Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

reinstalling Extender Player


  • This topic is locked This topic is locked
17 replies to this topic

#1 juley

juley

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 AM

Posted 02 June 2013 - 07:31 AM

Hello,

my computer is in really bad shape and I hope I can fix it with your help.

When I start windows normally, there is always this pop up which freezes my computer : 
Invalid or missing resource files in the installation directory. please re-install extender player.

 

I use Trend Micro and I tried to find the source but didn't work. As I am not very good with computers, Hope you can help me solve this problem.

I read one of other members's post which I guess he had the same problem, so I am going to send you the results of dds as well.

 

Thank you

Attached Files


Edited by Queen-Evie, 02 June 2013 - 08:26 AM.
Moved from Windows 7 to the appropriate forum. DDS logs are allowed only in MRL forum.


BC AdBot (Login to Remove)

 


#2 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 07 June 2013 - 05:24 AM

Hi and Welcome!! Juley :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! ;)

======================

Sorry for any delay....do you still need help?
 


- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#3 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 10 June 2013 - 10:43 PM

Topic reopened

Edited by Robybel, 10 June 2013 - 11:02 PM.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#4 juley

juley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 AM

Posted 10 June 2013 - 11:11 PM

Hi and Welcome!! Juley :)

My name is Robybel.

I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! ;)

======================

Sorry for any delay....do you still need help?
 

 

 

 

Hello,

 

Ok, and thank you for helping me out here. yes I am waiting for your response. 

 

 

:rolleyes: 


Edited by juley, 11 June 2013 - 07:21 AM.


#5 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 11 June 2013 - 09:12 PM

Hi juley :)

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next

AdwCleaner
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Next

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next
  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.

On your next reply please post :
  • checkup.txt
  • AdwCleaner[S1].txt
  • JRT.txt
  • All RKreport.txt

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#6 juley

juley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 AM

Posted 12 June 2013 - 05:33 PM

Hi Robybel,

 

Bellow you can find all that you asked for, please let me know if I need to add somethings as well.

 

Thank you for your help

  • checkup.txt

 

 Results of screen317's Security Check version 0.99.64  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Trend Micro Titanium Internet Security 2012   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 37  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox 20.0.1 Firefox out of Date!  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 
  • AdwCleaner[S1].txt

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 17:47:25
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Juley - Juley-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Juley\Downloads\adwcleaner.exe
# Option [Delete]
 
 
 
 
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\ProgramData\Browser Manager
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\ChatZum Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\ChatZum Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2086743
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44d07caa-4fc4-5a84-9951-a485ad808d0e}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44d07caa-4fc4-5a84-9951-a485ad808d0e}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16576
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v20.0.1 (en-US)
 
File : C:\Users\Juley\AppData\Roaming\Mozilla\Firefox\Profiles\913v98ta.default\prefs.js
 
C:\Users\Juley\AppData\Roaming\Mozilla\Firefox\Profiles\913v98ta.default\user.js ... Deleted !
 
[OK] File is clean.
 
File : C:\Users\Juley\AppData\Roaming\Mozilla\Firefox\Profiles\9fc77lyl.default-1358347465405\prefs.js
 
C:\Users\Juley\AppData\Roaming\Mozilla\Firefox\Profiles\9fc77lyl.default-1358347465405\user.js ... Deleted !
 
Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationTime", 1360849790);
Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.searchUserConifrmation", fal[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp26278.26278.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp26278.26278.active", true);
Deleted : user_pref("extensions.crossriderapp26278.26278.addressbar", "");
Deleted : user_pref("extensions.crossriderapp26278.26278.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp26278.26278.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp26278.26278.backgroundver", 3);
Deleted : user_pref("extensions.crossriderapp26278.26278.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp26278.26278.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp26278.26278.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.InstallationTime.value", "1360849790");
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_aoi.value", "1360849790");
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_arbitrary_code.expiration", "Thu Feb 14 2[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_arbitrary_code.value", "%22%28function%28[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_blocklist.expiration", "Thu Feb 14 2013 0[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_cf_bu1.value", "1360850364");
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_country_code.expiration", "Thu Feb 21 201[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_country_code.value", "%22CA%22");
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_crr.value", "1360850358");
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_currenttime.value", "%221360798004%22");
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_installtime.value", "%221360789568%22");
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_parent_zoneid.value", "%22142728%22");
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_pc_20120828.value", "1360849891604");
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_product_id.value", "%221383%22");
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie._GPL_zoneid.value", "%22143664%22");
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp26278.26278.cookie.dbtest.value", "1360849887051");
Deleted : user_pref("extensions.crossriderapp26278.26278.description", "Solid Savings");
Deleted : user_pref("extensions.crossriderapp26278.26278.domain", "");
Deleted : user_pref("extensions.crossriderapp26278.26278.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp26278.26278.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp26278.26278.group", 0);
Deleted : user_pref("extensions.crossriderapp26278.26278.homepage", "");
Deleted : user_pref("extensions.crossriderapp26278.26278.iframe", false);
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_appVer.value", "5");
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_nextCheck.expiration", "Thu Feb [...]
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp26278.26278.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp26278.26278.name", "Solid Savings");
Deleted : user_pref("extensions.crossriderapp26278.26278.newtab", "");
Deleted : user_pref("extensions.crossriderapp26278.26278.opensearch", "");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1.ver", 4);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_1000015.ver", 32);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp26278.26278.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp26278.26278.pluginsversion", 2);
Deleted : user_pref("extensions.crossriderapp26278.26278.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp26278.26278.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp26278.26278.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp26278.26278.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp26278.26278.thankyou", "");
Deleted : user_pref("extensions.crossriderapp26278.26278.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp26278.26278.ver", 5);
Deleted : user_pref("extensions.crossriderapp26278.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp26278.apps", "26278");
Deleted : user_pref("extensions.crossriderapp26278.bic", "13cd8f914cb44d3387a3a837589fea06");
Deleted : user_pref("extensions.crossriderapp26278.cid", 26278);
Deleted : user_pref("extensions.crossriderapp26278.firstrun", false);
Deleted : user_pref("extensions.crossriderapp26278.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp26278.installationdate", 1360849868);
Deleted : user_pref("extensions.crossriderapp26278.lastcheck", 22680831);
Deleted : user_pref("extensions.crossriderapp26278.lastcheckitem", 22680839);
Deleted : user_pref("extensions.crossriderapp26278.modetype", "production");
Deleted : user_pref("extensions.crossriderapp26278.reportInstall", true);
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\Juley\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [3362 octets] - [12/06/2013 17:44:35]
AdwCleaner[S2].txt - [26104 octets] - [12/06/2013 17:47:25]
 
########## EOF - C:\AdwCleaner[S2].txt - [26165 octets] ##########
 

 

  • JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Juley on 12/06/2013 at 18:02:20.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\office\word\addins\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1ECD7789-E672-4084-BFBB-F7818A712682}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B2FB0F9D-433A-4066-B770-0DB97E572E79}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files (x86)\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"
Successfully deleted: [File] "C:\Users\Juley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\babylon.lnk"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Juley\appdata\local\premiumplay codec-c"
Successfully deleted: [Folder] "C:\Users\Juley\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Juley\appdata\locallow\radiorage_4j"
Successfully deleted: [Folder] "C:\Users\Juley\appdata\locallow\radiorage_4jei"
Successfully deleted: [Folder] "C:\Program Files (x86)\premiumplay codec-c"
Successfully deleted: [Folder] "C:\Program Files (x86)\radiorage_4jei"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
Successfully deleted: [Folder] "C:\Program Files (x86)\ytd toolbar"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/06/2013 at 18:07:52.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
RKreport.txt

 

1)
 
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Juley [Admin rights]
Mode : Scan -- Date : 06/12/2013 18:11:35
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] {45500098-9BE1-4E75-860A-A4AB490B899C} : C:\Users\Juley\Desktop\voice.exe  [x] -> FOUND
[TASK][SUSP PATH] {B5079353-E9E9-4710-9F5A-295D873BF93A} : C:\Users\Juley\Desktop\voice.exe  [x] -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG HM641JX +++++
--- User ---
[MBR] e48eda79150948c479ded098a8eaf95e
[BSP] 26faae89569724d2999fd71370311268 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10408 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21319680 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21524480 | Size: 599969 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_06122013_02d1811.txt >>
RKreport[1]_S_06122013_02d1811.txt
 
2)
 
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Juley [Admin rights]
Mode : Remove -- Date : 06/12/2013 18:13:06
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] {45500098-9BE1-4E75-860A-A4AB490B899C} : C:\Users\Juley\Desktop\voice.exe  [x] -> DELETED
[TASK][SUSP PATH] {B5079353-E9E9-4710-9F5A-295D873BF93A} : C:\Users\Juley\Desktop\voice.exe  [x] -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SAMSUNG HM641JX +++++
--- User ---
[MBR] e48eda79150948c479ded098a8eaf95e
[BSP] 26faae89569724d2999fd71370311268 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10408 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21319680 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21524480 | Size: 599969 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[2]_D_06122013_02d1813.txt >>
RKreport[1]_S_06122013_02d1811.txt ; RKreport[2]_D_06122013_02d1813.txt
 
 
 

3)

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Juley [Admin rights]
Mode : Shortcuts HJfix -- Date : 06/12/2013 18:18:18
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 7 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 59 / Fail 0
Start menu: Success 3 / Fail 0
User folder: Success 477 / Fail 0
My documents: Success 7 / Fail 7
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 673 / Fail 0
Backup: [NOT FOUND]
 
Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
 
Finished : << RKreport[3]_SC_06122013_02d1818.txt >>
RKreport[1]_S_06122013_02d1811.txt ; RKreport[2]_D_06122013_02d1813.txt ; RKreport[3]_SC_06122013_02d1818.txt
 
 
 

 

:)

 



#7 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 12 June 2013 - 08:39 PM

Hi juley


Please read through these instructions to familarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#8 juley

juley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 AM

Posted 13 June 2013 - 08:10 PM

Hello Robybel,
 
Below, you may find the ComboFix.txt information:

 

 
ComboFix 13-06-13.01 - Juley 13/06/2013  18:07:04.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.3767.1928 [GMT -4:00]
Running from: c:\users\Juley\Downloads\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Juley\AppData\Local\Temp\_MEI44202\_ctypes.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\_elementtree.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\_hashlib.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\_multiprocessing.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\_socket.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\_ssl.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\pyexpat.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\pysqlite2._sqlite.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\python27.dll
c:\users\Juley\AppData\Local\Temp\_MEI44202\pythoncom27.dll
c:\users\Juley\AppData\Local\Temp\_MEI44202\PyWinTypes27.dll
c:\users\Juley\AppData\Local\Temp\_MEI44202\select.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\unicodedata.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\win32api.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\win32com.shell.shell.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\win32crypt.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\win32event.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\win32file.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\win32inet.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\win32pdh.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\win32process.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\win32profile.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\win32security.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\win32ts.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\windows._cacheinvalidation.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\wx._controls_.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\wx._core_.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\wx._gdi_.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\wx._html2.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\wx._misc_.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\wx._windows_.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\wx._wizard.pyd
c:\users\Juley\AppData\Local\Temp\_MEI44202\wxbase294u_net_vc90.dll
c:\users\Juley\AppData\Local\Temp\_MEI44202\wxbase294u_vc90.dll
c:\users\Juley\AppData\Local\Temp\_MEI44202\wxmsw294u_adv_vc90.dll
c:\users\Juley\AppData\Local\Temp\_MEI44202\wxmsw294u_core_vc90.dll
c:\users\Juley\AppData\Local\Temp\_MEI44202\wxmsw294u_html_vc90.dll
c:\users\Juley\AppData\Local\Temp\_MEI44202\wxmsw294u_webview_vc90.dll
.
---- Previous Run -------
.
c:\program files (x86)\tbkset\param.ini
c:\program files (x86)\tbkset\tbkSet.exe.old
c:\program files (x86)\tbkset\tbkSetHome.exe.bak
c:\users\Juley\AppData\Local\Temp\_MEI45322\_ctypes.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\_elementtree.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\_hashlib.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\_multiprocessing.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\_socket.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\_ssl.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\pyexpat.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\pysqlite2._sqlite.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\python27.dll
c:\users\Juley\AppData\Local\Temp\_MEI45322\pythoncom27.dll
c:\users\Juley\AppData\Local\Temp\_MEI45322\PyWinTypes27.dll
c:\users\Juley\AppData\Local\Temp\_MEI45322\select.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\unicodedata.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\win32api.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\win32com.shell.shell.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\win32crypt.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\win32event.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\win32file.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\win32inet.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\win32pdh.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\win32process.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\win32profile.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\win32security.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\win32ts.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\windows._cacheinvalidation.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\wx._controls_.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\wx._core_.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\wx._gdi_.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\wx._html2.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\wx._misc_.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\wx._windows_.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\wx._wizard.pyd
c:\users\Juley\AppData\Local\Temp\_MEI45322\wxbase294u_net_vc90.dll
c:\users\Juley\AppData\Local\Temp\_MEI45322\wxbase294u_vc90.dll
c:\users\Juley\AppData\Local\Temp\_MEI45322\wxmsw294u_adv_vc90.dll
c:\users\Juley\AppData\Local\Temp\_MEI45322\wxmsw294u_core_vc90.dll
c:\users\Juley\AppData\Local\Temp\_MEI45322\wxmsw294u_html_vc90.dll
c:\users\Juley\AppData\Local\Temp\_MEI45322\wxmsw294u_webview_vc90.dll
c:\users\Juley\GoogleTalkLabsEditionSetup.exe
c:\users\Juley\installer_adobe_acrobat_7_0_professional_7_0_English.exe
c:\users\Juley\videos\iLividSetupV1(1).exe
c:\users\Juley\videos\iLividSetupV1.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-13 to 2013-06-13  )))))))))))))))))))))))))))))))
.
.
2013-06-13 22:42 . 2013-06-13 22:42 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B8AF6DA-4A5A-4726-B9BA-A1F07C8D9341}\offreg.dll
2013-06-13 22:34 . 2013-06-13 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-12 22:02 . 2013-06-12 22:02 -------- d-----w- c:\windows\ERUNT
2013-06-12 22:01 . 2013-06-12 22:02 -------- dc----w- C:\JRT
2013-06-12 21:44 . 2013-06-12 21:47 144 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-12 21:30 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 21:30 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 21:30 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 21:30 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 21:30 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-11 11:34 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B8AF6DA-4A5A-4726-B9BA-A1F07C8D9341}\mpengine.dll
2013-06-09 17:37 . 2013-06-09 17:37 -------- d-----w- c:\program files (x86)\GreenTree Applications
2013-06-09 15:03 . 2013-06-13 18:53 -------- d-s---w- c:\users\Juley\Google Drive
2013-05-26 17:23 . 2013-05-26 17:23 -------- d-----w- c:\users\Juley\AppData\Local\EZSoftMagic
2013-05-26 17:23 . 2013-05-26 17:24 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-05-26 17:02 . 2013-05-26 17:12 -------- d-----w- c:\program files (x86)\Windows Audio Recorder Professional
2013-05-26 17:01 . 2012-07-17 21:59 1132448 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-05-26 17:01 . 2013-03-14 23:22 58264 ------w- c:\windows\ExentInfo.exe
2013-05-26 16:55 . 2004-08-10 09:00 1355776 ----a-w- c:\windows\SysWow64\msvbvm50.dll
2013-05-26 16:55 . 2002-01-05 13:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2013-05-26 16:34 . 2013-05-26 16:34 -------- d-----w- c:\users\Juley\AppData\Roaming\Recordpad
2013-05-21 16:42 . 2013-05-21 16:42 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-05-21 16:42 . 2013-05-21 16:42 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-05-21 16:40 . 2013-05-23 01:11 -------- d-----w- c:\programdata\Sony Ericsson
2013-05-21 16:39 . 2013-05-23 01:11 -------- d-----w- c:\program files (x86)\Sony Ericsson
2013-05-21 16:08 . 2013-05-21 16:47 -------- dc----w- C:\temp
