Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random ads/music playing, slow firefox and DCOM/Plug'n'Play crashes


  • This topic is locked This topic is locked
24 replies to this topic

#1 Drone424

Drone424

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 15 January 2014 - 02:00 PM

Can somebody please help asap? I really need my computer to be fully reliable before I go back to school!!!
Here's the DDS log:Attached File  attach.txt   12.48KB   0 downloads




DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.45.2
Run by Charles at 13:31:43 on 2014-01-13
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3885.1411 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\WimaxConsole.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Charles\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SndVol.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
TB: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll
uRun: [Google Update] "C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [C:\Users\Charles\Downloads\LivestreamProcaster.exe] C:\Users\Charles\Downloads\LivestreamProcaster.exe /exenoupdates  /exelang 0 /prereqs "0"
uRun: [Facebook Update] "C:\Users\Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-Explorer: NoDriveAutoRun = dword:16
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{356D6D95-A611-4DEE-98FA-8851FACF2EEE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{356D6D95-A611-4DEE-98FA-8851FACF2EEE}\234444A423 : DHCPNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{356D6D95-A611-4DEE-98FA-8851FACF2EEE}\3596C66756270557070797 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{356D6D95-A611-4DEE-98FA-8851FACF2EEE}\44F6E6B65697 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{803D0CEE-8D09-4913-BC9B-2D0AF20C40DE} : NameServer = 0.0.0.0
TCP: Interfaces\{F7FEF248-B642-466D-A02F-E25839BC47F6} : NameServer = 172.18.68.215 172.18.68.215
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9wrua2v4.default\
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Charles\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Charles\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Users\Charles\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Charles\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-11-3 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-7-2 352976]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
R3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2010-7-15 121416]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
R3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2010-7-15 125512]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-4-13 135560]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-3 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-2-2 271872]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-3 61792]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-7-15 43032]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2009-8-12 280064]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-7-22 199552]
.
=============== Created Last 30 ================
.
2013-12-18 01:42:44    --------    d-----w-    C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M  ====================
.
2014-01-13 07:55:29    45056    ----a-w-    C:\Windows\System32\acovcnt.exe
2013-12-11 06:58:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 06:58:20    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-11 06:58:08    9293192    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-10-23 23:36:25    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-23 23:20:19    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 13:34:44.14 ===============
 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:30 PM

Posted 15 January 2014 - 07:05 PM

Hello Drone424,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.




    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • RcAuto1.gif
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

      whatnext.png
    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note:
Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Drone424

Drone424
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 17 January 2014 - 09:15 PM

So I can't find the log that ComboFix created, should I just run it again?



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:30 PM

Posted 17 January 2014 - 11:51 PM

Log should be at C:\Combofix.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:30 PM

Posted 19 January 2014 - 01:52 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 Drone424

Drone424
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 20 January 2014 - 12:08 AM

Hi yes, sorry was doing some traveling. Where would i start to look for the C:\Combofix.txt? I've only tried looking in the search bar that pops up from the window's icon and it hasnt been working



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:30 PM

Posted 20 January 2014 - 07:49 PM

Go ahead and run Combofix again and post the log. Still getting ads playing and music in the background?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 Drone424

Drone424
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 21 January 2014 - 12:35 AM

