Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran combofix against common sense


  • Please log in to reply
18 replies to this topic

#1 Dede-san

Dede-san

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 29 January 2013 - 03:25 PM

I had many years ago decided against combofix, paying attention to the warnings of the site. Yet somehow in the last few weeks I have run it three times on my brand new system (somehow forgetting my earlier resolution and even the entire program).

Anyway, here are the logs (the most. It's also messed up my autorun (i think) and probably my monitor drivers. System restore seems out of the question as the earliest one is atleast a week after this run. Do I need to do a clean install?


ComboFix 13-01-08.01 - Lumzi 01/09/2013 13:13:06.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8145.5814 [GMT 1:00]
Running from: c:\users\Lumzi\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabSearch
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-09 12:15 . 2013-01-09 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-08 14:38 . 2013-01-08 14:39 -------- d-----w- c:\program files\Paint.NET
2013-01-08 12:39 . 2013-01-08 12:39 -------- d-----w- c:\program files\GIMP 2
2013-01-07 18:22 . 2013-01-07 18:22 -------- d-----w- c:\program files (x86)\DefaultTab
2013-01-07 18:12 . 2013-01-07 18:12 -------- d-----w- c:\programdata\APN
2013-01-07 17:08 . 2013-01-07 17:08 -------- d-----w- c:\program files (x86)\Ambient Design
2013-01-05 01:17 . 2013-01-05 01:17 -------- d-----w- c:\program files (x86)\Common Files\DAZ
2013-01-05 01:16 . 2013-01-05 01:16 -------- d-----w- c:\program files\DAZ 3D
2013-01-04 23:47 . 2013-01-04 23:47 -------- d-----w- c:\program files\PerformanceTest
2013-01-04 13:52 . 2013-01-04 14:45 -------- d-----w- c:\program files (x86)\Guild Wars 2
2013-01-04 13:32 . 2013-01-04 13:32 -------- d-----w- c:\users\Public\CyberLink
2013-01-04 13:16 . 2013-01-04 13:16 -------- d-----w- c:\program files (x86)\UltraISO
2013-01-04 13:16 . 2013-01-04 13:16 -------- d-----w- c:\program files (x86)\Common Files\EZB Systems
2013-01-04 13:14 . 2012-10-24 13:17 67224 ----a-w- c:\windows\system32\vsocklib.dll
2013-01-04 13:14 . 2012-10-24 13:17 70296 ----a-w- c:\windows\system32\drivers\vsock.sys
2013-01-04 13:14 . 2012-10-24 13:17 63128 ----a-w- c:\windows\SysWow64\vsocklib.dll
2013-01-04 13:14 . 2012-11-01 01:34 67224 ----a-w- c:\windows\system32\drivers\vmx86.sys
2013-01-04 13:14 . 2012-11-01 01:35 357016 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2013-01-04 13:14 . 2012-11-01 01:34 435864 ----a-w- c:\windows\SysWow64\vmnat.exe
2013-01-04 13:14 . 2012-11-01 01:34 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2013-01-04 13:14 . 2012-11-01 01:35 933528 ----a-w- c:\windows\system32\vnetlib64.dll
2013-01-04 13:14 . 2012-10-11 16:15 52376 ----a-w- c:\windows\system32\drivers\hcmon.sys
2013-01-04 13:13 . 2013-01-04 13:13 -------- d-----w- c:\program files\Common Files\VMware
2013-01-04 13:13 . 2013-01-09 12:16 -------- d-----w- c:\programdata\VMware
2013-01-04 13:13 . 2013-01-04 13:13 -------- d-----w- c:\program files (x86)\VMware
2013-01-04 13:13 . 2013-01-04 13:13 -------- d-----w- c:\program files (x86)\Common Files\VMware
2013-01-04 11:03 . 2013-01-06 16:28 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-01-04 10:56 . 2013-01-04 10:56 -------- d-----w- c:\programdata\ALM
2013-01-04 10:49 . 2013-01-04 10:58 -------- d-----w- c:\program files\Adobe
2013-01-04 10:48 . 2013-01-04 10:58 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-04 10:47 . 2013-01-04 10:47 -------- d-----w- c:\program files (x86)\Adobe Media Player
2013-01-04 10:46 . 2013-01-04 10:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-01-04 01:19 . 2013-01-04 01:19 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-04 01:19 . 2013-01-04 01:19 -------- d-----w- c:\windows\system32\Macromed
2013-01-03 23:36 . 2013-01-03 23:36 -------- d-----w- c:\programdata\AdFender
2013-01-03 23:35 . 2013-01-03 23:36 -------- d-----w- c:\program files (x86)\AdFender
2012-12-25 20:24 . 2012-12-25 20:24 -------- d-----w- c:\program files (x86)\MonitorTest
