Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probably Redirec Virus , But not sure


  • This topic is locked This topic is locked
23 replies to this topic

#1 underemployed

underemployed

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 09 December 2013 - 03:58 PM

Hi 

I could really appreciate some help here. Whenever i click on links, mostly from google, a weird new window opens us first .. the webpage says www.redirec.com and then opens up an adv page

It could be the redirect virus but i am not sure. My AVira and MalwareBytes scans were clean

Not sure whats going on and i could really use some help here 

 

Thanks

S

 



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:51 PM

Posted 09 December 2013 - 06:36 PM


Hi underemployed and Welcome to BleepingComputer!

Before I can help you, I need you to read this topic and post the two log's it tells you to create.

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 09 December 2013 - 09:34 PM

Hi seedy21

thanks for helping me out here .. should i attach the logs here or send them to via a private message ?

please let me know

thanks

S



#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:51 PM

Posted 10 December 2013 - 02:10 AM

Hi underemployed

Please copy and paste the contents of the logs into your next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 10 December 2013 - 06:00 PM

Hi Seedy21

 

here are the contents of the logs. thanks for your help

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.21.2
Run by YashAkss at 21:30:43 on 2013-12-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6052.2323 [GMT -5:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Soluto\Soluto.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\YashAkss\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 208.59.247.45 208.59.247.46 192.168.1.1
TCP: Interfaces\{278E850B-B59D-4089-ACB8-877E21C6F724} : DHCPNameServer = 59.185.0.23 59.185.0.50
TCP: Interfaces\{4372C3A9-54C9-4E04-87CB-6E1833FF6F47} : DHCPNameServer = 208.59.247.45 208.59.247.46 192.168.1.1
TCP: Interfaces\{4372C3A9-54C9-4E04-87CB-6E1833FF6F47}\0557A6162737 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{4372C3A9-54C9-4E04-87CB-6E1833FF6F47}\25F6262696E637 : DHCPNameServer = 8.8.8.8 8.8.4.4 10.245.2.94
TCP: Interfaces\{4372C3A9-54C9-4E04-87CB-6E1833FF6F47}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4372C3A9-54C9-4E04-87CB-6E1833FF6F47}\D416272796F64747 : DHCPNameServer = 12.127.16.68 12.127.17.72
TCP: Interfaces\{4372C3A9-54C9-4E04-87CB-6E1833FF6F47}\D445E4C4 : DHCPNameServer = 59.185.0.23 59.185.0.50
TCP: Interfaces\{4B2F1EDC-5F67-426C-A074-A5247B28ADAD} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Soluto] c:\program files\soluto\soluto.exe /init
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\ebpvjbcy.del\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\YashAkss\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - ExtSQL: 2013-12-01 20:22; {B21F5E31-B8E8-41CD-B74C-168A71A10E49}; C:\Users\YashAkss\AppData\Local\GreatArcadeHits\gahff.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-11-14 55856]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2012-12-20 54728]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-25 283200]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-9-16 39528]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-11-14 89600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-20 440376]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-20 440376]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 107416]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2012-11-9 1200160]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-21 701512]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-11-14 1695040]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2012-12-20 183432]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-12-20 542344]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-11-14 77824]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-3-8 36480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-3-8 340096]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-3-8 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-3-8 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-3-8 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-3-8 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-3-8 281472]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-3-8 551552]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-11-14 172704]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-11-14 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-21 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-11-14 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-3-8 107648]
S3 CLKMSVC10_9EC60124;CyberLink Product - 2012/11/14 01:46:43;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-11 248304]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-21 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-11-14 158976]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-2-27 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-2-27 180736]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-11-14 250984]
S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2012-12-20 1246344]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-20 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-3-8 159360]
.
=============== Created Last 30 ================
.
2013-12-02 01:33:58 -------- d-----w- C:\Downloads
2013-12-02 01:33:47 -------- d-----w- C:\Program Files (x86)\vSoft
2013-12-02 01:22:58 -------- d-----w- C:\Program Files (x86)\Free RapidShare Downloader
2013-11-13 18:13:32 1474048 ----a-w- C:\Windows\System32\crypt32.dll
.
==================== Find3M  ====================
.
2013-12-03 12:44:32 107416 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-11-27 04:05:48 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-11-27 04:05:48 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH: 21:31:15.70 ===============
 
 
 
ATTACH.txt
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume3
Install Date: 12/20/2012 9:25:00 PM
System Uptime: 12/9/2013 11:12:06 AM (10 hours ago)
.
Motherboard: Dell Inc. |  | 01HXXJ
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 202 GiB total, 90.392 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 250 GiB total, 4.078 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe Digital Editions 2.0
Adobe Flash Player 10 ActiveX
Adobe Reader XI
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 6
Atheros Bluetooth Suite (64)
Avira Free Antivirus
Bonjour
calibre
CBR Reader
CCleaner
Cisco EAP-FAST Module
Contents
Corel VideoStudio Ultimate X5
CyberLink PowerDVD 9.6
D3DX10
DAEMON Tools Lite
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Support Center
Dell Touchpad
Dell Webcam Central
Dell WLAN and Bluetooth Client Installation
DirectX 9 Runtime
eMule
Fitbit Connect
Google Chrome
Google Drive
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
ICA
IDT Audio
Intel® Processor Graphics
IPM_VS_Pro
ISCOM
iTunes
Java 7 Update 21
Java Auto Updater
Junk Mail filter update
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 23.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
PhotoShowExpress
Picasa 3
Power MP3 Cutter Joiner 1.12
Quickset64
RBVirtualFolder64Inst
Riva FLV Encoder 2.0
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Sansa Updater
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Setup
Share
Share64
SmartSound Common Data
SmartSound Quicktracks 5
Soluto
Sonic CinePlayer Decoder Pack
TrueCrypt
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wmaiper
TurboTax 2012 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.3
VSClassic
VSHelp
VSUltimate
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinRAR 4.20 (64-bit)
XBMC
.
==== Event Viewer Messages From Past Week ========
.
12/9/2013 11:12:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa80037feb70, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120913-14133-01.
12/7/2013 12:56:48 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa80037feb70, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120713-19843-01.
12/7/2013 10:00:01 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
12/5/2013 7:27:41 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
12/5/2013 7:27:11 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
12/5/2013 7:26:41 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
12/5/2013 7:26:11 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
12/5/2013 7:25:41 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
12/3/2013 2:20:49 AM, Error: Service Control Manager [7031]  - The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/3/2013 2:20:49 AM, Error: Service Control Manager [7031]  - The Windows Audio Endpoint Builder service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/3/2013 2:20:49 AM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/3/2013 2:20:49 AM, Error: Service Control Manager [7031]  - The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/3/2013 2:20:49 AM, Error: Service Control Manager [7031]  - The Network Connections service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.
12/3/2013 2:20:49 AM, Error: Service Control Manager [7031]  - The Human Interface Device Access service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/3/2013 2:20:49 AM, Error: Service Control Manager [7031]  - The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/3/2013 2:20:49 AM, Error: Service Control Manager [7031]  - The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/3/2013 2:20:49 AM, Error: Service Control Manager [7031]  - The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
 
 
Thanks for your help
 
S

Edited by underemployed, 10 December 2013 - 07:14 PM.


#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:51 PM

Posted 13 December 2013 - 02:54 AM

Hello underemployed

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Before we continue can you tell me which country and ISP you are with?



Step 1

We need to stop DAEMON Tools Lite running as it will stop our fixes from working. Please do not run this tool until we have cleaned your computer.