ComboFix 14-01-14.02 - Charles 01/20/2014  21:18:28.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3885.1997 [GMT -8:00]
Running from: c:\users\Charles\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
.
---- Previous Run -------
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\program files (x86)\blekkotb_031\blEKkotb_019x.dll
c:\program files (x86)\Funmoods
c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortApp.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortEng.dll
c:\program files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortShld.dll
c:\program files (x86)\Funmoods\1.5.23.22\FavIcon.ico
c:\program files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe
c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-21 to 2014-01-21  )))))))))))))))))))))))))))))))
.
.
2014-01-21 05:28 . 2014-01-21 05:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-20 02:43 . 2014-01-20 02:43    0    ----a-w-    c:\windows\SysWow64\shoC2B2.tmp
2014-01-18 02:28 . 2014-01-18 02:28    --------    d-----w-    c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-21 05:03 . 2012-11-21 22:30    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2014-01-16 08:00 . 2012-05-23 19:49    86054176    ----a-w-    c:\windows\system32\MRT.exe
2014-01-15 04:09 . 2013-10-17 01:24    566480    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-12-11 06:58 . 2012-05-23 19:00    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 06:58 . 2012-05-23 19:00    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 06:58 . 2013-12-11 06:58    9293192    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-23 23:36 . 2013-10-23 23:36    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-23 23:36 . 2013-10-23 23:37    312744    ----a-w-    c:\windows\system32\javaws.exe
2013-10-23 23:36 . 2013-10-23 23:36    189352    ----a-w-    c:\windows\system32\javaw.exe
2013-10-23 23:36 . 2013-10-23 23:36    189352    ----a-w-    c:\windows\system32\java.exe
2013-10-23 23:20 . 2013-10-23 23:22    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2009-07-14 . 22069ABE46D1A6AF814C37D6C84C65E8 . 510464 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
c:\progra~2\Funmoods\1.5.23.22\bh\escort.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
c:\program files (x86)\blekkotb_031\blekkotb_019X.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"= "c:\progra~2\Funmoods\1.5.23.22\escorTlbr.dll" [BU]
"{8769adce-dba5-48e9-afb5-67b12cdf2e61}"= "c:\program files (x86)\blekkotb_031\blekkotb_019X.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3}]
[HKEY_CLASSES_ROOT\funmoods.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\funmoods.dskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-17 01:38    222712    ----a-w-    c:\users\Charles\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-17 01:38    222712    ----a-w-    c:\users\Charles\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-17 01:38    222712    ----a-w-    c:\users\Charles\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\users\Charles\Downloads\LivestreamProcaster.exe"="c:\users\Charles\Downloads\LivestreamProcaster.exe" [2012-05-23 18199256]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-21 3093624]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-01-08 55360]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-01-07 1815464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"AT&T Communication Manager"="c:\program files (x86)\AT&T\Communication Manager\ATTCM.exe" [2010-07-16 883272]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2011-01-19 352976]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [x]
R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys;c:\windows\SYSNATIVE\DRIVERS\swnc8ua3.sys [x]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys;c:\windows\SYSNATIVE\DRIVERS\swumxa3.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 06:58]
.
2014-01-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1190542188-2455301419-47629428-1000Core.job
- c:\users\Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-26 01:01]
.
2014-01-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1190542188-2455301419-47629428-1000UA.job
- c:\users\Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-26 01:01]
.
2014-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1190542188-2455301419-47629428-1000Core.job
- c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-09 19:35]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1190542188-2455301419-47629428-1000UA.job
- c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-09 19:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-17 01:38    261624    ----a-w-    c:\users\Charles\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-17 01:38    261624    ----a-w-    c:\users\Charles\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-17 01:38    261624    ----a-w-    c:\users\Charles\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-01-15 04:13    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-01-15 04:13    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-01-15 04:13    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 414744]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: Interfaces\{803D0CEE-8D09-4913-BC9B-2D0AF20C40DE}: NameServer = 0.0.0.0
TCP: Interfaces\{F7FEF248-B642-466D-A02F-E25839BC47F6}: NameServer = 172.18.68.215 172.18.68.215
FF - ProfilePath - c:\users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9wrua2v4.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-20  21:35:00
ComboFix-quarantined-files.txt  2014-01-21 05:34
.
Pre-Run: 452,525,056,000 bytes free
Post-Run: 452,021,854,208 bytes free
.
- - End Of File - - A7D36B4BF9EAA82D8B3BDCC731C77793
A36C5E4F47E84449FF07ED3517B43A31
 



#9 Drone424

Drone424
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 21 January 2014 - 01:48 AM

Also yes, ads are still playing in the background, however whenever I run combofix they seem to stop for a while, but then they come back, as well as with the random logging off (which was happening more and more often)



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:30 PM

Posted 21 January 2014 - 02:58 PM

1.