2013-05-15 12:30 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 12:30 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 12:30 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 12:29 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 12:29 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 12:29 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 12:29 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 12:29 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 12:29 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 12:29 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 12:29 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 12:29 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 00:16 . 2011-01-27 23:59 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 15:28 . 2012-04-06 13:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:28 . 2011-05-20 19:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 05:29 . 2013-05-07 05:29 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-07 05:29 . 2013-05-07 05:29 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-07 05:29 . 2013-05-07 05:29 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-07 05:29 . 2013-05-07 05:29 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-07 05:29 . 2013-05-07 05:29 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-07 05:29 . 2013-05-07 05:29 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-07 05:29 . 2013-05-07 05:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-07 05:29 . 2013-05-07 05:29 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-07 05:29 . 2013-05-07 05:29 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-07 05:29 . 2013-05-07 05:29 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-07 05:29 . 2013-05-07 05:29 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-07 05:29 . 2013-05-07 05:29 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-07 05:29 . 2013-05-07 05:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-07 05:29 . 2013-05-07 05:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-07 05:29 . 2013-05-07 05:29 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-07 05:29 . 2013-05-07 05:29 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-07 05:29 . 2013-05-07 05:29 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-07 05:29 . 2013-05-07 05:29 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-07 05:29 . 2013-05-07 05:29 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-07 05:29 . 2013-05-07 05:29 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-07 05:29 . 2013-05-07 05:29 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-07 05:29 . 2013-05-07 05:29 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-07 05:29 . 2013-05-07 05:29 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-07 05:29 . 2013-05-07 05:29 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-07 05:29 . 2013-05-07 05:29 441856 ----a-w- c:\windows\system32\html.iec
2013-05-07 05:29 . 2013-05-07 05:29 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-07 05:29 . 2013-05-07 05:29 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-07 05:29 . 2013-05-07 05:29 235008 ----a-w- c:\windows\system32\url.dll
2013-05-07 05:29 . 2013-05-07 05:29 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-07 05:29 . 2013-05-07 05:29 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-07 05:29 . 2013-05-07 05:29 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 05:29 . 2013-05-07 05:29 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-07 05:29 . 2013-05-07 05:29 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-07 05:29 . 2013-05-07 05:29 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 05:29 . 2013-05-07 05:29 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-07 05:29 . 2013-05-07 05:29 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-07 05:29 . 2013-05-07 05:29 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-07 05:29 . 2013-05-07 05:29 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-07 05:29 . 2013-05-07 05:29 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-07 05:29 . 2013-05-07 05:29 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-07 05:29 . 2013-05-07 05:29 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-07 05:29 . 2013-05-07 05:29 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-07 05:29 . 2013-05-07 05:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-07 05:29 . 2013-05-07 05:29 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-07 05:29 . 2013-05-07 05:29 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-07 05:29 . 2013-05-07 05:29 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-07 05:29 . 2013-05-07 05:29 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-07 05:29 . 2013-05-07 05:29 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-07 05:29 . 2013-05-07 05:29 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-07 05:27 . 2013-05-07 05:27 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-05-07 05:27 . 2013-05-07 05:27 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-07 05:27 . 2013-05-07 05:27 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-07 05:27 . 2013-05-07 05:27 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-07 05:27 . 2013-05-07 05:27 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-07 05:27 . 2013-05-07 05:27 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-07 05:27 . 2013-05-07 05:27 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-07 05:27 . 2013-05-07 05:27 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-07 05:27 . 2013-05-07 05:27 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-07 05:27 . 2013-05-07 05:27 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-07 05:27 . 2013-05-07 05:27 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-07 05:27 . 2013-05-07 05:27 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-07 05:27 . 2013-05-07 05:27 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-05-07 05:27 . 2013-05-07 05:27 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-07 05:27 . 2013-05-07 05:27 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-07 05:27 . 2013-05-07 05:27 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-05-07 05:27 . 2013-05-07 05:27 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-07 05:27 . 2013-05-07 05:27 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-07 05:27 . 2013-05-07 05:27 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-05-07 05:27 . 2013-05-07 05:27 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-05-07 05:27 . 2013-05-07 05:27 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-05-07 05:27 . 2013-05-07 05:27 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-05-07 05:27 . 2013-05-07 05:27 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-05-07 05:27 . 2013-05-07 05:27 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-05-07 05:27 . 2013-05-07 05:27 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-07 05:27 . 2013-05-07 05:27 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-07 05:27 . 2013-05-07 05:27 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-05-07 05:27 . 2013-05-07 05:27 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-07 05:27 . 2013-05-07 05:27 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-05-07 05:27 . 2013-05-07 05:27 194560 ----a-w- c:\windows\system32\d3d10_1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\Juley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\Juley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\Juley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-31 39408]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-06-22 81264]
"VRLPHelper"="c:\program files (x86)\Sony\Media Gallery\VRLPHelper.exe" [2010-06-22 183152]
"googletalk"="c:\users\Juley\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MediaFire Tray"="c:\users\Juley\AppData\Local\MediaFire Express\mf_systray.exe" [2013-04-04 2349640]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2013-03-10 2598496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-03-02 1583808]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-06-21 99696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Juley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Juley\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200429]
   Ime File REG_SZ         GOOGLEINPUT_FA.IME
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys;c:\windows\SYSNATIVE\DRIVERS\tmeevw.sys [x]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys;c:\windows\SYSNATIVE\DRIVERS\tmnciesc.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 23:32 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:28]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 18:50]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 18:50]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3834623476-1111912455-662031263-1000Core.job
- c:\users\Juley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 15:50]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3834623476-1111912455-662031263-1000UA.job
- c:\users\Juley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 15:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\Juley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\Juley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\Juley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\Juley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-27 10135584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415256]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-12-18 1304296]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = 
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Juley\AppData\Roaming\Mozilla\Firefox\Profiles\9fc77lyl.default-1358347465405\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
URLSearchHooks-{3bbd3c14-4c16-4989-8366-95bc9179779d} - (no file)
Wow6432Node-HKCU-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
Wow6432Node-HKLM-Run-c:\program files (x86)\Free Video Zilla\FVZilla.exe - (no file)
Wow6432Node-HKLM-Run-tbk_hao123 - c:\program files (x86)\tbkset\tbkSet.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Premiumplay Codec-C - c:\program files (x86)\Premiumplay Codec-C\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Completion time: 2013-06-13  19:18:45 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-13 23:18
.
Pre-Run: 479,792,635,904 bytes free
Post-Run: 479,641,333,760 bytes free
.
- - End Of File - - 3D2D7325AC11A31A45C28A1FCEAD14D0
D41D8CD98F00B204E9800998ECF8427E  