Please download Defogger and save it to your Desktop.
  • Double click Defogger.exe to run the program.
    Note Windows Vista /7 should right click and Run As Administrator
  • Click on Disable and then Yes. The Scan may take a while to complete
When this has completed you will get a new window open with the Finished box, click Continue and Close Defogger Down

Step 2

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case UTorrent and emule ). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Step 3

Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 4

Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Unzip the folder (Right Click > Extract all > Next > Next > Make sure Show Extracted Files is tick and Click Finish ).
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
    autoclean;
    silentrunners;
    standardsearch;
    
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

Edited by seedy21, 13 December 2013 - 02:55 AM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 13 December 2013 - 09:49 PM

hi seedy21 ... i really appreciate your help and i understand that you are volunteering your time to fix my issues here.

to answer your questions .. my ISP is RCN and country is USA.

Attached are the log files that you requested for

 

AdwCleaner[S0]

 

# AdwCleaner v3.015 - Report created 13/12/2013 at 21:16:42
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : YashAkss - AMARPREM
# Running from : C:\Users\YashAkss\Desktop\BleepingComputer\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v23.0 (en-US)
 
[ File : C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\ebpvjbcy.del\prefs.js ]
 
 
[ File : C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\n00bdviz.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1943 octets] - [13/12/2013 21:14:24]
AdwCleaner[S0].txt - [1880 octets] - [13/12/2013 21:16:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1940 octets] ##########
 
 
 
zoek-results Log
 
Zoek.exe Version 4.0.0.5 Updated 12-December-2013
Tool run by YashAkss on Fri 12/13/2013 at 21:25:04.56.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\YashAkss\Desktop\BleepingComputer\zoek.exe  [Script inserted] 
 
==== System Restore Info ======================
 
12/13/2013 9:26:09 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Running Processes ======================
 
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Users\YashAkss\Desktop\BleepingComputer\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\YashAkss\AppData\Local\Google\Update\GoogleUpdate.exe
 
==== Deleting Services ======================
 
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 6053 MB
CPU Info: Intel® Core™ i3-2350M CPU @ 2.30GHz
CPU Speed: 2306.5 MHz
Sound Card: Speakers / Headphones (IDT High | 
Communications Headphones (IDT  | 
Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Bluetooth Device (Personal Area Network) | Dell Wireless 1703 802.11b/g/n (2.4GHz) | Realtek PCIe FE Family Controller
CD / DVD Drives: 2x (D: | F: | ) D: HL-DT-STDVD+-RW GT50N    | F: DTSOFT  BDROM
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 2 Button Wheel Mouse Present
Hard Disks: C:  202.1GB | E:  250.0GB
Hard Disks - Free: C:  82.5GB | E:  2.0GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 08/03/12 | DELL   - 1072009
Time Zone: Eastern Standard Time
Motherboard *: Dell Inc. 01HXXJ
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 31.0.1650.63
Internet Explorer Version: 11.0.9600.16476 
Mozilla Firefox version: 23.0 (x86 en-US)
Google Chrome version: 31.0.1650.63
Adobe Reader version: 11.0.0.379
Sun Java version: 1.7.0_21 (32-bit) 
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2013-12-07 05:56:34 60A5ECACF614A02129EBE46F9FD42826 646577981 ----a-w- C:\Windows\MEMORY.DMP
====== C:\Users\YashAkss\AppData\Local\Temp ====
2013-12-02 01:02:56 974A4FBA0FFBF10FAEECE714017DF617 163744 ----a-w- C:\Users\YashAkss\AppData\Local\Temp\is1070216317\1445665_stp\SCC.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2013-12-13 08:05:09 6C4B2E1A25841077084EB9F76FF6FFA7 11410432 ----a-w- C:\Windows\SysWOW64\wmp.dll
2013-12-13 08:05:09 02DF0628BE8B64B84D50FBE53549AA3B 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 08:02:20 C74500A1BCB4113A7310295DD3FA4440 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 08:02:19 3D43EAC957F2F797BE82CF6B04A933F8 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 08:02:19 355BF103E2CF862B00EEB3731E25E802 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-12-13 08:02:18 35DE59C975A0C97E8DBBE095BCC3644E 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 08:02:17 B2E1F7B212502BB49AAD4EFAD37C5CF5 2166784 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-12-13 08:02:17 927FA6456AD6D7630F6854828D2FD16B 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-12-13 08:02:17 08881C59F795C356DE12067E44FFD260 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 08:02:16 84EAF0A08C7742697816E148C066D757 1928192 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 08:02:16 0763C5D8660436D4D961F72609E33BBE 1157632 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-12-13 08:02:15 4B638CE3DAA3A082E576C0DDF9D635D4 11221504 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-12-13 08:02:14 BFAFE990C4A191E83843362B5AC64A9B 17112576 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-12-13 08:02:14 A60A222D3126DD9E380F9D8B651BC13D 4243968 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-12-12 08:06:40 AFA53BD631FB0509A91A99391209BB70 301568 ----a-w- C:\Windows\SysWOW64\msieftp.dll
2013-12-12 08:06:38 E9504E484076585F6DA3C59F0E20E122 417792 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 08:06:38 E7B9D5FF20FFDD4AAE2EF1D1B8C27A37 159232 ----a-w- C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 08:06:35 4EC2C3B15B9EC41AD0D6CD918D20376E 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll
2013-12-12 08:06:32 A3B1D1312602280839A4A2AFBDFD066E 163840 ----a-w- C:\Windows\SysWOW64\scrrun.dll
2013-12-12 08:06:32 A3A35EE79C64A640152B3113E6E254E2 126976 ----a-w- C:\Windows\SysWOW64\cscript.exe
2013-12-12 08:06:32 979D74799EA6C8B8167869A68DF5204A 141824 ----a-w- C:\Windows\SysWOW64\wscript.exe
2013-12-12 08:06:32 09F65975C1C9793B923BB52A7FA83453 121856 ----a-w- C:\Windows\SysWOW64\wshom.ocx
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-12-13 08:05:09 AB272BBFB05A8585C3405EFA9F605774 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL
2013-12-13 08:05:07 8CBBB27369F9F07BC5E874E750EAF9D0 14631424 ----a-w- C:\Windows\Sysnative\wmp.dll
2013-12-13 08:02:20 FB13F4873F6747AB4E3C37CAFEA8ACAE 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2013-12-13 08:02:20 A3427586C75749B51BF5DEBEDEB4AD5C 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-12-13 08:02:19 EF098867663B07247587587C29E631DB 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2013-12-13 08:02:19 4E249022336591E9C6DE374A68C18EF6 574976 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-12-13 08:02:19 3A722B49408BE7FE8A375C3B8FD57BB1 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2013-12-13 08:02:19 2A0B7281854ACBECA25D8FDD06A4D714 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-12-13 08:02:19 0F753FDA08F495E515629210FF0DA59E 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2013-12-13 08:02:18 DACB9A752CEB29C1D931514EF73803E1 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2013-12-13 08:02:18 95EED00D70485F6F82983EB7C03CC42A 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2013-12-13 08:02:18 40B33A42F90DED26DE4F5AAFA00F24CA 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2013-12-13 08:02:18 2E2875FFC6C2DC1ACF4F46AFC7819BD5 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2013-12-13 08:02:18 16B0A65F52531B769B891DC251ECC6C0 23183360 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-12-13 08:02:18 14074CF6190B937EB70BE2F93113B5FE 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2013-12-13 08:02:17 7016991D493B9F9FA492E75BD13D031D 2764288 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-12-13 08:02:16 FA30E3DC75EA42FE19B819F30FBDED8D 1995264 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2013-12-13 08:02:16 EDF5C6A9F33FBD3D717D1B77A9864C64 12996608 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-12-13 08:02:16 C8CF11D73017CC588411FCB936891CF4 1395200 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-12-13 08:02:16 9B6678DB9C6A232C5A84D2FDFFF8B0E1 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-12-13 08:02:14 6491B719695D713335B431FCF0EAE28B 5769216 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-12-12 08:06:40 AC38EC8D0C1B4C783CA6A24D239A71B7 335360 ----a-w- C:\Windows\Sysnative\msieftp.dll
2013-12-12 08:06:39 97D50B0CABF18A6D40F8883D02DDB519 3155968 ----a-w- C:\Windows\Sysnative\win32k.sys
2013-12-12 08:06:38 B4F29F65AD3114051F01E9403346047F 81408 ----a-w- C:\Windows\Sysnative\imagehlp.dll
2013-12-12 08:06:38 4EDF8812713291DBBFDA67CE6215F236 465920 ----a-w- C:\Windows\Sysnative\WMPhoto.dll
2013-12-12 08:06:35 5FD67F205773EC80674DBBD609DB5315 2048 ----a-w- C:\Windows\Sysnative\tzres.dll
2013-12-12 08:06:32 ECB021CA3370582F0C7244B0CF06732C 156160 ----a-w- C:\Windows\Sysnative\cscript.exe
2013-12-12 08:06:32 731131A477F69476F2D739B0DB6A9281 202752 ----a-w- C:\Windows\Sysnative\scrrun.dll
2013-12-12 08:06:32 05D80FF3483BD8F268B01703C859198A 150016 ----a-w- C:\Windows\Sysnative\wshom.ocx
2013-12-12 08:06:32 045451FA238A75305CC26AC982472367 168960 ----a-w- C:\Windows\Sysnative\wscript.exe
====== C:\Windows\Sysnative\drivers =====
2013-12-12 08:06:33 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys
2013-12-12 08:06:33 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys
====== C:\Windows\Tasks ======
2013-12-14 02:24:33 FF4FD780C0B5D57E4AA15EB8AAA13838 3226 ----a-w- C:\Windows\Sysnative\Tasks\{F72BAF17-82AE-4841-BA5D-FFB1AEE9E4E2}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2013-12-02 01:33:47 -------- d-----w- C:\PROGRA~2\vSoft
2013-12-02 01:22:58 -------- d-----w- C:\PROGRA~2\Free RapidShare Downloader
======= C: =====
====== C:\Users\YashAkss\AppData\Roaming ======
2013-12-13 03:01:10 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\ArcSoft
====== C:\Users\YashAkss ======
2013-12-14 02:11:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\YashAkss\defogger_reenable
2013-12-13 02:48:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-12-02 01:26:03 D3454EAEF35BC00BBA08E97EFA3AC119 26837 ----a-w- C:\Users\YashAkss\TCOCT314.wmv
2013-12-02 01:24:48 A15D1F8E0E28C55EF3CC56D7A282261C 26260 ----a-w- C:\Users\YashAkss\TCNOV54.mp4.html
2013-12-02 01:24:48 0A72DD5D73E881310570841B8605C378 26837 ----a-w- C:\Users\YashAkss\TCOCT314.wmv.html
 