The directions for running Combofix was to download it to your desktop. Combofix need to be on your desktop to proceed. So either move it from your downloads folder to your desktop or delete the copy you have a downlaod a fresh copy to your desktop. The proceed to step 2.

 

 

2.

We need to run a CFScript.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Folder::
c:\progra~2\Funmoods
c:\program files (x86)\blekkotb_031


Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8769adce-dba5-48e9-afb5-67b12cdf2e61}"=-
[-HKEY_CLASSES_ROOT\clsid\{a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3}]
[-HKEY_CLASSES_ROOT\funmoods.dskBnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[-HKEY_CLASSES_ROOT\funmoods.dskBnd]
[-HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll | c:\windows\system32\rpcss.dll

Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

Still have the background ads?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Drone424

Drone424
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 21 January 2014 - 10:10 PM

ComboFix 14-01-21.03 - Charles 01/21/2014  18:52:14.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3885.1848 [GMT -8:00]
Running from: c:\users\Charles\Desktop\ComboFix.exe
Command switches used :: c:\users\Charles\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\blekkotb_031
c:\program files (x86)\blekkotb_031\blekkotb_019.dll
c:\program files (x86)\blekkotb_031\chrome\content\custom.js
c:\program files (x86)\blekkotb_031\chrome\content\lib\about.xml
c:\program files (x86)\blekkotb_031\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\blekkotb_031\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\blekkotb_031\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\blekkotb_031\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\blekkotb_031\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\blekkotb_031\chrome\content\lib\dtxwin.xul
c:\program files (x86)\blekkotb_031\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\blekkotb_031\chrome\content\lib\external.js
c:\program files (x86)\blekkotb_031\chrome\content\lib\neterror.xhtml
c:\program files (x86)\blekkotb_031\chrome\content\lib\rsspreview.html
c:\program files (x86)\blekkotb_031\chrome\content\lib\rsswin.xml
c:\program files (x86)\blekkotb_031\chrome\content\lib\rsswin.xsl
c:\program files (x86)\blekkotb_031\chrome\content\lib\vmncode.js
c:\program files (x86)\blekkotb_031\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\blekkotb_031\chrome\content\modules\datastore.jsm
c:\program files (x86)\blekkotb_031\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\blekkotb_031\chrome\content\neterror.xhtml
c:\program files (x86)\blekkotb_031\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\blekkotb_031\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\blekkotb_031\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\blekkotb_031\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\blekkotb_031\chrome\content\newtab\newtab.html
c:\program files (x86)\blekkotb_031\chrome\content\newtab\newtab_mystart.html
c:\program files (x86)\blekkotb_031\chrome\content\newtab\newtab_yahoo.html
c:\program files (x86)\blekkotb_031\chrome\content\preferences.xml
c:\program files (x86)\blekkotb_031\chrome\content\sourceid.xml
c:\program files (x86)\blekkotb_031\chrome\content\template.xml
c:\program files (x86)\blekkotb_031\chrome\content\toolbar.htm
c:\program files (x86)\blekkotb_031\chrome\content\toolbar.xul
c:\program files (x86)\blekkotb_031\chrome\content\vmncode.js
c:\program files (x86)\blekkotb_031\chrome\content\vmnrsswin.xml
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\css\dialog.css
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrow-grey.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-left.gif
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\arrows_grey-right.gif
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\bg.gif
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search-over.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\btn-search.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\images\throbber.gif
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\index.html
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css\dialog.css
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\1x1_transparent.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\bg.gif
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-search.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn-wide-close.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\btn_close_x.gif
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\default.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\transparent.gif
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-left.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-mdl.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images\win-btm-right.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main.html
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts\defscript.js
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\tb_icon.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.js
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\widget.xml
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.BlekkoMap\widget_version.txt
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.FacebookShortcut\tb_icon.ico
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.FacebookShortcut\tb_icon.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.FacebookShortcut\widget.js
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.FacebookShortcut\widget.xml
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.TwitterShortcut\tb_icon.ico
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.TwitterShortcut\tb_icon.png
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.TwitterShortcut\widget.js