2012-12-25 20:20 . 2012-12-25 20:21 -------- d-----w- c:\programdata\firebird
2012-12-25 20:12 . 2013-01-04 23:47 -------- d-----w- c:\programdata\PassMark
2012-12-25 20:12 . 2012-12-25 20:12 -------- d-----w- c:\program files\OSForensics
2012-12-25 14:11 . 2012-12-25 14:53 -------- d-----w- C:\Fraps
2012-12-25 10:30 . 2012-12-25 10:30 -------- d-----w- C:\WTablet
2012-12-25 10:27 . 2013-01-05 16:52 -------- d-----w- c:\programdata\Corel Painter 12
2012-12-25 09:27 . 2008-12-11 17:54 4949800 ------w- c:\windows\system32\PenTablet.cpl
2012-12-25 09:27 . 2007-02-15 23:11 12976 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
2012-12-25 09:27 . 2008-08-18 21:45 15272 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2012-12-25 09:27 . 2007-02-16 18:12 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2012-12-25 09:27 . 2008-10-06 17:53 18216 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2012-12-25 09:27 . 2012-12-25 10:25 -------- d-----w- c:\windows\system32\WTablet
2012-12-25 09:27 . 2008-12-11 17:59 186152 ----a-w- c:\windows\SysWow64\Pen_Tablet.dll
2012-12-25 09:27 . 2008-12-11 17:58 227624 ----a-w- c:\windows\system32\Pen_Tablet.dll
2012-12-25 09:27 . 2008-12-11 18:05 3589416 ------w- c:\windows\system32\Pen_Tablet.exe
2012-12-25 09:27 . 2012-12-25 10:26 -------- d-----w- c:\program files (x86)\Tablet
2012-12-24 23:24 . 2013-01-07 16:23 -------- d-----w- c:\programdata\Corel
2012-12-24 22:22 . 2012-12-24 22:22 -------- d-----w- c:\programdata\boost_interprocess
2012-12-24 22:20 . 2012-12-24 22:20 -------- d-----w- c:\programdata\FLEXnet
2012-12-24 22:14 . 2012-12-24 22:14 -------- d-----w- c:\program files\NVIDIA Corporation
2012-12-24 22:09 . 2012-12-24 22:09 -------- d-----w- c:\program files\Common Files\Softimage
2012-12-24 22:09 . 2012-12-24 22:09 -------- d-----w- c:\program files (x86)\Common Files\Softimage
2012-12-24 22:07 . 2012-12-24 22:07 -------- d-----w- c:\program files (x86)\Autodesk
2012-12-24 22:05 . 2012-12-24 22:09 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2012-12-24 22:05 . 2012-12-24 22:05 -------- d-----w- c:\program files\Common Files\Alias Shared
2012-12-24 22:05 . 2012-12-24 22:05 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-12-24 22:05 . 2012-12-24 22:08 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-12-24 22:04 . 2012-12-24 22:14 -------- d-----w- c:\program files\Autodesk
2012-12-24 21:54 . 2012-12-24 22:27 -------- d-----w- c:\programdata\Autodesk
2012-12-24 17:36 . 2012-12-24 17:36 -------- d--h--w- c:\windows\msdownld.tmp
2012-12-24 17:36 . 2012-12-24 17:36 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-12-24 15:19 . 2012-12-24 15:19 -------- d-----w- c:\program files\Microsoft Silverlight
2012-12-24 15:19 . 2012-12-24 15:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-12-24 09:38 . 2012-12-24 09:38 -------- d-----w- c:\program files\Rainmeter
2012-12-24 08:04 . 2012-12-24 08:04 -------- dc----w- c:\windows\system32\DRVSTORE
2012-12-24 08:04 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-24 08:03 . 2012-12-24 08:03 -------- d-----w- c:\program files\iPod
2012-12-24 08:03 . 2012-12-24 08:03 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-24 08:03 . 2012-12-24 08:03 -------- d-----w- c:\program files\iTunes
2012-12-24 08:03 . 2012-12-24 08:03 -------- d-----w- c:\program files (x86)\iTunes
2012-12-24 08:03 . 2012-12-24 08:03 -------- d-----w- c:\programdata\Apple Computer
2012-12-24 08:02 . 2012-12-24 08:02 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-12-24 08:02 . 2012-12-24 08:02 -------- d-----w- c:\program files\Common Files\Apple
2012-12-24 08:02 . 2012-12-24 08:02 -------- d-----w- c:\program files\Bonjour
2012-12-24 08:02 . 2012-12-24 08:02 -------- d-----w- c:\program files (x86)\Bonjour
2012-12-24 08:02 . 2012-12-24 08:03 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-12-24 08:02 . 2012-12-24 08:02 -------- d-----w- c:\programdata\Apple
2012-12-23 17:11 . 2012-12-23 17:11 -------- d-----w- c:\program files (x86)\foobar2000
2012-12-23 16:37 . 2012-12-23 16:37 -------- d-----w- c:\program files (x86)\Exact Audio Copy