====== C: exe-files ==
2013-12-14 02:22:10 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_6c4d74f3-741c-4396-8e15-bae74f19c676\PCGAppControlPluginLoader.exe
2013-12-14 02:22:08 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_176725d4-3659-4b7c-bef6-d7d778e451ab\PCGAppControlPluginLoader.exe
2013-12-14 02:13:28 C11A692CB3DC6F15496F756E8153E9C7 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-562242904-190489812-2823758474-1004\$IWCNQN2.exe
2013-12-14 02:12:31 693E44D7B4F5FD5532DD2B47731C5F90 1226802 ----a-w- C:\Users\YashAkss\Desktop\BleepingComputer\AdwCleaner.exe
2013-12-14 02:09:39 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\YashAkss\Desktop\BleepingComputer\Defogger.exe
2013-12-13 08:05:10 D21DD7BFC81C8623DE48EBB17133D59C 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-13 08:05:10 9AED8E824CF5FAAB67957EDBC5512060 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 08:02:19 78CCC9D9665DC2A4DDC31CD99ED374FC 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2013-12-13 08:02:19 3A722B49408BE7FE8A375C3B8FD57BB1 218624 ----a-w- C:\WINDOWS\System32\ie4uinit.exe
2013-12-13 08:02:19 0F753FDA08F495E515629210FF0DA59E 139264 ----a-w- C:\WINDOWS\System32\ieUnatt.exe
2013-12-13 08:02:19 0E1D755673453108415F802C90704327 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2013-12-13 08:02:18 DACB9A752CEB29C1D931514EF73803E1 111616 ----a-w- C:\WINDOWS\System32\ieetwcollector.exe
2013-12-13 02:55:49 39AD79E175688B88521541C28CD90BF2 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-562242904-190489812-2823758474-1004\$I6UJIOM.exe
2013-12-13 02:53:01 BC8F791F6D6AFFE97C8AA177C8C356FB 44749952 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-562242904-190489812-2823758474-1004\$RWCNQN2.exe
2013-12-13 02:51:42 BC8F791F6D6AFFE97C8AA177C8C356FB 44749952 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-562242904-190489812-2823758474-1004\$R6UJIOM.exe
2013-12-13 02:17:52 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_61339fda-b2ed-478b-9339-bf69f19c549f\PCGAppControlPluginLoader.exe
2013-12-13 02:17:50 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_2454ba36-1fe7-4d14-8f48-14232818007d\PCGAppControlPluginLoader.exe
2013-12-12 17:15:37 9951192EACEAA79DCE5E77E785C1AA55 400464 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_C22F1A733501EA96.exe
2013-12-12 17:15:34 1ACCA74287FE5D7449FBB2B9F0C83341 309328 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_D053C89A9DB0461F.exe
2013-12-12 17:15:29 228A4633D638F7EEA6400D5ED5274397 1071696 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_231F3FD17DB59CFD.exe
2013-12-12 17:14:27 BD5A28471F81D492D21A381610672411 531424 ----a-w- C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.4805.320\GoogleToolbarInstaller_updater_signed.exe
2013-12-12 08:06:32 ECB021CA3370582F0C7244B0CF06732C 156160 ----a-w- C:\WINDOWS\System32\cscript.exe
2013-12-12 08:06:32 A3A35EE79C64A640152B3113E6E254E2 126976 ----a-w- C:\WINDOWS\SysWOW64\cscript.exe
2013-12-12 08:06:32 979D74799EA6C8B8167869A68DF5204A 141824 ----a-w- C:\WINDOWS\SysWOW64\wscript.exe
2013-12-12 08:06:32 045451FA238A75305CC26AC982472367 168960 ----a-w- C:\WINDOWS\System32\wscript.exe
2013-12-12 02:17:48 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_985d8072-4331-46c2-9e1c-5b91b0c157af\PCGAppControlPluginLoader.exe
2013-12-12 02:17:46 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_21f5634b-eba4-4f26-aa38-d8ef0fbe18be\PCGAppControlPluginLoader.exe
2013-12-10 21:51:33 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_7bf0e510-611b-459e-bbcd-09b9f98de455\PCGAppControlPluginLoader.exe
2013-12-10 21:51:31 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_1e6b135f-ebe4-4f12-8487-75bacb0c7b04\PCGAppControlPluginLoader.exe
2013-12-09 13:29:24 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_d70b1f51-83f1-47bd-8071-5b38235c77a1\PCGAppControlPluginLoader.exe
2013-12-09 13:29:21 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_0e7eb7d5-57ff-4040-9163-40744f74e052\PCGAppControlPluginLoader.exe
2013-12-08 13:29:20 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_182e1c7c-27a1-45d5-8667-dbeb7ddd14f4\PCGAppControlPluginLoader.exe
2013-12-08 13:29:18 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_6c46c8ad-be8d-4539-aaea-0b92f628c63c\PCGAppControlPluginLoader.exe
2013-12-07 13:29:13 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_c690994f-2ff3-439e-82ef-97495deae6f6\PCGAppControlPluginLoader.exe
2013-12-07 13:29:12 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_142aacc1-211e-4fd2-ad53-95876d4f04a4\PCGAppControlPluginLoader.exe
=== C: other files ==
2013-12-12 08:06:39 97D50B0CABF18A6D40F8883D02DDB519 3155968 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-12-12 08:06:33 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\WINDOWS\System32\drivers\drmk.sys
2013-12-12 08:06:33 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\WINDOWS\System32\drivers\portcls.sys
2013-12-10 02:30:12 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\YashAkss\Desktop\BleepingComputer\dds.com
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe"
"Soluto"="c:\program files\soluto\soluto.exe /init"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
 