c:\program files (x86)\blekkotb_031\chrome\content\widgets\net.vmn.www.TwitterShortcut\widget.xml
c:\program files (x86)\blekkotb_031\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files (x86)\blekkotb_031\chrome\data\rss\rss.xml
c:\program files (x86)\blekkotb_031\chrome\data\search\engines.xml
c:\program files (x86)\blekkotb_031\chrome\data\search\search.xsl
c:\program files (x86)\blekkotb_031\chrome\data\weather\icons.xml
c:\program files (x86)\blekkotb_031\chrome\locale\lib\de.js
c:\program files (x86)\blekkotb_031\chrome\locale\lib\en.js
c:\program files (x86)\blekkotb_031\chrome\locale\lib\es.js
c:\program files (x86)\blekkotb_031\chrome\locale\lib\fr.js
c:\program files (x86)\blekkotb_031\chrome\locale\lib\it.js
c:\program files (x86)\blekkotb_031\chrome\locale\locale.js
c:\program files (x86)\blekkotb_031\chrome\skin\about.gif
c:\program files (x86)\blekkotb_031\chrome\skin\about_logo.png
c:\program files (x86)\blekkotb_031\chrome\skin\babylon_logo.png
c:\program files (x86)\blekkotb_031\chrome\skin\blekko16.png
c:\program files (x86)\blekkotb_031\chrome\skin\blogger.png
c:\program files (x86)\blekkotb_031\chrome\skin\bluelite.gif
c:\program files (x86)\blekkotb_031\chrome\skin\bluesky.gif
c:\program files (x86)\blekkotb_031\chrome\skin\btn-search-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\btn-search.png
c:\program files (x86)\blekkotb_031\chrome\skin\btn-settings-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\btn-settings.png
c:\program files (x86)\blekkotb_031\chrome\skin\btn-widgets-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\btn-widgets.png
c:\program files (x86)\blekkotb_031\chrome\skin\btn_settings.png
c:\program files (x86)\blekkotb_031\chrome\skin\ca.png
c:\program files (x86)\blekkotb_031\chrome\skin\coupons-hover.png
c:\program files (x86)\blekkotb_031\chrome\skin\coupons.png
c:\program files (x86)\blekkotb_031\chrome\skin\custom.css
c:\program files (x86)\blekkotb_031\chrome\skin\dictionary.png
c:\program files (x86)\blekkotb_031\chrome\skin\divider.png
c:\program files (x86)\blekkotb_031\chrome\skin\downloadcom.png
c:\program files (x86)\blekkotb_031\chrome\skin\dtxlogo.png
c:\program files (x86)\blekkotb_031\chrome\skin\email.png
c:\program files (x86)\blekkotb_031\chrome\skin\email_on.png
c:\program files (x86)\blekkotb_031\chrome\skin\facebook-blekko-hover.png
c:\program files (x86)\blekkotb_031\chrome\skin\facebook-blekko.png
c:\program files (x86)\blekkotb_031\chrome\skin\facebook-hover.png
c:\program files (x86)\blekkotb_031\chrome\skin\facebook.png
c:\program files (x86)\blekkotb_031\chrome\skin\fb.png
c:\program files (x86)\blekkotb_031\chrome\skin\games.png
c:\program files (x86)\blekkotb_031\chrome\skin\google.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphna.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphred0.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphred0_5.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphred1.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphred1_5.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphred2.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphred2_5.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphred3.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphred3_5.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphred4.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphred4_5.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphred5.png
c:\program files (x86)\blekkotb_031\chrome\skin\graphredna.png
c:\program files (x86)\blekkotb_031\chrome\skin\grey.gif
c:\program files (x86)\blekkotb_031\chrome\skin\ico-digg.png
c:\program files (x86)\blekkotb_031\chrome\skin\ico-shield.png
c:\program files (x86)\blekkotb_031\chrome\skin\images.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\add.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\alexabutton.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\aol.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\blank.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\btn_slider.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\button-splitter.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\checkmark.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\chevron.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\collapse.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\comcast.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\dtx-test.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\dtx.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\edit-back.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\embarq.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\expand.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\fast.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\found.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\gmail.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\gripper.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\highlight.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\hotmail.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\ico-check.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\imap.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\launchers.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\lock.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\logo-separator.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\mailcom.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\minus.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\modify.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\move.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\movetarget.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\newsitem.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\css\ie-only.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\css\ie7-only.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\btn-close-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\btn-close.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\footer-short-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\footer-short-middle.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\footer-short-right.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\titlebar-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\titlebar-middle.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\titlebar-right.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\.#btn-search-pnlbtm-over.png.1.1
