Many Issues

Solved
Thread Status:
Not open for further replies.
  1. AngelPiscean

    AngelPiscean New Member Bronze Member

    Joined:
    Apr 27, 2013
    Posts:
    11
    Likes Received:
    0
    Local time:
    00:20
    My System
    Loading...

    I made a Hijack-this and ComboFix log. Having issues with a lot of things. I dont know what to do anymore. I fixed one problem, but still have more. Please help. Thanks
     
  2. AngelPiscean

    AngelPiscean New Member Bronze Member

    Joined:
    Apr 27, 2013
    Posts:
    11
    Likes Received:
    0
    Local time:
    00:20
    My System
    Loading...

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:53:57 PM, on 4/27/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16476)
    Boot mode: Normal

    Running processes:
    C:\Windows\PLFSetI.exe
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Users\Raven\AppData\Roaming\SearchProtect\bin\cltmng.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3...M=2&UP=SP3B624F4A-B9B1-48C5-B232-039FB7159BCD
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5336&r=27360711m005l0434z195v47021855
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: FCToolbarURLSearchHook Class - {b843a48a-b70f-45cd-a15a-6c2b30c2c11e} - C:\Users\Raven\AppData\LocalLow\FCTB000062781\Toolbar\Helper.dll
    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Picasa - {138B4B0A-923A-4981-AE90-EE90FAC91CE0} - C:\Users\Raven\AppData\LocalLow\Picasa\IE\Picasa.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
    O2 - BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: FBDownloader - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Program Files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files (x86)\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Bho - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Raven\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: AVG Rewards - {EE8BD456-055B-40ce-8A17-9B7D4600264D} - C:\Users\Raven\AppData\LocalLow\AVGRewards\AVGRewards.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O3 - Toolbar: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe"
    O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [SearchProtect] C:\Users\Raven\AppData\Roaming\SearchProtect\bin\cltmng.exe
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
    O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AVG Rewards - {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - C:\Users\Raven\AppData\LocalLow\AVGRewards\AVGRewards.dll
    O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
    O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
    O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: Picasa Updater (PicasaUpdater) - Unknown owner - C:\Users\Raven\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PTUML290 Connection Manager Service (ptumlcmsvc) - Unknown owner - C:\Windows\system32\ptumlcmsvc64.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 15145 bytes
     
  3. AngelPiscean

    AngelPiscean New Member Bronze Member

    Joined:
    Apr 27, 2013
    Posts:
    11
    Likes Received:
    0
    Local time:
    00:20
    My System
    Loading...