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/20/2012 09:28 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/20/2012 09:28 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-562242904-190489812-2823758474-1004Core.job --a------ C:\Users\YashAkss\AppData\Local\Google\Update\GoogleUpdate.exe [12/20/2012 09:28 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-562242904-190489812-2823758474-1004UA.job --a------ C:\Users\YashAkss\AppData\Local\Google\Update\GoogleUpdate.exe [12/20/2012 09:28 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-562242904-190489812-2823758474-1004Core" [C:\Users\YashAkss\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-562242904-190489812-2823758474-1004UA" [C:\Users\YashAkss\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
 
==== Firefox Extensions Registry ======================
 
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{B21F5E31-B8E8-41CD-B74C-168A71A10E49}"="C:\Users\YashAkss\AppData\Local\GreatArcadeHits\gahff.xpi" []
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\ebpvjbcy.del
- YouTube Video and Audio Downloader - %ProfilePath%\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
- Save Images - %ProfilePath%\extensions\LDSI_plashcor@gmail.com.xpi
- Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
- FirefoxAdKiller - %ProfilePath%\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
 
ProfilePath: C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\n00bdviz.default
- Save Images - %ProfilePath%\extensions\LDSI_plashcor@gmail.com.xpi
- Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
- FirefoxAdKiller - %ProfilePath%\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\ebpvjbcy.del
68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
 
Profilepath: C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\n00bdviz.default
68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
 
 
==== Chrome Look ======================
 
PriceBlink - YashAkss - Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh
Google Drive - YashAkss - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Show the YouTube Channel bar or the name. - YashAkss - Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn
YouTube - YashAkss - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - YashAkss - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - YashAkss - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Invalid Access Token. - YashAkss - Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg
1-ClickWeather for Chrome - YashAkss - Default\Extensions\fgmbighdoomjmebfbgplfmhcdbomjkoa
Torrent Search - YashAkss - Default\Extensions\ggboaecdccmjngofahmncbfolmfkojhp
AdBlock - YashAkss - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Auto HD For YouTube™ - YashAkss - Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak
Video Downloader - YashAkss - Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
Google Mail Checker - YashAkss - Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Google Wallet - YashAkss - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GreatArcadeHits Add-on - YashAkss - Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh
YTO - YashAkss - Default\Extensions\ojmgeoecaejeajjegjmijbcifhkbmgjd
Gmail - YashAkss - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chrome Fix ======================
 
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage deleted successfully
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pocketbackup.en.softonic.com_0.localstorage deleted successfully
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pocketbackup.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp deleted successfully
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage deleted successfully
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft, Inc. - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Product - 2012/11/14 01:46:43 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
 
==== Silent Runners ======================
 
"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"
 
 
Startup items buried in registry:
---------------------------------
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
Apoint = C:\Program Files\DellTPad\Apoint.exe [Alps Electric Co., Ltd.]
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
QuickSet = C:\Program Files\Dell\QuickSet\QuickSet.exe [Dell Inc.]
SysTrayApp = C:\Program Files\IDT\WDM\sttray64.exe
Soluto = c:\program files\soluto\soluto.exe /init [null data]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
(Default) = (empty string) [file not found]
avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [Avira Operations GmbH & Co. KG]
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [Apple Inc.]
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [Apple Inc.]
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
 
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar Helper
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
  -> {HKLM...Wow...CLSID} = Google Toolbar Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
 
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
  -> {HKLM...Wow...CLSID} = Adobe PDF Link Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
 
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java™ Plug-In SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
 
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}\(Default) = IESpeakDoc
  -> {HKLM...Wow...CLSID} = CIESpeechBHO Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]
 
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
  -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
 
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar Helper
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
  -> {HKLM...Wow...CLSID} = Google Toolbar Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
 
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java™ Plug-In 2 SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 
GDriveBlacklistedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}
  -> {HKLM...CLSID} = Google Drive Shell extension
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
 
GDriveSharedEditOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}
  -> {HKLM...CLSID} = Google Drive Shell extension
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
 
GDriveSharedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}
  -> {HKLM...CLSID} = Google Drive Shell extension
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
 
GDriveSharedViewOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}
  -> {HKLM...CLSID} = Google Drive Shell extension
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
 
GDriveSyncedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}
  -> {HKLM...CLSID} = Google Drive Shell extension
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
 
GDriveSyncingOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}
  -> {HKLM...CLSID} = Google Drive Shell extension
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
 
Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 
{B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension
  -> {HKLM...CLSID} = AppShellPage Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]
 
{C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu
  -> {HKLM...CLSID} = ContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtContextMenu.dll [Atheros Commnucations]
 
{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} = FTShellContext extension
  -> {HKLM...CLSID} = FTShellContext Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]
 
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} = ShellViewRTF
  -> {HKLM...CLSID} = ShellViewRTF
                   \InProcServer32\(Default) = C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\PROTECTRP\Shellvrtf64.dll [XSS]
 
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning
  -> {HKLM...CLSID} = Shell Extension for Malware scanning
                   \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
 
{B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
 
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office12\MSOHEVI.DLL [MS]
 
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
 
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
 
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
  -> {HKLM...CLSID} = iTunes
                   \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
 
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
  -> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
 
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
  -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
  -> {HKLM...Wow...CLSID} = Groove Folder Synchronization
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
  -> {HKLM...Wow...CLSID} = Groove GFS Stub Icon Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
  -> {HKLM...Wow...CLSID} = Groove GFS Stub Execution Hook
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
  -> {HKLM...Wow...CLSID} = Groove XML Icon Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler
  -> {HKLM...Wow...CLSID} = Outlook File Icon Extension
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL [MS]
 
{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Outlook
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL [MS]
 
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...Wow...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL [MS]
 
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll [MS]
 
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
 
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\
 
{ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider
  -> {HKLM...CLSID} = AthCredentialProvider
                   \InProcServer32\(Default) = AthCredentialProvider.dll [Atheros Commnucations]
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\
 
{ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider
  -> {HKLM...CLSID} = AthCredentialProvider
                   \InProcServer32\(Default) = AthCredentialProvider.dll [Atheros Commnucations]
 
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
 
<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                   \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]
 
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
 
ANotepad++64\(Default) = {B298D29A-A6ED-11DE-BA8C-A68E55D89593}
  -> {HKLM...CLSID} = ANotepad++64
                   \InProcServer32\(Default) = C:\Program Files (x86)\Notepad++\NppShell_05.dll [null data]
 
Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F}
  -> {HKLM...CLSID} = AppShellPage Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]
 
GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6}
  -> {HKLM...CLSID} = GDContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google]
 
Roxio Burn\(Default) = {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C}
  -> {HKLM...CLSID} = RBMenuHandler Class
                   \InProcServer32\(Default) = C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [TODO: <Company name>]
  -> {HKLM...Wow...CLSID} = RBMenuHandler Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RB_ContextMenu.dll [TODO: <Company name>]
 
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
  -> {HKLM...CLSID} = Shell Extension for Malware scanning
                   \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
 
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
 
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
 
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
 
FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1}
  -> {HKLM...CLSID} = FTShellContext Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]
 
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
 
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
 
GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6}
  -> {HKLM...CLSID} = GDContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google]
 
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
 
Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}
  -> {HKLM...CLSID} = Ath_CopyHook
                   \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthCopyHook.dll [Atheros Commnucations]
 
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
 
igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
  -> {HKLM...CLSID} = GraphicsShellExt Class
                   \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]
 
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
 
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...Wow...CLSID} = PDF Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
 
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
 
MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]
 
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
  -> {HKLM...CLSID} = Shell Extension for Malware scanning
                   \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
 
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
 
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
 
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
 
WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
 
WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
 
 
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
 
Note: detected settings may not have any effect.
 