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\.#btn-search-pnlbtm.png.1.1
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ajax-loader.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\apps-bg-gradient-grid.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\apps-hover.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\appsfeatured-bg-gradient-grid.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\arrow-down-white.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\arrow-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\arrow-right.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\bg-scrollbar-thumb-y.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\bg-scrollbar-track-y.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\bg-scrollbar-trackend-y.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-add-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-add.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-close-grey-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-close-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-close.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-left22-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-left22.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-middle22-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-middle22.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-right22-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-dark-right22.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-install.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-launch-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-launch.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\categories-bg-gradient-grid.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\featured-bg-btm-gradient.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\footer-short-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\footer-short-middle.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\footer-short-right.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\glass.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-box-next.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-info-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-info.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-pref-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-pref.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\ico-user-monitor.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\left-menu-hover.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\searchbox.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\shadow-leftmenu.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\sortby_bg.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\sprite.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\star.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\star_blank.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\throbber.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\titlebar-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\titlebar-middle.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\titlebar-right.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\topbar-inside-gradient.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\win-bottom-middleglow.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\win-left-bottomglow.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\win-left-middleglow.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\win-left-topglow.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\win-right-bottomglow.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\win-right-middleglow.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\win-right-topglow.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\images\win-top-middleglow.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\js\default.js
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\js\jquery-ui.js
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\js\jquery.js
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\js\jquery.tinyscrollbar.js
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\js\jquery.tinyscrollbar.min.js
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\js\jquery.url.js
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\js\kendo.all.min.js