    ComboFix 13-04-27.04 - 04/27/2013 22:12:49.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1054 [GMT -4:00]
    Running from: c:\users\Downloads\ComboFix.exe
    AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Raven\AppData\Local\Temp\_MEI23682\_ctypes.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\_elementtree.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\_hashlib.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\_socket.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\_ssl.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\pyexpat.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\pysqlite2._sqlite.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\python27.dll
    c:\users\Raven\AppData\Local\Temp\_MEI23682\pythoncom27.dll
    c:\users\Raven\AppData\Local\Temp\_MEI23682\PyWinTypes27.dll
    c:\users\Raven\AppData\Local\Temp\_MEI23682\select.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\unicodedata.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\win32api.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\win32com.shell.shell.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\win32crypt.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\win32event.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\win32file.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\win32inet.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\win32pdh.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\win32process.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\win32profile.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\win32security.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\win32ts.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\windows._cacheinvalidation.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wx._controls_.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wx._core_.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wx._gdi_.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wx._html2.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wx._misc_.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wx._windows_.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wx._wizard.pyd
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wxbase294u_net_vc90.dll
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wxbase294u_vc90.dll
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wxmsw294u_adv_vc90.dll
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wxmsw294u_core_vc90.dll
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wxmsw294u_html_vc90.dll
    c:\users\Raven\AppData\Local\Temp\_MEI23682\wxmsw294u_webview_vc90.dll
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
    c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    c:\windows\SysWow64\regsvr32.dll
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_DefaultTabUpdate
    -------\Service_DefaultTabUpdate
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-28 02:23 . 2013-04-28 02:23 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-04-27 20:35 . 2013-04-27 21:01 -------- d-----w- c:\program files (x86)\MixiDJ_V37
    2013-04-27 20:34 . 2013-04-27 20:34 -------- d-----w- c:\program files (x86)\SearchProtect
    2013-04-27 20:33 . 2013-04-27 20:34 -------- d-----w- c:\users\Raven\AppData\Roaming\SearchProtect
    2013-04-27 20:30 . 2013-04-27 20:30 -------- d-----w- c:\users\Raven\AppData\Roaming\DefaultTab
    2013-04-27 20:11 . 2013-04-27 20:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-04-27 00:03 . 2013-04-27 00:03 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-04-26 23:26 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2013-04-26 23:26 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
    2013-04-26 23:26 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
    2013-04-26 23:26 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
    2013-04-26 23:26 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
    2013-04-26 23:26 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2013-04-26 23:26 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2013-04-26 23:26 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2013-04-26 23:26 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2013-04-26 23:16 . 2013-04-26 23:17 -------- dc----w- C:\738682997940a3f6112095df
    2013-04-26 23:16 . 2013-04-26 23:16 -------- dc----w- C:\2d616d5fae22187ef3eecc2a9f63
    2013-04-26 09:32 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D26F808D-DF0A-4086-B70D-CC5273C93E97}\mpengine.dll
    2013-04-26 09:32 . 2013-04-26 09:32 -------- dc----w- C:\b3e48f66f62e862ccae01c6e
    2013-04-26 05:20 . 2013-04-26 05:20 -------- d-----w- c:\programdata\GroupPolicy
    2013-04-26 05:16 . 2013-04-27 08:28 -------- d-----w- c:\windows\SysWow64\wbem\Performance
    2013-04-26 01:29 . 2012-07-11 21:09 64856 ----a-w- c:\windows\system32\klfphc.dll
    2013-04-26 01:28 . 2011-06-02 18:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
    2013-04-26 01:28 . 2011-06-02 18:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
    2013-04-26 01:27 . 2013-04-26 01:27 -------- d-----w- c:\windows\ELAMBKUP
    2013-04-26 01:27 . 2013-04-26 01:27 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