2012-12-23 08:20 . 2012-12-23 08:20 -------- d-----w- c:\programdata\Logitech
2012-12-23 08:20 . 2012-12-23 08:20 -------- d-----w- c:\program files (x86)\Logitech
2012-12-23 08:20 . 2012-12-23 08:20 -------- d-----w- c:\program files\Logitech
2012-12-22 10:39 . 2012-12-22 10:39 -------- d-----w- c:\program files (x86)\USBFast
2012-12-22 10:39 . 2006-02-17 22:19 16384 ----a-w- c:\windows\SysWow64\lgfwunis.exe
2012-12-22 10:39 . 2001-08-30 05:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb
2012-12-22 10:39 . 1998-07-22 08:00 102912 ----a-w- c:\windows\SysWow64\Vb6stkit.dll
2012-12-22 10:39 . 1998-07-22 08:00 102160 ----a-w- c:\windows\SysWow64\VB6KO.DLL
2012-12-22 10:39 . 1998-06-24 08:00 115016 ----a-w- c:\windows\SysWow64\MSINET.OCX
2012-12-22 10:39 . 2013-01-09 11:28 -------- d-----w- c:\program files (x86)\lg_fwupdate
2012-12-22 10:36 . 2012-12-22 10:36 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-12-22 10:36 . 2012-12-22 10:36 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-12-22 10:36 . 2012-12-22 10:36 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-12-22 10:33 . 2012-12-22 10:40 -------- d-----w- c:\program files (x86)\CyberLink
2012-12-22 10:32 . 2012-12-22 10:46 -------- d-----w- c:\programdata\CyberLink
2012-12-22 08:16 . 2013-01-03 20:02 -------- d-----w- c:\program files (x86)\Paradox
2012-12-21 18:42 . 2012-12-21 18:42 -------- d-----w- c:\program files (x86)\Futuremark
2012-12-21 18:41 . 2012-12-21 18:41 -------- d-----w- c:\program files\Futuremark
2012-12-21 14:19 . 2012-12-21 14:19 -------- d-----w- c:\programdata\ATI
2012-12-21 14:18 . 2012-12-21 14:18 -------- d-----w- c:\program files (x86)\AMD APP
2012-12-21 14:14 . 2012-12-21 14:14 -------- d-----w- C:\AMD
2012-12-21 05:13 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-21 05:13 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-21 05:13 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-12-21 05:13 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-21 05:13 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-12-21 05:13 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-12-21 05:13 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-21 05:13 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-12-21 05:13 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-12-21 05:13 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-12-21 05:13 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-12-20 23:44 . 2013-01-09 11:28 -------- d-----w- c:\program files (x86)\Steam
2012-12-20 22:54 . 2012-12-20 22:54 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-12-20 22:19 . 2012-12-20 22:19 -------- d-----w- c:\program files (x86)\THQ
2012-12-20 22:06 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-12-20 22:06 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-12-20 22:06 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-12-20 21:58 . 2012-11-28 23:58 67413224 ----a-w- c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-02 11:26 . 2012-12-02 11:26 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-12-02 11:26 . 2012-12-02 11:26 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-12-02 11:26 . 2012-12-02 11:26 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-12-02 11:26 . 2012-12-02 11:26 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-12-02 11:26 . 2012-12-02 11:26 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-12-02 11:26 . 2012-12-02 11:26 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-12-02 11:21 . 2012-12-02 11:21 28738048 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-12-02 11:17 . 2012-12-02 11:17 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-02 11:16 . 2012-12-02 11:16 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-02 08:31 . 2012-04-06 01:34 5626536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-02 08:29 . 2012-12-02 08:29 11270656 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-02 08:17 . 2012-12-02 08:17 23455744 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-02 08:00 . 2012-12-02 08:00 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-02 07:59 . 