#9 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 14 June 2013 - 03:58 AM

Hi juley :)


Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
ClearJavaCache

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif

Next

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAM.PNG
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=============================== Next =======================================



ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png
    Please let me know how your machine is running and if there are any outstanding issues


    On your next reply please post :
  • MBAM log
  • Eset report

  • Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#10 juley

juley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 AM

Posted 14 June 2013 - 06:34 AM

Hi Robybel,

 

Fortunately, after completing the latest downloads and running the scans, I don't get the message "Invalid or missing resource files in the installation directory. please re-install extender player"any more.

Do you suggest to continue the processing and this is just a transient improve which could harm my computer later or not.

 

Thank you so much for helping  :) 



#11 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 14 June 2013 - 12:14 PM

Hi juley

 

Fortunately, after completing the latest downloads and running the scans

 

 

 

You're right :) But I don't see the logs :wink:

On your next reply Please post both logs


- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#12 juley

juley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 AM

Posted 14 June 2013 - 12:29 PM

Combofix.txt: 
 
ComboFix 13-06-13.01 - juley 13/06/2013  18:07:04.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.3767.1928 [GMT -4:00]
Running from: c:\users\juley\Downloads\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\juley\AppData\Local\Temp\_MEI44202\_ctypes.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\_elementtree.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\_hashlib.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\_multiprocessing.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\_socket.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\_ssl.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\pyexpat.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\pysqlite2._sqlite.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\python27.dll
c:\users\juley\AppData\Local\Temp\_MEI44202\pythoncom27.dll
c:\users\juley\AppData\Local\Temp\_MEI44202\PyWinTypes27.dll
c:\users\juley\AppData\Local\Temp\_MEI44202\select.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\unicodedata.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\win32api.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\win32com.shell.shell.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\win32crypt.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\win32event.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\win32file.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\win32inet.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\win32pdh.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\win32process.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\win32profile.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\win32security.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\win32ts.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\windows._cacheinvalidation.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\wx._controls_.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\wx._core_.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\wx._gdi_.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\wx._html2.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\wx._misc_.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\wx._windows_.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\wx._wizard.pyd
c:\users\juley\AppData\Local\Temp\_MEI44202\wxbase294u_net_vc90.dll
c:\users\juley\AppData\Local\Temp\_MEI44202\wxbase294u_vc90.dll
c:\users\juley\AppData\Local\Temp\_MEI44202\wxmsw294u_adv_vc90.dll
c:\users\juley\AppData\Local\Temp\_MEI44202\wxmsw294u_core_vc90.dll
c:\users\juley\AppData\Local\Temp\_MEI44202\wxmsw294u_html_vc90.dll
c:\users\juley\AppData\Local\Temp\_MEI44202\wxmsw294u_webview_vc90.dll
.
---- Previous Run -------
.
c:\program files (x86)\tbkset\param.ini
c:\program files (x86)\tbkset\tbkSet.exe.old
c:\program files (x86)\tbkset\tbkSetHome.exe.bak
c:\users\juley\AppData\Local\Temp\_MEI45322\_ctypes.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\_elementtree.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\_hashlib.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\_multiprocessing.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\_socket.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\_ssl.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\pyexpat.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\pysqlite2._sqlite.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\python27.dll
c:\users\juley\AppData\Local\Temp\_MEI45322\pythoncom27.dll
c:\users\juley\AppData\Local\Temp\_MEI45322\PyWinTypes27.dll
c:\users\juley\AppData\Local\Temp\_MEI45322\select.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\unicodedata.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\win32api.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\win32com.shell.shell.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\win32crypt.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\win32event.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\win32file.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\win32inet.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\win32pdh.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\win32process.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\win32profile.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\win32security.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\win32ts.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\windows._cacheinvalidation.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\wx._controls_.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\wx._core_.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\wx._gdi_.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\wx._html2.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\wx._misc_.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\wx._windows_.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\wx._wizard.pyd
c:\users\juley\AppData\Local\Temp\_MEI45322\wxbase294u_net_vc90.dll
c:\users\juley\AppData\Local\Temp\_MEI45322\wxbase294u_vc90.dll
c:\users\juley\AppData\Local\Temp\_MEI45322\wxmsw294u_adv_vc90.dll
c:\users\juley\AppData\Local\Temp\_MEI45322\wxmsw294u_core_vc90.dll