    2013-04-26 01:27 . 2013-04-28 02:25 -------- d-----w- c:\programdata\Kaspersky Lab
    2013-04-26 01:27 . 2013-04-26 01:27 -------- d-----w- c:\program files (x86)\Kaspersky Lab
    2013-04-26 01:27 . 2012-11-02 19:48 89944 ----a-w- c:\windows\system32\drivers\klflt.sys
    2013-04-26 01:27 . 2012-11-02 19:48 613720 ----a-w- c:\windows\system32\drivers\klif.sys
    2013-04-26 00:42 . 2013-04-26 00:42 -------- d-----w- c:\users\Raven\AppData\Local\Windows Live Writer
    2013-04-26 00:28 . 2013-04-26 00:28 0 -c--a-w- C:\regdll.bat
    2013-04-26 00:21 . 2013-04-26 00:21 0 ----a-w- c:\users\Raven\regdll.bat
    2013-04-25 19:41 . 2013-04-25 19:41 0 ----a-w- c:\windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD.tmp
    2013-04-25 19:38 . 2013-04-25 19:38 -------- d-----w- c:\users\Raven\AppData\Roaming\BullGuard
    2013-04-25 19:38 . 2013-04-25 19:41 -------- d-----w- c:\programdata\BullGuard
    2013-04-25 00:42 . 2013-04-27 20:31 -------- d-----w- c:\program files (x86)\Free Window Registry Repair
    2013-04-25 00:28 . 2013-04-25 00:28 -------- d-----w- c:\users\Raven\AppData\Roaming\DriverCure
    2013-04-25 00:28 . 2013-04-25 00:28 -------- d-----w- c:\users\Raven\AppData\Roaming\ParetoLogic
    2013-04-25 00:28 . 2013-04-25 01:35 -------- d-----w- c:\programdata\ParetoLogic
    2013-04-25 00:28 . 2013-04-25 00:28 -------- d-----w- c:\program files (x86)\ParetoLogic
    2013-04-24 22:37 . 2013-04-24 22:51 -------- d-----w- c:\program files\WiseFixer
    2013-04-24 15:20 . 2013-04-24 15:31 -------- d-----w- c:\program files\Registry Easy
    2013-04-18 02:53 . 2013-04-25 19:44 -------- d-----w- c:\programdata\PCPitstop
    2013-04-18 02:53 . 2013-04-25 19:50 -------- d-----w- c:\program files (x86)\PCPitstop
    2013-04-12 16:56 . 2013-04-12 16:56 -------- d-----w- c:\users\Raven\AppData\Roaming\AVG
    2013-04-12 16:55 . 2013-04-12 16:57 -------- d-----w- c:\programdata\AVG
    2013-04-12 16:54 . 2013-04-12 16:54 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2013-04-12 16:18 . 2013-04-12 16:18 -------- d-----w- c:\users\Raven\AppData\Local\MFAData
    2013-04-12 16:18 . 2013-04-25 03:23 -------- d-----w- c:\programdata\MFAData
    2013-04-12 16:10 . 2013-04-12 16:10 -------- d-s---w- c:\windows\SysWow64\Microsoft
    2013-04-11 07:03 . 2013-02-22 06:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2013-04-11 07:03 . 2013-02-22 03:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-04-11 07:03 . 2013-02-22 07:04 182896 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2013-04-11 07:03 . 2013-02-22 06:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2013-04-11 07:03 . 2013-02-22 04:10 149616 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
    2013-04-11 07:03 . 2013-02-22 06:18 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-04-11 07:03 . 2013-02-22 06:17 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2013-04-11 07:03 . 2013-02-22 03:36 768512 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-04-11 07:03 . 2013-02-22 03:34 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-04-10 23:47 . 2013-04-10 23:47 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2013-04-10 23:47 . 2013-04-10 23:47 -------- d-----r- c:\program files (x86)\Skype
    2013-04-10 07:24 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-04-10 07:04 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-04-10 07:04 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-04-10 07:04 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-04-10 07:04 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-04-10 07:04 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
    2013-04-10 07:04 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-04-10 05:29 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-27 00:06 . 2012-04-03 16:20 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-04-27 00:06 . 2011-09-15 18:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-04-27 00:02 . 2012-10-04 15:22 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-04-27 00:02 . 2011-12-09 23:53 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-04-11 14:22 . 2011-06-11 06:58 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
    2013-04-11 14:22 . 2011-06-11 06:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
    2013-04-11 07:07 . 2012-04-13 16:34 72702784 ----a-w- c:\windows\system32\MRT.exe
    2013-04-04 18:50 . 2011-07-08 21:22 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-03-21 23:17 . 2013-03-21 23:17 171008 ----a-w- c:\windows\SysWow64\rld.dll
    2013-03-12 05:10 . 2011-07-08 21:32 282744 ------w- c:\windows\system32\MpSigStub.exe
    2013-03-06 22:32 . 2012-10-24 01:35 287840 ----a-w- c:\windows\system32\aswBoot.exe
    2013-02-12 05:45 . 2013-03-13 01:25 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45 . 2013-03-13 01:25 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45 . 2013-03-13 01:25 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 05:45 . 2013-03-13 01:25 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 04:48 . 2013-03-13 01:25 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48 . 2013-03-13 01:25 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-02-12 04:12 . 2013-03-26 01:16 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
    .
     