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\plus.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\pop.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rank0.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rank0_5.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rank1.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rank1_5.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rank2.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rank2_5.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rank3.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rank3_5.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rank4.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rank4_5.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rank5.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rankna.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\reload.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\remove.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rename.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\resize-box.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rss.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\scroll-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\scroll-right.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\search-go.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\search.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\separator.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\blekkotb_031\chrome\skin\lib\throbber.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\paneltemplate.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\template.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\blekkotb_031\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\blekkotb_031\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\websiteinspector-norating.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\websiteinspector-verified.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files (x86)\blekkotb_031\chrome\skin\lib\yahoo.png
c:\program files (x86)\blekkotb_031\chrome\skin\lichen.gif
c:\program files (x86)\blekkotb_031\chrome\skin\local-deals-hover.png
c:\program files (x86)\blekkotb_031\chrome\skin\local-deals.png
c:\program files (x86)\blekkotb_031\chrome\skin\logo-about.png
c:\program files (x86)\blekkotb_031\chrome\skin\logo-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\logo-separator.png
c:\program files (x86)\blekkotb_031\chrome\skin\logo.png
c:\program files (x86)\blekkotb_031\chrome\skin\mail-blekko-hover.png
c:\program files (x86)\blekkotb_031\chrome\skin\mail-blekko-new-hover.png
c:\program files (x86)\blekkotb_031\chrome\skin\mail-blekko-new.png
c:\program files (x86)\blekkotb_031\chrome\skin\mail-blekko.png
c:\program files (x86)\blekkotb_031\chrome\skin\mail-hover.png
c:\program files (x86)\blekkotb_031\chrome\skin\mail.png
c:\program files (x86)\blekkotb_031\chrome\skin\menuseparatorback.gif
c:\program files (x86)\blekkotb_031\chrome\skin\modify-save.png
c:\program files (x86)\blekkotb_031\chrome\skin\modify.png
c:\program files (x86)\blekkotb_031\chrome\skin\modifyhot.png
c:\program files (x86)\blekkotb_031\chrome\skin\music.png
c:\program files (x86)\blekkotb_031\chrome\skin\myspace.png
c:\program files (x86)\blekkotb_031\chrome\skin\namespacetoolbar.css
c:\program files (x86)\blekkotb_031\chrome\skin\news.png
c:\program files (x86)\blekkotb_031\chrome\skin\options-main.png
c:\program files (x86)\blekkotb_031\chrome\skin\options-search.png
c:\program files (x86)\blekkotb_031\chrome\skin\options\options-main.png
c:\program files (x86)\blekkotb_031\chrome\skin\options\options-search.png
c:\program files (x86)\blekkotb_031\chrome\skin\options\options-weather.gif
c:\program files (x86)\blekkotb_031\chrome\skin\options\options-weather.png
c:\program files (x86)\blekkotb_031\chrome\skin\options\options-widgets.png
c:\program files (x86)\blekkotb_031\chrome\skin\orange.gif
c:\program files (x86)\blekkotb_031\chrome\skin\p_yahoo.png
c:\program files (x86)\blekkotb_031\chrome\skin\pixsy.png
c:\program files (x86)\blekkotb_031\chrome\skin\ppcbully.png
c:\program files (x86)\blekkotb_031\chrome\skin\protect-id.png
c:\program files (x86)\blekkotb_031\chrome\skin\relatedlinks.png
c:\program files (x86)\blekkotb_031\chrome\skin\rss-collapse.png
c:\program files (x86)\blekkotb_031\chrome\skin\rss-delete.png
c:\program files (x86)\blekkotb_031\chrome\skin\rss-expand.png
c:\program files (x86)\blekkotb_031\chrome\skin\rss-feed.png
c:\program files (x86)\blekkotb_031\chrome\skin\rss-folder-remove.png
c:\program files (x86)\blekkotb_031\chrome\skin\rss-folder-rename.png
c:\program files (x86)\blekkotb_031\chrome\skin\rss-folder.png
c:\program files (x86)\blekkotb_031\chrome\skin\rss-found.png
c:\program files (x86)\blekkotb_031\chrome\skin\rss-reload.png
c:\program files (x86)\blekkotb_031\chrome\skin\rss-subscribe.png
c:\program files (x86)\blekkotb_031\chrome\skin\rss.png
c:\program files (x86)\blekkotb_031\chrome\skin\rssback.gif
c:\program files (x86)\blekkotb_031\chrome\skin\rsstopback.gif
c:\program files (x86)\blekkotb_031\chrome\skin\search-over.png
c:\program files (x86)\blekkotb_031\chrome\skin\search.png
c:\program files (x86)\blekkotb_031\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\blekkotb_031\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\blekkotb_031\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\blekkotb_031\chrome\skin\settings.png
c:\program files (x86)\blekkotb_031\chrome\skin\shopping.png
c:\program files (x86)\blekkotb_031\chrome\skin\siteinfo.png
c:\program files (x86)\blekkotb_031\chrome\skin\skin-bluelite.png
c:\program files (x86)\blekkotb_031\chrome\skin\skin-bluesky.png
c:\program files (x86)\blekkotb_031\chrome\skin\skin-grey.png
c:\program files (x86)\blekkotb_031\chrome\skin\skin-lichen.png
c:\program files (x86)\blekkotb_031\chrome\skin\skin-orange.png
c:\program files (x86)\blekkotb_031\chrome\skin\skin-yellow.png
c:\program files (x86)\blekkotb_031\chrome\skin\skin.xml
c:\program files (x86)\blekkotb_031\chrome\skin\social_delicious.png
c:\program files (x86)\blekkotb_031\chrome\skin\social_stumbleupon.png
c:\program files (x86)\blekkotb_031\chrome\skin\technorati.png
c:\program files (x86)\blekkotb_031\chrome\skin\throbber.gif
c:\program files (x86)\blekkotb_031\chrome\skin\toolbarsplitter.png
c:\program files (x86)\blekkotb_031\chrome\skin\translate.png
c:\program files (x86)\blekkotb_031\chrome\skin\TRUSTe_about.png
c:\program files (x86)\blekkotb_031\chrome\skin\twitter-blekko-hover.png
c:\program files (x86)\blekkotb_031\chrome\skin\twitter-blekko.png
c:\program files (x86)\blekkotb_031\chrome\skin\twitter-hover.png
c:\program files (x86)\blekkotb_031\chrome\skin\twitter.png