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\
 
Disabled = (REG_DWORD) dword:0x00000001
{Computer Configuration|Administrative Templates|Windows Components|Windows Error Reporting|
Disable Windows Error Reporting}
 
DontShowUI = (REG_DWORD) dword:0x00000001
{unrecognized setting}
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
 
PromptOnSecureDesktop = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}
 
 
Active Desktop and Wallpaper:
-----------------------------
 
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
 
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\YashAkss\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
 
 
Windows Portable Device AutoPlay Handlers
-----------------------------------------
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
 
BasicBurnAdd\
Provider = Roxio Burn
InvokeProgID = BasicBurn.PLAYADD
InvokeVerb = Add
HKLM\SOFTWARE\Classes\BasicBurn.PLAYADD\shell\Add\Command\(Default) = "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe" /BURN %L [null data]
 
BasicBurnCopy\
Provider = Roxio Burn
InvokeProgID = BasicBurn.PLAYCOPY
InvokeVerb = Copy
HKLM\SOFTWARE\Classes\BasicBurn.PLAYCOPY\shell\Copy\Command\(Default) = "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe" /Copy %L [null data]
 
iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]
 
iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]
 
iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]
 
iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files (x86)\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]
 
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
  -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                   \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
 
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
  -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
                   \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
 
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
 
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
 
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
 
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
 
MSWMEncVCArrival\
Provider = Windows Media Encoder 9 Series
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = C:\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
  -> {HKLM...CLSID} = Shell Execute Hardware Event Handler
                   \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
 
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
 
PDVD9PlayBluRayOnArrival\
Provider = PowerDVD 9.6
InvokeProgID = BluRay
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\BluRay\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe"  "%L" [CyberLink Corp.]
 
PDVD9PlayDVDMovieOnArrival\
Provider = PowerDVD 9.6
InvokeProgID = DVD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe"  "%L" [CyberLink Corp.]
 
PDVD9PlaySVCDOnArrival\
Provider = PowerDVD 9.6
InvokeProgID = SVCD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe"  "%L" [CyberLink Corp.]
 
PDVD9PlayVCDMovieOnArrival\
Provider = PowerDVD 9.6
InvokeProgID = VCD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe"  "%L" [CyberLink Corp.]
 
Picasa2ImportPicturesOnArrival\
Provider = Picasa3
InvokeProgID = picasa2.autoplay
InvokeVerb = import
HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1" [Google Inc.]
 
RoxioCreator12PlayCDAudioOnArrival\
Provider = Roxio Creator Classic
InvokeProgID = Creator12
InvokeVerb = open
HKLM\SOFTWARE\Classes\Creator12\shell\open\Command\(Default) = C:\Program Files (x86)\Roxio\OEM\Creator Classic 12\Creator12OEM.exe [Sonic Solutions]
 
RoxioSCAudioCDTask50\
Provider = Roxio Home Audio
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = AudioCDTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\AudioCDTask\Command\(Default) = C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 10253C4C-229D-4c87-8D1D-169EFDFED869 [null data]
 
RoxioSCCopyCD50\
Provider = Roxio Home Copy
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\ExactCopyJob\Command\(Default) = C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC [null data]
 
RoxioSCCopyDisc50\
Provider = Roxio Home Copy
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\ExactCopyJob\Command\(Default) = C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC [null data]
 
RoxioSCDataProject50\
Provider = Roxio Home Data
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = DataGuide
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\DataGuide\Command\(Default) = C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 1FA905E4-5763-4ba8-999A-5E104D3CDE8C [null data]
 
RoxioSCDataTask50\
Provider = Roxio Home Data
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = DataTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\DataTask\Command\(Default) = C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 9CA0EEEE-5BC5-41e9-8242-BEE21643FFF0 [null data]
 
VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]
 
VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
 
VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]
 
VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
 
VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]
 
VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]
 
VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
 
VSX5VideoCameraArrival\
Provider = Corel VideoStudio Pro
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = "c:\Program Files (x86)\Corel\Corel VideoStudio Ultimate X5\\vstudio.exe" /T:UVSClassic /parameters:Step=0,Handler=VideoCameraArrival,DeviceHint=%1
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
  -> {HKLM...CLSID} = Shell Execute Hardware Event Handler
                   \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]
 
 
Non-disabled Scheduled Tasks: {++}
-----------------------------
 
C:\WINDOWS\System32\Tasks
CCleanerSkipUAC ->  launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-562242904-190489812-2823758474-1004Core ->  launches: C:\Users\YashAkss\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-562242904-190489812-2823758474-1004UA ->  launches: C:\Users\YashAkss\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
{F72BAF17-82AE-4841-BA5D-FFB1AEE9E4E2} ->  launches: C:\Windows\system32\pcalua.exe -a C:\Users\YashAkss\Desktop\BleepingComputer\zoek\zoek.scr -d C:\Users\YashAkss\Desktop\BleepingComputer\zoek -c /S [MS]
 
C:\WINDOWS\System32\Tasks\Apple
AppleSoftwareUpdate ->  launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM...CLSID} = KernelCeipCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM...CLSID} = UsbCeip
                   \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  -> {HKLM...Wow...CLSID} = UsbCeip
                         \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM...CLSID} = WinSAT Task Manger Task
                   \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                         \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM...CLSID} = HotStart User Agent
                   \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                   \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                         \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
                   \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
                         \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM...CLSID} = RasMobilityManager
                   \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM...CLSID} = RegistryIdleBackupHandler
                   \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM...CLSID} = GadgetsManager Class
                   \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM...CLSID} = RunTask
                   \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  -> {HKLM...Wow...CLSID} = RunTask
                         \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM...CLSID} = MsCtfMonitor task handler
                   \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                         \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                         \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification ->  launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wininet
CacheTask ->  launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
  -> {HKLM...CLSID} = Wininet Cache task object
                   \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
  -> {HKLM...Wow...CLSID} = Wininet Cache task object
                         \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
 
C:\WINDOWS\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task ->  launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
  -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
 
C:\WINDOWS\System32\Tasks\WPD
SqmUpload_S-1-5-21-562242904-190489812-2823758474-1004 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
 
 
Winsock2 Service Provider DLLs:
-------------------------------
 
Namespace Service Providers
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000010\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000010\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]
 
Transport Service Providers
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
 
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
 
 
Toolbars, Explorer Bars, Extensions:
------------------------------------
 
Toolbars
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar
                   \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.]
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
  -> {HKLM...Wow...CLSID} = Google Toolbar
                         \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]
 
Explorer Bars
 
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]
 
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS]
 
Extensions (Tools menu items, main toolbar menu buttons)
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
  -> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]
 
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = S&end to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll [MS]
 
{7815BE26-237D-41A8-A98F-F7BD75F71086}\
MenuText = Send by Bluetooth to
CLSIDExtension = {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
  -> {HKLM...Wow...CLSID} = CIESpeechBHO Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]
 
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
  -> {HKLM...Wow...CLSID} = &Research
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS]
 
 
Miscellaneous IE Hijack Points
------------------------------
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
<<H>> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS]
 
