:39 | 000,000,000 | ---D | C] -- C:_OTL

[2012/11/02 09:21:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:UsersRockin RevDesktopOTL.exe

[2012/11/02 07:36:16 | 000,000,000 | ---D | C] -- C:UsersRockin RevDesktopScan Files

[2012/11/01 14:27:36 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN

[2012/11/01 14:25:03 | 000,000,000 | ---D | C] -- C:Windowstemp

[2012/11/01 07:31:01 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAdvanced SystemCare 5

[2012/11/01 07:26:35 | 000,000,000 | ---D | C] -- C:Config.Msi

[2012/11/01 07:08:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe

[2012/11/01 07:08:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe

[2012/11/01 07:08:30 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe

[2012/11/01 07:07:57 | 000,000,000 | ---D | C] -- C:Qoobox

[2012/11/01 07:07:47 | 000,000,000 | ---D | C] -- C:Windowserdnt

[2012/10/28 06:27:40 | 000,000,000 | ---D | C] -- C:Program Files (x86)Microsoft Security Client

[2012/10/28 06:27:27 | 000,000,000 | ---D | C] -- C:Program FilesMicrosoft Security Client

[2012/10/27 08:46:25 | 000,000,000 | ---D | C] -- C:Program Files (x86)Mozilla Firefox

[2012/10/16 13:58:51 | 000,000,000 | ---D | C] -- C:UsersRockin RevAppDataLocalDDMSettings

[2012/10/11 07:18:34 | 000,000,000 | ---D | C] -- C:Airprint

[2012/10/09 18:26:22 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativesrcore.dll

[2012/10/09 18:26:15 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNatived3d10level9.dll

[2012/10/09 18:26:04 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativekernel32.dll

[2012/10/09 18:26:04 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeKernelBase.dll

[2012/10/09 18:26:03 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeconhost.exe

[2012/10/09 18:26:03 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64.dll

[2012/10/09 18:26:03 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinsrv.dll

[2012/10/09 18:26:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64setup16.exe

[2012/10/09 18:26:02 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64win.dll

[2012/10/09 18:26:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentvdm64.dll

[2012/10/09 18:26:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntvdm64.dll

[2012/10/09 18:26:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64cpu.dll

[2012/10/09 18:26:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64instnm.exe

[2012/10/09 18:26:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll

[2012/10/09 18:26:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-security-base-l1-1-0.dll

[2012/10/09 18:26:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-file-l1-1-0.dll

[2012/10/09 18:26:02 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-file-l1-1-0.dll

[2012/10/09 18:26:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wow32.dll

[2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-threadpool-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processthreads-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processthreads-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-sysinfo-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-sysinfo-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-synch-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-synch-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-misc-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localregistry-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localregistry-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localization-l1-1-0.dll

[2012/10/09 18:26:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localization-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-rtlsupport-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processenvironment-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processenvironment-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-namedpipe-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-namedpipe-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-misc-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-memory-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-memory-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-libraryloader-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-libraryloader-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-interlocked-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-heap-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-heap-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-xstate-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-util-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-string-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-string-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-profile-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-profile-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-io-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-io-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-interlocked-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-handle-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-handle-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-fibers-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-fibers-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-errorhandling-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-errorhandling-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-delayload-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-delayload-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-debug-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-debug-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-datetime-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-datetime-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-console-l1-1-0.dll

[2012/10/09 18:26:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-console-l1-1-0.dll

[2012/10/09 18:26:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64user.exe

[2012/10/09 18:25:51 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentoskrnl.exe

[2012/10/09 18:25:50 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntkrnlpa.exe

[2012/10/09 18:25:50 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntoskrnl.exe

[2012/10/09 18:25:47 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeOxpsConverter.exe

[2012/10/09 18:25:43 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversRNDISMP.sys

[2012/10/09 18:25:42 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewintrust.dll

[2012/10/09 18:23:39 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecrypt32.dll

[2012/10/09 18:23:35 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativecryptnet.dll

[2012/10/09 18:23:02 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewin32spl.dll

[2012/10/09 18:23:02 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64win32spl.dll

[2012/10/09 18:23:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:Windowssplwow64.exe

[2 C:Program Files (x86)*.tmp files -> C:Program Files (x86)*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/11/02 09:31:20 | 000,014,256 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/02 09:31:20 | 000,014,256 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/02 09:30:42 | 000,779,266 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/11/02 09:30:42 | 000,660,280 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/11/02 09:30:42 | 000,121,208 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/11/02 09:24:21 | 000,000,902 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job

[2012/11/02 09:24:14 | 000,000,506 | ---- | M] () -- C:WindowstasksSystemToolsDailyTest.job

[2012/11/02 09:24:09 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/11/02 09:24:04 | 3019,091,968 | -HS- | M] () -- C:hiberfil.sys

[2012/11/02 09:02:00 | 000,000,906 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job

[2012/11/02 07:01:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersRockin RevDesktopOTL.exe