c:\program files (x86)\blekkotb_031\chrome\skin\vmn.css
c:\program files (x86)\blekkotb_031\chrome\skin\vmn.png
c:\program files (x86)\blekkotb_031\chrome\skin\web.png
c:\program files (x86)\blekkotb_031\chrome\skin\websearch.png
c:\program files (x86)\blekkotb_031\chrome\skin\wikipedia.png
c:\program files (x86)\blekkotb_031\chrome\skin\yahoosearch.png
c:\program files (x86)\blekkotb_031\chrome\skin\yellow.gif
c:\program files (x86)\blekkotb_031\chrome\skin\youtube.png
c:\program files (x86)\blekkotb_031\chrome\skin\zoom.png
c:\program files (x86)\blekkotb_031\components\windowmediator.js
c:\program files (x86)\blekkotb_031\dtuser.exe
c:\program files (x86)\blekkotb_031\install.ico
c:\program files (x86)\blekkotb_031\manifest.xml
c:\program files (x86)\blekkotb_031\search.ico
c:\program files (x86)\blekkotb_031\toolbar.xml
c:\program files (x86)\blekkotb_031\uninstall.exe
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --> c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((   Files Created from 2013-12-22 to 2014-01-22  )))))))))))))))))))))))))))))))
.
.
2014-01-22 03:04 . 2014-01-22 03:04    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-22 02:15 . 2014-01-22 02:15    --------    d-----w-    C:\found.000
2014-01-22 01:18 . 2014-01-22 01:18    6392    ----a-w-    c:\windows\system32\PerfStringBackup.TMP
2014-01-20 02:43 . 2014-01-20 02:43    0    ----a-w-    c:\windows\SysWow64\shoC2B2.tmp
2014-01-18 02:28 . 2014-01-18 02:28    --------    d-----w-    c:\windows\Sun
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-22 02:32 . 2012-11-21 22:30    45056    ----a-w-    c:\windows\system32\acovcnt.exe
2014-01-16 08:00 . 2012-05-23 19:49    86054176    ----a-w-    c:\windows\system32\MRT.exe
2014-01-15 04:09 . 2013-10-17 01:24    566480    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-12-11 06:58 . 2012-05-23 19:00    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 06:58 . 2012-05-23 19:00    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 06:58 . 2013-12-11 06:58    9293192    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}]
c:\progra~2\Funmoods\1.5.23.22\bh\escort.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
c:\program files (x86)\blekkotb_031\blekkotb_019X.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-17 01:38    222712    ----a-w-    c:\users\Charles\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-17 01:38    222712    ----a-w-    c:\users\Charles\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-17 01:38    222712    ----a-w-    c:\users\Charles\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\users\Charles\Downloads\LivestreamProcaster.exe"="c:\users\Charles\Downloads\LivestreamProcaster.exe" [2012-05-23 18199256]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-21 3093624]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-01-08 55360]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-01-07 1815464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-02-04 7350912]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"AT&T Communication Manager"="c:\program files (x86)\AT&T\Communication Manager\ATTCM.exe" [2010-07-16 883272]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2011-01-19 352976]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-29 3806544]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe;c:\program files (x86)\AT&T\Communication Manager\RcAppSvc.exe [x]
R3 CAATT;AT&T Con App Svc;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe;c:\program files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys;c:\windows\SYSNATIVE\DRIVERS\swnc8ua3.sys [x]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys;c:\windows\SYSNATIVE\DRIVERS\swumxa3.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - BMLoad
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 06:58]
.
2014-01-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1190542188-2455301419-47629428-1000Core.job
- c:\users\Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-26 01:01]
.
2014-01-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1190542188-2455301419-47629428-1000UA.job
- c:\users\Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-26 01:01]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1190542188-2455301419-47629428-1000Core.job
- c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-09 19:35]
.
2014-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1190542188-2455301419-47629428-1000UA.job
- c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-09 19:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-10-17 01:38    261624    ----a-w-    c:\users\Charles\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-10-17 01:38    261624    ----a-w-    c:\users\Charles\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-10-17 01:38    261624    ----a-w-    c:\users\Charles\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-01-15 04:13    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-01-15 04:13    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-01-15 04:13    2331336    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 414744]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: Interfaces\{803D0CEE-8D09-4913-BC9B-2D0AF20C40DE}: NameServer = 0.0.0.0
TCP: Interfaces\{F7FEF248-B642-466D-A02F-E25839BC47F6}: NameServer = 172.18.68.215 172.18.68.215
FF - ProfilePath - c:\users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9wrua2v4.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-blekkotb_031 - c:\program files (x86)\blekkotb_031\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-21  19:08:31
ComboFix-quarantined-files.txt  2014-01-22 03:08
ComboFix2.txt  2014-01-21 05:35
.
Pre-Run: 452,778,283,008 bytes free
Post-Run: 452,467,118,080 bytes free
.
- - End Of File - - 6D7BA955759C5BABFA712CE0F026999F
A36C5E4F47E84449FF07ED3517B43A31
 