2012-12-02 07:59 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-12-02 07:58 . 2012-12-02 07:58 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-02 07:58 . 2012-12-02 07:58 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-02 07:58 . 2012-12-02 07:58 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-02 07:58 . 2012-12-02 07:58 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-02 07:58 . 2012-12-02 07:58 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-02 07:57 . 2012-12-02 07:57 18979328 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-02 07:54 . 2012-12-02 07:54 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-02 07:50 . 2012-04-06 02:21 949248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-02 07:48 . 2012-04-06 02:20 1137664 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-02 07:46 . 2012-12-02 07:46 6684672 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-02 07:41 . 2012-12-02 07:41 4674048 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-02 07:37 . 2012-12-02 07:37 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-02 07:37 . 2012-12-02 07:37 548864 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-02 07:36 . 2012-12-02 07:36 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-02 07:35 . 2012-12-02 07:35 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-02 07:35 . 2012-12-02 07:35 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-02 07:35 . 2012-12-02 07:35 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-02 07:35 . 2012-12-02 07:35 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-02 07:29 . 2012-04-06 01:22 3862528 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-02 07:29 . 2012-04-06 01:54 7378944 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-02 07:24 . 2012-12-02 07:24 6781440 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-02 07:18 . 2012-12-02 07:18 79360 ----a-w- c:\windows\system32\amdave64.dll
2012-12-02 07:18 . 2012-12-02 07:18 78336 ----a-w- c:\windows\SysWow64\amdave32.dll
2012-12-02 07:18 . 2012-12-02 07:18 74240 ----a-w- c:\windows\system32\atisamu64.dll
2012-12-02 07:18 . 2012-12-02 07:18 71168 ----a-w- c:\windows\SysWow64\atisamu32.dll
2012-12-02 07:17 . 2012-12-02 07:17 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-02 07:14 . 2012-12-02 07:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-02 07:14 . 2012-12-02 07:14 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-02 07:14 . 2012-12-02 07:14 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-02 07:13 . 2012-12-02 07:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-02 07:13 . 2012-12-02 07:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 546816 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-02 07:11 . 2012-04-06 01:09 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-02 07:11 . 2012-04-06 01:09 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-02 07:11 . 2012-04-06 01:09 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-02 07:11 . 2012-04-06 01:09 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-11-01 01:34 . 2012-11-01 01:34 62104 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-11-01 01:34 . 2012-11-01 01:34 45720 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-11-01 01:34 . 2012-11-01 01:34 48792 ----a-w- c:\windows\system32\vnetinst.dll
2012-11-01 01:34 . 2012-11-01 01:34 24216 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-11-01 01:34 . 2012-11-01 01:34 20120 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-11-01 00:02 . 2012-11-01 00:02 353280 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-10-24 13:17 . 2012-10-24 13:17 85104 ----a-w- c:\windows\system32\drivers\vmci.sys
2012-10-16 08:38 . 2012-12-20 00:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-20 00:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-20 00:24 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 16:15 . 2012-10-11 16:15 37680 ----a-w- c:\windows\system32\drivers\vmusb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-18 839488]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-20 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.139.290\AsusWSPanel.exe" [2012-03-16 740704]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-05-25 75048]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2008-09-19 548864]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-11-01 104088]