 
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
 
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Andrea ST Filters Service, AESTFilters, C:\Program Files\IDT\WDM\AESTSr64.exe [Andrea Electronics Corporation]
Apple Mobile Device, Apple Mobile Device, "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
ArcSoft Exchange Service, ADExchange, C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [ArcSoft, Inc.]
Audio Service, STacSV, C:\Program Files\IDT\WDM\STacSV64.exe [IDT, Inc.]
Avira Real-Time Protection, AntiVirService, "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [Avira Operations GmbH & Co. KG]
Avira Scheduler, AntiVirSchedulerService, "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [Avira Operations GmbH & Co. KG]
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Fitbit Connect Service, Fitbit Connect, C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [Fitbit, Inc.]
Intuit Update Service v4, IntuitUpdateServiceV4, "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [null data]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
Protexis Licensing V2, PSI_SVC_2, "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [Protexis Inc.]
SoftThinks Agent Service, SftService, "C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE" [SoftThinks SAS]
Soluto Launcher Service, SolutoLauncherService, "C:\Program Files\Soluto\SolutoLauncherService.exe" [Soluto]
Soluto PCGenome Core Service, SolutoService, "C:\Program Files\Soluto\SolutoService.exe" [null data]
ZAtheros Wlan Agent, ZAtheros Wlan Agent, C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [Atheros]
 
 
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
 
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
 
<<!>> MCODS, 
<<!>> PEVSystemStart, Service
 
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
 
<<!>> MCODS, 
<<!>> PEVSystemStart, Service
 
 
Print Monitors:
---------------
 
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
HP 9311 Status Monitor\Driver = hpinksts9311LM.dll [Hewlett-Packard Co.]
HP Discovery Port Monitor (HP Deskjet 3050 J610 series)\Driver = HPDiscoPM9311.dll [Hewlett-Packard Co.]
 
 
<<H>>: Suspicious data at a browser hijack point.
 
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\YashAkss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\YashAkss\AppData\Local\Mozilla\Firefox\Profiles\ebpvjbcy.del\Cache will be emptied at reboot
 
==== Empty Chrome Cache ======================
 
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\YashAkss\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\YashAkss\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Fri 12/13/2013 at 21:42:43.86 ======================
 
 
 
 
Thanks 
S


#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:51 PM

Posted 15 December 2013 - 03:46 PM

Hi underemployed

Step 1

I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Note:
It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png

Edited by seedy21, 15 December 2013 - 03:47 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 16 December 2013 - 10:38 AM

Hi Seedy21

ESET did not find any threats

here is the log file

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b8534279347a5f4784417850c1f0d55b
# engine=16280
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-12-16 03:19:49
# local_time=2013-12-15 10:19:49 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 0 156892094 0 0
# compatibility_mode=5893 16776574 100 94 12557596 138707439 0 0
# scanned=188958
# found=0
# cleaned=0
# scan_time=4571
 
Thanks
S


#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:51 PM

Posted 16 December 2013 - 04:05 PM

Hi underemployed

How is your machine running now? Do you have any more Issues?

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 16 December 2013 - 09:09 PM

hi seedy21 ... does  not look like the issue has resolved. attached is a screenshot of the pop up / redirec message window that pop ups ...

 

 

Attached Files



#12 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:51 PM

Posted 17 December 2013 - 02:21 PM

Hi underemployed

Step 1

We need to re-run Zoek

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Unzip the folder (Right Click > Extract all > Next > Next > Make sure Show Extracted Files is tick and Click Finish ).
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    {B21F5E31-B8E8-41CD-B74C-168A71A10E49};c
    C:\Users\YashAkss\AppData\Local\GreatArcadeHits;f
    GreatArcadeHits Add-on;chr
    CHRdefaults;
    emptyalltemp;
    standardsearch;
    
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).

Please post the logfile for further review in your next reply

 

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Edited by seedy21, 17 December 2013 - 02:21 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#13 underemployed

underemployed
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 18 December 2013 - 08:57 AM

HI seedy21

attached are the log files. i appreciate your help and hope you can help resolve this issue 

 

Thanks

 

 
Zoek.exe v5.0.0.0 Updated 16-December-2013
Tool run by YashAkss on Wed 12/18/2013 at  8:25:08.48.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\YashAkss\Desktop\BleepingComputer\zoek\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
12/18/2013 8:26:41 AM Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
HKEY_USERS\S-1-5-21-562242904-190489812-2823758474-1004\Software\Mozilla\Firefox\EXTENSIONS\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} deleted successfully
 
==== Running Processes ======================
 
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Users\YashAkss\Downloads\uTorrent.exe
C:\Users\YashAkss\Desktop\BleepingComputer\zoek\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\ebpvjbcy.del
 
user.js not found
---- Lines {B21F5E31-B8E8-41CD-B74C-168A71A10E49} modified from prefs.js ----
 
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20131218_0827_.backup
 
ProfilePath: C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\n00bdviz.default
 
user.js not found
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20131218_0827_.backup
 