c:\users\juley\AppData\Local\Temp\_MEI45322\wxmsw294u_html_vc90.dll
c:\users\juley\AppData\Local\Temp\_MEI45322\wxmsw294u_webview_vc90.dll
c:\users\juley\GoogleTalkLabsEditionSetup.exe
c:\users\juley\installer_adobe_acrobat_7_0_professional_7_0_English.exe
c:\users\juley\videos\iLividSetupV1(1).exe
c:\users\juley\videos\iLividSetupV1.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-13 to 2013-06-13  )))))))))))))))))))))))))))))))
.
.
2013-06-13 22:42 . 2013-06-13 22:42 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B8AF6DA-4A5A-4726-B9BA-A1F07C8D9341}\offreg.dll
2013-06-13 22:34 . 2013-06-13 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-12 22:02 . 2013-06-12 22:02 -------- d-----w- c:\windows\ERUNT
2013-06-12 22:01 . 2013-06-12 22:02 -------- dc----w- C:\JRT
2013-06-12 21:44 . 2013-06-12 21:47 144 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-12 21:30 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 21:30 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 21:30 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 21:30 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 21:30 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-11 11:34 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B8AF6DA-4A5A-4726-B9BA-A1F07C8D9341}\mpengine.dll
2013-06-09 17:37 . 2013-06-09 17:37 -------- d-----w- c:\program files (x86)\GreenTree Applications
2013-06-09 15:03 . 2013-06-13 18:53 -------- d-s---w- c:\users\juley\Google Drive
2013-05-26 17:23 . 2013-05-26 17:23 -------- d-----w- c:\users\juley\AppData\Local\EZSoftMagic
2013-05-26 17:23 . 2013-05-26 17:24 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-05-26 17:02 . 2013-05-26 17:12 -------- d-----w- c:\program files (x86)\Windows Audio Recorder Professional
2013-05-26 17:01 . 2012-07-17 21:59 1132448 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-05-26 17:01 . 2013-03-14 23:22 58264 ------w- c:\windows\ExentInfo.exe
2013-05-26 16:55 . 2004-08-10 09:00 1355776 ----a-w- c:\windows\SysWow64\msvbvm50.dll
2013-05-26 16:55 . 2002-01-05 13:37 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2013-05-26 16:34 . 2013-05-26 16:34 -------- d-----w- c:\users\juley\AppData\Roaming\Recordpad
2013-05-21 16:42 . 2013-05-21 16:42 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-05-21 16:42 . 2013-05-21 16:42 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-05-21 16:40 . 2013-05-23 01:11 -------- d-----w- c:\programdata\Sony Ericsson
2013-05-21 16:39 . 2013-05-23 01:11 -------- d-----w- c:\program files (x86)\Sony Ericsson
2013-05-21 16:08 . 2013-05-21 16:47 -------- dc----w- C:\temp
2013-05-15 12:30 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 12:30 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 12:30 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 12:29 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 12:29 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 12:29 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 12:29 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 12:29 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 12:29 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 12:29 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 12:29 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 12:29 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 00:16 . 2011-01-27 23:59 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 15:28 . 2012-04-06 13:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 15:28 . 2011-05-20 19:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 05:29 . 2013-05-07 05:29 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-07 05:29 . 2013-05-07 05:29 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-07 05:29 . 2013-05-07 05:29 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-07 05:29 . 2013-05-07 05:29 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-07 05:29 . 2013-05-07 05:29 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-07 05:29 . 2013-05-07 05:29 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-07 05:29 . 2013-05-07 05:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-07 05:29 . 2013-05-07 05:29 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-07 05:29 . 2013-05-07 05:29 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-07 05:29 . 2013-05-07 05:29 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-07 05:29 . 2013-05-07 05:29 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-07 05:29 . 2013-05-07 05:29 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-07 05:29 . 2013-05-07 05:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-07 05:29 . 2013-05-07 05:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-07 05:29 . 2013-05-07 05:29 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-07 05:29 . 2013-05-07 05:29 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-07 05:29 . 2013-05-07 05:29 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-07 05:29 . 2013-05-07 05:29 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-07 05:29 . 2013-05-07 05:29 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-07 05:29 . 2013-05-07 05:29 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-07 05:29 . 2013-05-07 05:29 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-07 05:29 . 2013-05-07 05:29 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-07 05:29 . 2013-05-07 05:29 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-07 05:29 . 2013-05-07 05:29 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-07 05:29 . 2013-05-07 05:29 441856 ----a-w- c:\windows\system32\html.iec
2013-05-07 05:29 . 2013-05-07 05:29 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-07 05:29 . 2013-05-07 05:29 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-07 05:29 . 2013-05-07 05:29 235008 ----a-w- c:\windows\system32\url.dll
2013-05-07 05:29 . 2013-05-07 05:29 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-07 05:29 . 2013-05-07 05:29 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-07 05:29 . 2013-05-07 05:29 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 05:29 . 2013-05-07 05:29 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-07 05:29 . 2013-05-07 05:29 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-07 05:29 . 2013-05-07 05:29 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 05:29 . 2013-05-07 05:29 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-07 05:29 . 2013-05-07 05:29 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-07 05:29 . 2013-05-07 05:29 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-07 05:29 . 2013-05-07 05:29 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-07 05:29 . 2013-05-07 05:29 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-07 05:29 . 2013-05-07 05:29 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-07 05:29 . 2013-05-07 05:29 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-07 05:29 . 