.
c:\users\Lumzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files (x86)\AdFender\AdFender.exe [2012-6-20 2772112]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-12-16 41144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Display Manager.lnk - c:\program files (x86)\Dell\Dell Display Manager\ddm.exe [2012-12-20 505560]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-5-30 603536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/12/22 02:37;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-04-20 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys [2012-08-13 25704]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-08 246224]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-12-24 1431888]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2011-06-15 48416]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys [2011-09-16 32360]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2011-06-15 48416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-19 1255736]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-05-20 19264]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2012-10-24 85104]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2012-10-24 70296]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2012-05-31 32400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-02 240640]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-06-01 920736]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-06-01 951936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-02-17 149120]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [2012-05-25 1475744]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-09-29 249856]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-02 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2011-06-15 32544]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-11 3589416]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-11-01 13234176]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 cmudaxp;ASUS Xonar Essence STX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768]
S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2012-05-17 26136]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-05-20 357184]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-05-20 789824]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-06-12 726160]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 18216]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-04 01:19]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 22:35]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19 22:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-16 07:37 1506656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.139.290\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-16 07:37 1506656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.139.290\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-16 07:37 1506656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.139.290\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-13 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 4195848]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 8.8.8.8 198.6.1.1 41.184.95.3
TCP: Interfaces\{7555AE35-8EE7-457A-BA91-368D7504862A}: NameServer = 10.109.2.97 10.199.212.120
TCP: Interfaces\{CC615119-B75D-4885-94FE-2FB34F87766A}: NameServer = 10.109.5.97 10.109.2.97
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
AddRemove-DefaultTab - c:\users\Lumzi\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
c:\program files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-01-09 13:20:02 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-09 12:20
ComboFix2.txt 2012-12-23 01:08
.
Pre-Run: 398,232,842,240 bytes free
Post-Run: 398,032,740,352 bytes free
.
- - End Of File - - A0680F9DCD3054BE6A01081F9C89A3B3