also yes



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:30 PM

Posted 22 January 2014 - 01:07 AM

Do you still have the background ads?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Drone424

Drone424
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 22 January 2014 - 02:12 AM

No not since the last set of instructions you gave me, however my computer did crash once since then. well not crash but it informed me that i was about to be logged off then proceeded with doing so


Edited by Drone424, 22 January 2014 - 02:12 AM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:30 PM

Posted 22 January 2014 - 10:54 AM

 

No not since the last set of instructions you gave me, however my computer did crash once since then. well not crash but it informed me that i was about to be logged off then proceeded with doing so

This could have been the computer updating.

 

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Drone424

Drone424
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 22 January 2014 - 04:24 PM

heres the adwcleaner log:
# AdwCleaner v3.017 - Report created 22/01/2014 at 13:15:57
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : Charles - CHARLES-PC
# Running from : C:\Users\Charles\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Charles\AppData\Local\funmoods.crx
File Found : C:\Windows\System32\Tasks\Funmoods
Folder Found C:\ProgramData\Anti-phishing Domain Advisor
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\Users\Charles\AppData\LocalLow\Funmoods
Folder Found C:\Users\Charles\AppData\Roaming\Funmoods

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Funmoods
Key Found : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Web Search
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Funmoods
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Found : HKLM\SOFTWARE\Classes\f
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Found : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photo-booth-for-windows-7_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_photo-booth-for-windows-7_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASUS_Screensaver
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Found : [x64] HKLM\SOFTWARE\DeviceVM
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.17267


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\9wrua2v4.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Charles\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8248 octets] - [22/01/2014 13:15:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8308 octets] ##########
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users