[2012/11/01 07:31:02 | 000,001,274 | ---- | M] () -- C:UsersPublicDesktopUninstaller.lnk

[2012/11/01 07:31:01 | 000,001,223 | ---- | M] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk

[2012/11/01 07:18:03 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts

[2012/10/28 06:28:02 | 000,001,945 | ---- | M] () -- C:Windowsepplauncher.mif

[2012/10/27 09:41:18 | 000,001,111 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/10/27 09:12:21 | 000,000,824 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk

[2012/10/25 08:47:56 | 000,000,564 | ---- | M] () -- C:WindowstasksPCDoctorBackgroundMonitorTask.job

[2012/10/16 13:57:56 | 000,001,622 | ---- | M] () -- C:UsersRockin RevDesktopDivX Movies.lnk

[2012/10/16 13:57:31 | 000,001,114 | ---- | M] () -- C:UsersPublicDesktopDivX Plus Player.lnk

[2012/10/09 18:43:46 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2012/10/09 18:43:46 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2012/10/09 18:42:11 | 000,550,600 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT

[2 C:Program Files (x86)*.tmp files -> C:Program Files (x86)*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/11/01 07:31:02 | 000,001,274 | ---- | C] () -- C:UsersPublicDesktopUninstaller.lnk

[2012/11/01 07:31:01 | 000,001,223 | ---- | C] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk

[2012/11/01 07:08:30 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe

[2012/11/01 07:08:30 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe

[2012/11/01 07:08:30 | 000,098,816 | ---- | C] () -- C:Windowssed.exe

[2012/11/01 07:08:30 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe

[2012/11/01 07:08:30 | 000,068,096 | ---- | C] () -- C:Windowszip.exe

[2012/10/28 06:28:02 | 000,001,945 | ---- | C] () -- C:Windowsepplauncher.mif

[2012/10/28 06:27:52 | 000,002,119 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Security Essentials.lnk

[2012/10/16 13:57:31 | 000,001,114 | ---- | C] () -- C:UsersPublicDesktopDivX Plus Player.lnk

[2011/11/19 08:34:13 | 000,000,061 | ---- | C] () -- C:WindowsTaxACT11.ini

[2011/05/21 17:50:00 | 000,000,109 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.32.bc

[2011/05/21 17:47:03 | 000,772,990 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

[2011/05/12 14:52:31 | 000,001,940 | ---- | C] () -- C:UsersRockin RevAppDataLocal{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:WindowsSysWow64atipblag.dat

[2010/12/14 14:58:13 | 000,004,096 | -H-- | C] () -- C:UsersRockin RevAppDataLocalkeyfile3.drm

[2010/12/13 08:56:41 | 000,000,048 | ---- | C] () -- C:WindowsTaxACT10.ini

[2010/09/15 17:37:18 | 000,009,728 | ---- | C] () -- C:UsersRockin RevAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:WindowsassemblyDesktop.ini

 

[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64

 

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

 

[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64

 

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64

"" = C:WindowsSysNativeshell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

"" = %SystemRoot%system32shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64

"" = C:WindowsSysNativewbemfastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]

"" = %systemroot%system32wbemfastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64

"" = C:WindowsSysNativewbemwbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 105 bytes -> C:ProgramDataTEMP:5C321E34

 

< End of report >

Share this post


Link to post
Share on other sites

When I click on new tab while on firefox myyahoo it comes up as babylon search but I have everything else working ok now

 

thanks

revroy

Share this post


Link to post
Share on other sites

We will completely remove it and then reinstall it again.

 

Download Revo Uninstaller

  • Double click the installation file on the desktop to run the installer.
  • Let it install to the default location.
  • Double click the new Revo Uninstaller Icon on the desktop to start the program.
You will now see a list of installed programs that Revo Uninstaller can remove.

  • Locate the program you are uninstalling

     

    Firefox

  • Right Click the Icon then choose Uninstall.
  • Click yes to the warning and choose the Uninstall Mode
  • Choose the Advanced option and then click Next.
  • This will launch the programs built in uninstaller. Be patient it can take several seconds.
  • Once the uninstaller is done click Next.
  • Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
  • Once this scan is done click Next.
  • You will then be presented of the leftover entries found by Revo Uninstaller
  • Look at ALL of the entries to ensure they relate to the uninstall.
  • Next click Select All > Delete to remove the entries.
  • Click Next.
  • If there are any program file folders left over you will be presented with a list to be removed.
  • Again look at ALL of the entries to ensure they are related to the uninstall.
  • Click Select All > Delete to remove the entries.
  • Click Finish to go back to the uninstall list.
  • Close the program

Share this post


Link to post
Share on other sites

DONE!

 

No more Babylon and it seems to be working fine.

 

I really appreciate your time and help.

 

I will perform your next wedding free!

 

Again Thanks

Rev-Roy

Share this post


Link to post
Share on other sites

Great!

 

Some cleanups and off you go.

 

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
===================================================

 

Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste the code into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix /Uninstall
Posted Image

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...