Edited by Dede-san, 29 January 2013 - 03:30 PM.


BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:37 PM

Posted 03 February 2013 - 04:44 AM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

As you may have realised, running ComboFix without the supervision of a helper can be rather dangerous, as it has some very powerful functions. Why did you run it? What did you notice was different about your computer?

It's also messed up my autorun (i think)

Yes, ComboFix disables autoruns because they are a good way to get infections. Please see the below link to re-enable autoruns if you wish:

http://www.techsupportforum.com/forums/f10/how-to-enable-autorun-370598.html


It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. Please download and install one of these excellent free antivirus programs:

AntiVir.
avast!.
Microsoft Security Essentials.

=====

Where is your internet provider from? I notice that you have an IP address linked to Nigeria, which is why I ask.

Also, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

Please post the log from AdwCleaner in your reply. What issues are on your computer? Redirects, slowness, popups etc?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 Dede-san

Dede-san
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 03 February 2013 - 09:41 AM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

As you may have realised, running ComboFix without the supervision of a helper can be rather dangerous, as it has some very powerful functions. Why did you run it? What did you notice was different about your computer?

It's also messed up my autorun (i think)

Yes, ComboFix disables autoruns because they are a good way to get infections. Please see the below link to re-enable autoruns if you wish:

http://www.techsupportforum.com/forums/f10/how-to-enable-autorun-370598.html


It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. Please download and install one of these excellent free antivirus programs:

AntiVir.
avast!.
Microsoft Security Essentials.

=====

Where is your internet provider from? I notice that you have an IP address linked to Nigeria, which is why I ask.

Also, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

Please post the log from AdwCleaner in your reply. What issues are on your computer? Redirects, slowness, popups etc?


I ran combofix after I say it used on a video. The only big thing I noticed was that my autorun wouldn't work. I also think it deleled some registries. I am not sure but sometimes I THINK my browser would shrink automatically. I am not sure though because I think my mouse pointer was near the button.

I have Microsoft Security Essentials. Is it safe to use along side Malwarebytes (I heard they play well together but I thought I should ask).

My ISP is Nigerian (it's where I live).

I am away from my desktop now (on my laptop in a different city for a something important). I ran it on my laptop though (will do my desktop when I get back). Here is the log:

# AdwCleaner v2.109 - Logfile created 02/03/2013 at 15:38:46
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Lumzi23 - LUMZI
# Boot Mode : Normal
# Running from : C:\Users\Lumzi23\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Program Files (x86)\Softonic-Eng7
Folder Found : C:\Program Files (x86)\Winamp Toolbar
Folder Found : C:\Program Files (x86)\Wisdom-soft
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Users\Lumzi23\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\Lumzi23\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Lumzi23\AppData\Local\Wisdom-soft
Folder Found : C:\Users\Lumzi23\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Lumzi23\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Lumzi23\AppData\LocalLow\Conduit
Folder Found : C:\Users\Lumzi23\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Lumzi23\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Lumzi23\AppData\LocalLow\Softonic-Eng7
Folder Found : C:\Users\Lumzi23\AppData\Roaming\Mozilla\Firefox\Profiles\7tv8ca3o.default\extensions\info@allpremiumplay.info
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Softonic-Eng7
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKCU\Software\Wisdom-soft
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0C7E8FAC-98E4-4E86-A43E-352D4558BE88}
Key Found : HKLM\Software\Softonic-Eng7
Key Found : HKLM\Software\Winamp Toolbar
Key Found : HKLM\Software\Wisdom-soft
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0C7E8FAC-98E4-4E86-A43E-352D4558BE88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74B22D7E-6319-4CBD-8505-99D67C38BBEF}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AD7BDBF-07A8-4AF4-A53A-0FCDDDA6C085}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wisdom-soft Toolbar
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKU\S-1-5-21-656464138-633005196-3193980910-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-656464138-633005196-3193980910-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

File : C:\Users\Lumzi23\AppData\Roaming\Mozilla\Firefox\Profiles\7tv8ca3o.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{if('aol.com,mail.google.com,mystart[...]

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Lumzi23\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.52.1100.0

File : C:\Users\Lumzi23\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [16704 octets] - [03/02/2013 15:38:46]

########## EOF - C:\AdwCleaner[R1].txt - [16765 octets] ##########

#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:37 PM

Posted 03 February 2013 - 03:38 PM

Good morning Dede-san. :)

I have Microsoft Security Essentials. Is it safe to use along side Malwarebytes (I heard they play well together but I thought I should ask).

Yes. That works fine.

Please do the following to re-run AdwCleaner:
  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
    When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

How is your computer currently running?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 Dede-san

Dede-san
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 03 February 2013 - 08:49 PM

Here is the log. It's running fine I guess a little noisy but fine.