==== Deleting Files \ Folders ======================
 
"C:\Users\YashAkss\AppData\Local\GreatArcadeHits" not found
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 6053 MB
CPU Info: Intel® Core™ i3-2350M CPU @ 2.30GHz
CPU Speed: 2297.1 MHz
Sound Card: Speakers / Headphones (IDT High | 
Communications Headphones (IDT  | 
Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Bluetooth Device (Personal Area Network) | Dell Wireless 1703 802.11b/g/n (2.4GHz) | Realtek PCIe FE Family Controller
CD / DVD Drives: 2x (D: | F: | ) D: HL-DT-STDVD+-RW GT50N    | F: DTSOFT  BDROM
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 2 Button Wheel Mouse Present
Hard Disks: C:  202.1GB | E:  250.0GB | Y:  13.7GB
Hard Disks - Free: C:  74.2GB | E:  3.2GB | Y:  6.6GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 08/03/12 | DELL   - 1072009
Time Zone: Eastern Standard Time
Motherboard *: Dell Inc. 01HXXJ
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Avira Desktop On-access scanning disabled (Outdated)
Anti-Spyware: Avira Desktop disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 31.0.1650.63
Internet Explorer Version: 11.0.9600.16476 
Mozilla Firefox version: 23.0 (x86 en-US)
Google Chrome version: 31.0.1650.63
Adobe Reader version: 11.0.0.379
Sun Java version: 1.7.0_21 (32-bit) 
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2013-12-07 05:56:34 60A5ECACF614A02129EBE46F9FD42826 646577981 ----a-w- C:\Windows\MEMORY.DMP
====== C:\Users\YashAkss\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2013-12-13 08:05:09 6C4B2E1A25841077084EB9F76FF6FFA7 11410432 ----a-w- C:\Windows\SysWOW64\wmp.dll
2013-12-13 08:05:09 02DF0628BE8B64B84D50FBE53549AA3B 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 08:02:20 C74500A1BCB4113A7310295DD3FA4440 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 08:02:19 3D43EAC957F2F797BE82CF6B04A933F8 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 08:02:19 355BF103E2CF862B00EEB3731E25E802 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-12-13 08:02:18 35DE59C975A0C97E8DBBE095BCC3644E 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 08:02:17 B2E1F7B212502BB49AAD4EFAD37C5CF5 2166784 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-12-13 08:02:17 927FA6456AD6D7630F6854828D2FD16B 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-12-13 08:02:17 08881C59F795C356DE12067E44FFD260 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 08:02:16 84EAF0A08C7742697816E148C066D757 1928192 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 08:02:16 0763C5D8660436D4D961F72609E33BBE 1157632 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-12-13 08:02:15 4B638CE3DAA3A082E576C0DDF9D635D4 11221504 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-12-13 08:02:14 BFAFE990C4A191E83843362B5AC64A9B 17112576 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-12-13 08:02:14 A60A222D3126DD9E380F9D8B651BC13D 4243968 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-12-12 08:06:40 AFA53BD631FB0509A91A99391209BB70 301568 ----a-w- C:\Windows\SysWOW64\msieftp.dll
2013-12-12 08:06:38 E9504E484076585F6DA3C59F0E20E122 417792 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 08:06:38 E7B9D5FF20FFDD4AAE2EF1D1B8C27A37 159232 ----a-w- C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 08:06:35 4EC2C3B15B9EC41AD0D6CD918D20376E 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll
2013-12-12 08:06:32 A3B1D1312602280839A4A2AFBDFD066E 163840 ----a-w- C:\Windows\SysWOW64\scrrun.dll
2013-12-12 08:06:32 A3A35EE79C64A640152B3113E6E254E2 126976 ----a-w- C:\Windows\SysWOW64\cscript.exe
2013-12-12 08:06:32 979D74799EA6C8B8167869A68DF5204A 141824 ----a-w- C:\Windows\SysWOW64\wscript.exe
2013-12-12 08:06:32 09F65975C1C9793B923BB52A7FA83453 121856 ----a-w- C:\Windows\SysWOW64\wshom.ocx
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-12-13 08:05:09 AB272BBFB05A8585C3405EFA9F605774 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL
2013-12-13 08:05:07 8CBBB27369F9F07BC5E874E750EAF9D0 14631424 ----a-w- C:\Windows\Sysnative\wmp.dll
2013-12-13 08:02:20 FB13F4873F6747AB4E3C37CAFEA8ACAE 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2013-12-13 08:02:20 A3427586C75749B51BF5DEBEDEB4AD5C 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-12-13 08:02:19 EF098867663B07247587587C29E631DB 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2013-12-13 08:02:19 4E249022336591E9C6DE374A68C18EF6 574976 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-12-13 08:02:19 3A722B49408BE7FE8A375C3B8FD57BB1 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2013-12-13 08:02:19 2A0B7281854ACBECA25D8FDD06A4D714 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-12-13 08:02:19 0F753FDA08F495E515629210FF0DA59E 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2013-12-13 08:02:18 DACB9A752CEB29C1D931514EF73803E1 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2013-12-13 08:02:18 95EED00D70485F6F82983EB7C03CC42A 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2013-12-13 08:02:18 40B33A42F90DED26DE4F5AAFA00F24CA 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2013-12-13 08:02:18 2E2875FFC6C2DC1ACF4F46AFC7819BD5 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2013-12-13 08:02:18 16B0A65F52531B769B891DC251ECC6C0 23183360 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-12-13 08:02:18 14074CF6190B937EB70BE2F93113B5FE 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2013-12-13 08:02:17 7016991D493B9F9FA492E75BD13D031D 2764288 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-12-13 08:02:16 FA30E3DC75EA42FE19B819F30FBDED8D 1995264 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2013-12-13 08:02:16 EDF5C6A9F33FBD3D717D1B77A9864C64 12996608 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-12-13 08:02:16 C8CF11D73017CC588411FCB936891CF4 1395200 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-12-13 08:02:16 9B6678DB9C6A232C5A84D2FDFFF8B0E1 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-12-13 08:02:14 6491B719695D713335B431FCF0EAE28B 5769216 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-12-12 08:06:40 AC38EC8D0C1B4C783CA6A24D239A71B7 335360 ----a-w- C:\Windows\Sysnative\msieftp.dll
2013-12-12 08:06:39 97D50B0CABF18A6D40F8883D02DDB519 3155968 ----a-w- C:\Windows\Sysnative\win32k.sys
2013-12-12 08:06:38 B4F29F65AD3114051F01E9403346047F 81408 ----a-w- C:\Windows\Sysnative\imagehlp.dll
2013-12-12 08:06:38 4EDF8812713291DBBFDA67CE6215F236 465920 ----a-w- C:\Windows\Sysnative\WMPhoto.dll
2013-12-12 08:06:35 5FD67F205773EC80674DBBD609DB5315 2048 ----a-w- C:\Windows\Sysnative\tzres.dll
2013-12-12 08:06:32 ECB021CA3370582F0C7244B0CF06732C 156160 ----a-w- C:\Windows\Sysnative\cscript.exe
2013-12-12 08:06:32 731131A477F69476F2D739B0DB6A9281 202752 ----a-w- C:\Windows\Sysnative\scrrun.dll
2013-12-12 08:06:32 05D80FF3483BD8F268B01703C859198A 150016 ----a-w- C:\Windows\Sysnative\wshom.ocx
2013-12-12 08:06:32 045451FA238A75305CC26AC982472367 168960 ----a-w- C:\Windows\Sysnative\wscript.exe
====== C:\Windows\Sysnative\drivers =====
2013-12-12 08:06:33 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys
2013-12-12 08:06:33 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys
====== C:\Windows\Tasks ======
2013-12-14 02:24:33 FF4FD780C0B5D57E4AA15EB8AAA13838 3226 ----a-w- C:\Windows\Sysnative\Tasks\{F72BAF17-82AE-4841-BA5D-FFB1AEE9E4E2}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2013-12-17 02:24:04 -------- d-----w- C:\PROGRA~2\Absolute MP3 Splitter
2013-12-16 01:56:58 -------- d-----w- C:\PROGRA~2\ESET
2013-12-02 01:33:47 -------- d-----w- C:\PROGRA~2\vSoft
2013-12-02 01:22:58 -------- d-----w- C:\PROGRA~2\Free RapidShare Downloader
======= C: =====
2013-12-14 02:40:48 89F0293994A665771CF95DF0FADA0EF4 81 ----a-w- C:\folders.txt
====== C:\Users\YashAkss\AppData\Roaming ======
2013-12-14 02:40:55 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2013-12-14 02:40:55 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2013-12-14 02:40:55 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2013-12-14 02:40:55 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2013-12-14 02:40:54 -------- d-----w- C:\Users\YashAkss\AppData\Local\Temp
2013-12-13 03:01:10 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\ArcSoft
====== C:\Users\YashAkss ======
2013-12-17 02:24:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Absolute MP3 Splitter
2013-12-14 02:11:43 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\YashAkss\defogger_reenable
2013-12-13 02:48:19 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
2013-12-02 01:26:03 D3454EAEF35BC00BBA08E97EFA3AC119 26837 ----a-w- C:\Users\YashAkss\TCOCT314.wmv
2013-12-02 01:24:48 A15D1F8E0E28C55EF3CC56D7A282261C 26260 ----a-w- C:\Users\YashAkss\TCNOV54.mp4.html
2013-12-02 01:24:48 0A72DD5D73E881310570841B8605C378 26837 ----a-w- C:\Users\YashAkss\TCOCT314.wmv.html
 