2013-05-07 05:29 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-07 05:29 . 2013-05-07 05:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-07 05:29 . 2013-05-07 05:29 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-07 05:29 . 2013-05-07 05:29 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-07 05:29 . 2013-05-07 05:29 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-07 05:29 . 2013-05-07 05:29 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-07 05:29 . 2013-05-07 05:29 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-07 05:29 . 2013-05-07 05:29 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-07 05:27 . 2013-05-07 05:27 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-07 05:27 . 2013-05-07 05:27 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-05-07 05:27 . 2013-05-07 05:27 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-05-07 05:27 . 2013-05-07 05:27 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-07 05:27 . 2013-05-07 05:27 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-05-07 05:27 . 2013-05-07 05:27 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-05-07 05:27 . 2013-05-07 05:27 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-05-07 05:27 . 2013-05-07 05:27 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-05-07 05:27 . 2013-05-07 05:27 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-05-07 05:27 . 2013-05-07 05:27 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-05-07 05:27 . 2013-05-07 05:27 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-05-07 05:27 . 2013-05-07 05:27 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-05-07 05:27 . 2013-05-07 05:27 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-05-07 05:27 . 2013-05-07 05:27 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-05-07 05:27 . 2013-05-07 05:27 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-05-07 05:27 . 2013-05-07 05:27 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-05-07 05:27 . 2013-05-07 05:27 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-05-07 05:27 . 2013-05-07 05:27 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-05-07 05:27 . 2013-05-07 05:27 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-07 05:27 . 2013-05-07 05:27 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-05-07 05:27 . 2013-05-07 05:27 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-05-07 05:27 . 2013-05-07 05:27 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-05-07 05:27 . 2013-05-07 05:27 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-05-07 05:27 . 2013-05-07 05:27 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-05-07 05:27 . 2013-05-07 05:27 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-05-07 05:27 . 2013-05-07 05:27 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-05-07 05:27 . 2013-05-07 05:27 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-05-07 05:27 . 2013-05-07 05:27 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-05-07 05:27 . 2013-05-07 05:27 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-05-07 05:27 . 2013-05-07 05:27 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-05-07 05:27 . 2013-05-07 05:27 194560 ----a-w- c:\windows\system32\d3d10_1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\juley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\juley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 130736 ----a-w- c:\users\juley\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-31 39408]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-06-22 81264]
"VRLPHelper"="c:\program files (x86)\Sony\Media Gallery\VRLPHelper.exe" [2010-06-22 183152]
"googletalk"="c:\users\juley\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MediaFire Tray"="c:\users\juley\AppData\Local\MediaFire Express\mf_systray.exe" [2013-04-04 2349640]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2013-03-10 2598496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-03-02 1583808]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-06-21 99696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\juley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\juley\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200429]
   Ime File REG_SZ         GOOGLEINPUT_FA.IME
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 X5XSEx_Pr143;X5XSEx_Pr143;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys;c:\program files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys;c:\windows\SYSNATIVE\DRIVERS\tmeevw.sys [x]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys;c:\windows\SYSNATIVE\DRIVERS\tmnciesc.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 23:32 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:28]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 18:50]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 18:50]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3834623476-1111912455-662031263-1000Core.job
- c:\users\juley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 15:50]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3834623476-1111912455-662031263-1000UA.job
- c:\users\juley\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 15:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\juley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\juley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\juley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-24 17:59 164016 ----a-w- c:\users\juley\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 20:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-27 10135584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415256]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-12-18 1304296]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = 
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\juley\AppData\Roaming\Mozilla\Firefox\Profiles\9fc77lyl.default-1358347465405\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
URLSearchHooks-{3bbd3c14-4c16-4989-8366-95bc9179779d} - (no file)
Wow6432Node-HKCU-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
Wow6432Node-HKLM-Run-c:\program files (x86)\Free Video Zilla\FVZilla.exe - (no file)
Wow6432Node-HKLM-Run-tbk_hao123 - c:\program files (x86)\tbkset\tbkSet.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-Run-Exetender - c:\program files (x86)\Free Ride Games\GPlayer.exe
WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Premiumplay Codec-C - c:\program files (x86)\Premiumplay Codec-C\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Completion time: 2013-06-13  19:18:45 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-13 23:18
.
Pre-Run: 479,792,635,904 bytes free
Post-Run: 479,641,333,760 bytes free
.
- - End Of File - - 3D2D7325AC11A31A45C28A1FCEAD14D0
D41D8CD98F00B204E9800998ECF8427E