# AdwCleaner v2.109 - Logfile created 02/04/2013 at 02:39:30
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Lumzi23 - LUMZI
# Boot Mode : Normal
# Running from : C:\Users\Lumzi23\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Softonic-Eng7
Folder Deleted : C:\Program Files (x86)\Winamp Toolbar
Folder Deleted : C:\Program Files (x86)\Wisdom-soft
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Users\Lumzi23\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Lumzi23\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\Lumzi23\AppData\Local\Wisdom-soft
Folder Deleted : C:\Users\Lumzi23\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Lumzi23\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Lumzi23\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lumzi23\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Lumzi23\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Lumzi23\AppData\LocalLow\Softonic-Eng7
Folder Deleted : C:\Users\Lumzi23\AppData\Roaming\Mozilla\Firefox\Profiles\7tv8ca3o.default\extensions\info@allpremiumplay.info
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Softonic-Eng7
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKCU\Software\Wisdom-soft
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0C7E8FAC-98E4-4E86-A43E-352D4558BE88}
Key Deleted : HKLM\Software\Softonic-Eng7
Key Deleted : HKLM\Software\Winamp Toolbar
Key Deleted : HKLM\Software\Wisdom-soft
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0C7E8FAC-98E4-4E86-A43E-352D4558BE88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74B22D7E-6319-4CBD-8505-99D67C38BBEF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AD7BDBF-07A8-4AF4-A53A-0FCDDDA6C085}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wisdom-soft Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

File : C:\Users\Lumzi23\AppData\Roaming\Mozilla\Firefox\Profiles\7tv8ca3o.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{if('aol.com,mail.google.com,mystart[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Lumzi23\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.52.1100.0

File : C:\Users\Lumzi23\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [16799 octets] - [03/02/2013 15:38:46]
AdwCleaner[S1].txt - [15908 octets] - [04/02/2013 02:39:30]

########## EOF - C:\AdwCleaner[S1].txt - [15969 octets] ##########

#6 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:37 PM

Posted 04 February 2013 - 12:44 AM

Good afternoon Dede-san,

OK good to hear that things on your computer are running well.


Please run a free online scan with the ESET Online Scanner.
Note: You can use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#7 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:37 PM

Posted 10 February 2013 - 05:17 AM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#8 Dede-san

Dede-san
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 14 February 2013 - 03:16 PM

Sorry I ran out of mobile internet and back on my main PC ( the one with the with the issue). It seems to be running fine so far. Should I repeat the scans I did on my laptop with the various software on my desktop?



#9 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:37 PM

Posted 14 February 2013 - 03:32 PM

Hey Dede-san,

Just proceed with the ESET scan please. smile.png

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#10 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:37 PM

Posted 19 February 2013 - 03:18 PM

Are you still with us? This topic will be closed in a few days if we do not hear back from you.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#11 Dede-san

Dede-san
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 20 February 2013 - 12:34 AM

Sorry for the extremely long wait.

 

Here is the log

 

 

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7e6ab48035746f49a4f1c35dd488549e
# engine=13195
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-20 05:31:59
# local_time=2013-02-20 06:31:59 (+0100, W. Europe Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 3600728 113803369 0 0
# scanned=295893
# found=0
# cleaned=0
# scan_time=5762
 
Also, the site you linked about the autorun registry thing shows the values should be changed to not necessarily how to change them. Is there anyway you could help me with that.


#12 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:37 PM

Posted 20 February 2013 - 01:48 AM

Hell Dede-san,

 

In post number 7 it the user refers two Registry Hives. Did you access either of those?

 

=====

 

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#13 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:02:37 PM

Posted 23 February 2013 - 04:25 PM

Just a side note: I am away until Tuesday.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#14 Dede-san

Dede-san
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 24 February 2013 - 12:30 AM

 Results of screen317's Security Check version 0.99.59  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
  Adobe Flash Player 11.5.502.149 Flash Player out of Date!  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Google Chrome 24.0.1312.56  
 Google Chrome 24.0.1312.57  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#15 Dede-san

Dede-san
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:37 AM

Posted 24 February 2013 - 12:32 AM

Also, I don't see anything about registry hives.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users