====== C: exe-files ==
2013-12-18 13:25:46 86FB5E8D5D1E3E405C46CCBF991E6FD4 1034531 ----a-w- C:\Users\YashAkss\Desktop\BleepingComputer\JRT.exe
2013-12-17 17:00:59 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_886e0b40-ab23-48b7-b47e-172951843c8c\PCGAppControlPluginLoader.exe
2013-12-17 17:00:57 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_8bbe2bcf-a203-41dc-819e-c2edf13b0e75\PCGAppControlPluginLoader.exe
2013-12-17 02:24:04 61C9A71E3D616DF83AD6669D828BB83B 1450496 ----a-w- C:\Program Files (x86)\Absolute MP3 Splitter\Absolute MP3 Splitter.exe
2013-12-17 02:24:04 37F5F3F011BC861F7C0DEB89D7F0CED1 710426 ----a-w- C:\Program Files (x86)\Absolute MP3 Splitter\unins000.exe
2013-12-16 17:00:51 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_62a456d1-6a81-4bb9-8f60-4760f3a03282\PCGAppControlPluginLoader.exe
2013-12-16 17:00:50 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_0ed94eaf-6132-4d9d-a9ef-6019de524eac\PCGAppControlPluginLoader.exe
2013-12-16 01:57:13 CE0D0B11986FD2C0247AE88A59B36A6E 579904 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2013-12-16 01:57:13 BDB7D97012F9B3102DB72AA76A24942A 546944 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2013-12-16 01:57:13 7C9EEC809FB9CDA26EFC245C001EA980 2347384 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2013-12-16 01:57:13 7ABF8849E76732C357F419B1AF5668F2 546944 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2013-12-16 01:57:13 6D4ED8A5C071F29730A6F0B943FEEA3A 122584 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2013-12-16 01:56:13 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\YashAkss\Desktop\BleepingComputer\esetsmartinstaller_enu.exe
2013-12-15 02:22:14 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_8d0d1cb1-7483-42b0-ad34-daafece33be5\PCGAppControlPluginLoader.exe
2013-12-15 02:22:11 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_3f95da2c-be6d-487a-adde-c5cb49592810\PCGAppControlPluginLoader.exe
2013-12-14 02:22:10 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_6c4d74f3-741c-4396-8e15-bae74f19c676\PCGAppControlPluginLoader.exe
2013-12-14 02:22:08 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_176725d4-3659-4b7c-bef6-d7d778e451ab\PCGAppControlPluginLoader.exe
2013-12-14 02:12:31 693E44D7B4F5FD5532DD2B47731C5F90 1226802 ----a-w- C:\Users\YashAkss\Desktop\BleepingComputer\AdwCleaner.exe
2013-12-14 02:09:39 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\YashAkss\Desktop\BleepingComputer\Defogger.exe
2013-12-13 08:05:10 D21DD7BFC81C8623DE48EBB17133D59C 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-13 08:05:10 9AED8E824CF5FAAB67957EDBC5512060 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 08:02:19 78CCC9D9665DC2A4DDC31CD99ED374FC 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2013-12-13 08:02:19 3A722B49408BE7FE8A375C3B8FD57BB1 218624 ----a-w- C:\WINDOWS\System32\ie4uinit.exe
2013-12-13 08:02:19 0F753FDA08F495E515629210FF0DA59E 139264 ----a-w- C:\WINDOWS\System32\ieUnatt.exe
2013-12-13 08:02:19 0E1D755673453108415F802C90704327 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2013-12-13 08:02:18 DACB9A752CEB29C1D931514EF73803E1 111616 ----a-w- C:\WINDOWS\System32\ieetwcollector.exe
2013-12-13 02:17:52 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_61339fda-b2ed-478b-9339-bf69f19c549f\PCGAppControlPluginLoader.exe
2013-12-13 02:17:50 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_2454ba36-1fe7-4d14-8f48-14232818007d\PCGAppControlPluginLoader.exe
2013-12-12 17:15:37 9951192EACEAA79DCE5E77E785C1AA55 400464 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_64_C22F1A733501EA96.exe
2013-12-12 17:15:34 1ACCA74287FE5D7449FBB2B9F0C83341 309328 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarUser_32_D053C89A9DB0461F.exe
2013-12-12 17:15:29 228A4633D638F7EEA6400D5ED5274397 1071696 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_231F3FD17DB59CFD.exe
2013-12-12 17:14:27 BD5A28471F81D492D21A381610672411 531424 ----a-w- C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.4805.320\GoogleToolbarInstaller_updater_signed.exe
2013-12-12 08:06:32 ECB021CA3370582F0C7244B0CF06732C 156160 ----a-w- C:\WINDOWS\System32\cscript.exe
2013-12-12 08:06:32 A3A35EE79C64A640152B3113E6E254E2 126976 ----a-w- C:\WINDOWS\SysWOW64\cscript.exe
2013-12-12 08:06:32 979D74799EA6C8B8167869A68DF5204A 141824 ----a-w- C:\WINDOWS\SysWOW64\wscript.exe
2013-12-12 08:06:32 045451FA238A75305CC26AC982472367 168960 ----a-w- C:\WINDOWS\System32\wscript.exe
2013-12-12 02:17:48 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\SkypeAppControl_985d8072-4331-46c2-9e1c-5b91b0c157af\PCGAppControlPluginLoader.exe
2013-12-12 02:17:46 5043F35EF067C718940C069400956252 41608 ----a-w- C:\ProgramData\Soluto\Temp\DropboxAppControl_21f5634b-eba4-4f26-aa38-d8ef0fbe18be\PCGAppControlPluginLoader.exe
=== C: other files ==
2013-12-18 01:09:33 FAE1464BF55DE64AE34CFA0D40A9C1CF 13343654 ----a-w- C:\Users\YashAkss\Desktop\preludes for Nika.zip
2013-12-12 08:06:39 97D50B0CABF18A6D40F8883D02DDB519 3155968 ----a-w- C:\WINDOWS\System32\win32k.sys
2013-12-12 08:06:33 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\WINDOWS\System32\drivers\drmk.sys
2013-12-12 08:06:33 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\WINDOWS\System32\drivers\portcls.sys
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"QuickSet"="C:\Program Files\Dell\QuickSet\QuickSet.exe"
"Soluto"="c:\program files\soluto\soluto.exe /init"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
 
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/20/2012 09:28 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12/20/2012 09:28 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-562242904-190489812-2823758474-1004Core.job --a------ C:\Users\YashAkss\AppData\Local\Google\Update\GoogleUpdate.exe [12/20/2012 09:28 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-562242904-190489812-2823758474-1004UA.job --a------ C:\Users\YashAkss\AppData\Local\Google\Update\GoogleUpdate.exe [12/20/2012 09:28 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-562242904-190489812-2823758474-1004Core" [C:\Users\YashAkss\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-562242904-190489812-2823758474-1004UA" [C:\Users\YashAkss\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\ebpvjbcy.del
- YouTube Video and Audio Downloader - %ProfilePath%\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
- Save Images - %ProfilePath%\extensions\LDSI_plashcor@gmail.com.xpi
- Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
- FirefoxAdKiller - %ProfilePath%\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
 
ProfilePath: C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\n00bdviz.default
- Save Images - %ProfilePath%\extensions\LDSI_plashcor@gmail.com.xpi
- Updated Ad Blocker for Firefox 11 - %ProfilePath%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
- FirefoxAdKiller - %ProfilePath%\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\ebpvjbcy.del
68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
 
Profilepath: C:\Users\YashAkss\AppData\Roaming\Mozilla\Firefox\Profiles\n00bdviz.default
68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator
99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\YashAkss\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
 
 
==== Chrome Look ======================
 
PriceBlink - YashAkss - Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh
Google Drive - YashAkss - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Show the YouTube Channel bar or the name. - YashAkss - Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn
YouTube - YashAkss - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - YashAkss - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - YashAkss - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Invalid Access Token. - YashAkss - Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg
1-ClickWeather for Chrome - YashAkss - Default\Extensions\fgmbighdoomjmebfbgplfmhcdbomjkoa
Torrent Search - YashAkss - Default\Extensions\ggboaecdccmjngofahmncbfolmfkojhp
AdBlock - YashAkss - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Auto HD For YouTube™ - YashAkss - Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak
Google Mail Checker - YashAkss - Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff
Google Wallet - YashAkss - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GreatArcadeHits Add-on - YashAkss - Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh
YTO - YashAkss - Default\Extensions\ojmgeoecaejeajjegjmijbcifhkbmgjd
Gmail - YashAkss - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
 
==== Reset Google Chrome ======================
 
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft, Inc. - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Product - 2012/11/14 01:46:43 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\YashAkss\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\YashAkss\AppData\Local\Mozilla\Firefox\Profiles\ebpvjbcy.del\Cache emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\YashAkss\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\YashAkss\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\YashAkss\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Wed 12/18/2013 at  8:32:33.75 ======================
 
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by YashAkss on Wed 12/18/2013 at  8:34:33.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\YashAkss\appdata\local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/18/2013 at  8:41:20.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Thanks
S


#14 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:51 PM

Posted 18 December 2013 - 11:48 AM

Hi underemployed
 
Step 1
 
Download Combofix from any of the links below. You must rename it before saving it.  Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.


Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    cf1.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Edited by seedy21, 18 December 2013 - 03:45 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#15 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:51 PM

Posted 22 December 2013 - 03:10 PM

This is a 48 hour status check. We need to continue our troubleshooting to make sure there are no more threats on your machine. If you don't have any free time please reply back to this thread and we will keep it open.

If you don't reply back within 24 hours, this thread may be closed for inactivity.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users