#13 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 14 June 2013 - 01:03 PM

Hi juley

 

On your next reply Please post both logs

 

Malwarebytes log and ESET log 

 

 

OK?

 

 


- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#14 juley

juley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 AM

Posted 15 June 2013 - 01:11 PM

Ok !

 

 

:busy:



#15 juley

juley
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 AM

Posted 16 June 2013 - 06:10 PM

OK, Here you are !

 

 

        :busy:

 

 

1)My Eset Scan:

 

C:\Program Files\Trend Micro\AMSP\temp\virus\VHSOKAa02716 HTML/ScrInject.B.Gen virus
C:\Program Files\Trend Micro\AMSP\temp\virus\VKRRSAa07472 HTML/ScrInject.B.Gen virus
C:\Program Files\Trend Micro\AMSP\temp\virus\VKVGN8a06468 HTML/ScrInject.B.Gen virus
 
 
2)Malwarebytes Anti-Malware

 

 
Malwarebytes Anti-Malware 1.75.0.1300 
www.malwarebytes.org
 
Database version: v2013.06.16.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
juley :: juley-VAIO [administrator]
 
16/06/2013 3:26:44 PM
mbam-log-2013-06-16 (15-26-44).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232855
Time elapsed: 10 minute(s), 46 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

Edited by juley, 16 June 2013 - 08:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users