  4. AngelPiscean

    AngelPiscean New Member Bronze Member

    Joined:
    Apr 27, 2013
    Posts:
    11
    Likes Received:
    0
    Local time:
    00:20
    My System
    Loading...

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}"= "c:\users\Raven\AppData\LocalLow\FCTB000062781\Toolbar\Helper.dll" [2011-11-26 361984]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-12-09 1517368]
    .
    [HKEY_CLASSES_ROOT\clsid\{b843a48a-b70f-45cd-a15a-6c2b30c2c11e}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{E2A57EE8-6A26-499F-95F8-A96E5C3BE17E}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{215BA832-75A3-426E-A4FC-7C5B58CE6A10}]
    2013-04-26 01:40 2404920 ----a-w- c:\progra~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1BF}]
    2012-02-01 22:18 136192 ----a-w- c:\program files (x86)\HTTO Group, Ltd\FBDownloader IE Add-on\FBDownloader.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{73A89C60-CF59-4EC7-9215-9B7EF05ECEA4}]
    2012-07-19 00:26 195448 ----a-w- c:\program files (x86)\Nuance\NaturallySpeaking12\Program\ieshim.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{215BA832-75A3-426E-A4FC-7C5B58CE6A10}"= "c:\progra~2\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll" [2013-04-26 2404920]
    .
    [HKEY_CLASSES_ROOT\clsid\{215ba832-75a3-426e-a4fc-7c5b58ce6a10}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
    2012-12-20 22:20 459784 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
    "SearchProtect"="c:\users\Raven\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-04-11 2730784]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2012-12-20 356968]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    "lxdnmon.exe"="c:\program files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
    "EzPrint"="c:\program files (x86) (x86)\Lexmark 2600 Series\ezprint.exe" [2010-02-04 107176]
    "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
    "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-04-11 2730784]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "c:\programdata\Nuance\NaturallySpeaking12\Ereg.ini"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    R3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\DRIVERS\PTUMLBUS.sys [2011-05-12 73744]
    R3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\DRIVERS\PTUMLCVsp.sys [2011-05-12 182672]
    R3 PTUMLMdm;PANTECH UML290;c:\windows\system32\DRIVERS\PTUMLMdm.sys [2011-05-12 182672]
    R3 PTUMLNET61;PANTECH UML290 WWAN (NDIS6.1);c:\windows\system32\DRIVERS\PTUMLNET61.sys [2011-05-12 104976]
    R3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\DRIVERS\PTUMLNVsp.sys [2011-05-12 183824]
    R3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\DRIVERS\PTUMLRMNET.sys [2011-05-12 69136]
    R3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMLVsp.sys [2011-05-12 182672]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [2008-11-11 27136]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-14 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2011-06-02 84536]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
    S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2011-06-02 66616]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
    S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-10-18 54104]
    S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
    S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
    S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-04-11 93984]
    S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2012-12-21 819040]
    S2 DragonSvc:Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2012-07-19 310232]
    S2 DsiWMIService:Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
    S2 PicasaUpdater;Picasa Updater;c:\users\Raven\AppData\LocalLow\Picasa\IE\PicasaUpdater.exe [2011-09-02 18432]
    S2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc64.exe [2011-05-12 134144]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040]
    S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-03 29016]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-03 29528]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 00:06]
    .
    2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 02:45]
    .
    2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 02:45]
    .
     
  5. AngelPiscean

    AngelPiscean New Member Bronze Member

    Joined:
    Apr 27, 2013
    Posts:
    11
    Likes Received:
    0
    Local time:
    00:20
    My System
    Loading...

    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2013-03-07 20:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
    2012-12-20 22:22 492040 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2011-07-08 206208]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592]
    "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608]
    "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN33752608142678411&UM=2&UP=SP3B624F4A-B9B1-48C5-B232-039FB7159BCD
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5336&r=27360711m005l0434z195v47021855
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
    IE: {{6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - c:\users\Raven\AppData\LocalLow\AVGRewards\AVGRewards.dll
    TCP: DhcpNameServer = 204.111.1.195 204.111.1.194
    FF - ProfilePath - c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\ofbsu7jc.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN43175935316884268&UM=2&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - MixiDJ V37 Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN43175935316884268&UM=2&UP=SP3B624F4A-B9B1-48C5-B232-039FB7159BCD
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN43175935316884268&UM=2&q=
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2013-04-25 21:27; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
    FF - ExtSQL: 2013-04-25 21:27; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
    FF - ExtSQL: 2013-04-25 21:27; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
    FF - ExtSQL: 2013-04-25 21:28; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
    FF - ExtSQL: 2013-04-25 21:28; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
    FF - ExtSQL: 2013-04-25 22:41; {d37dc5d0-431d-44e5-8c91-49419370caa1}; c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\ofbsu7jc.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
    FF - ExtSQL: 2013-04-27 16:33; {eef3855c-fc2d-41e6-8d91-d368f51b3055}; c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\ofbsu7jc.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}
    FF - ExtSQL: 2013-04-27 16:33; addon@defaulttab.com; c:\users\Raven\AppData\Roaming\Mozilla\Firefox\Profiles\ofbsu7jc.default\extensions\addon@defaulttab.com.xpi
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=109937&tt=100512_3_
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 422633b3000000000000ce46195d8ee9
    FF - user.js: extensions.BabylonToolbar_i.hardId - 422633b3000000000000ce46195d8ee9
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15471
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:50
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0C0EyEyCtCzyyD0Dzz0E0EzytAtA0BtAtN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775320138
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0C0EyEyCtCzyyD0Dzz0E0EzytAtA0BtAtN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775320138
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0C0EyEyCtCzyyD0Dzz0E0EzytAtA0BtAtN0D0Tzu0CtBtBtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775320138&q=
    FF - user.js: extensions.funmoods.id - CE46195D8EE933B3
    FF - user.js: extensions.funmoods.instlDay - 15560
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2211:43
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - adknlg
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - adknlg
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - (no file)
    URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
    BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    SafeBoot-BsScanner
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    WebBrowser-{25515A79-C1C7-4B97-97F8-31A711694487} - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-DefaultTab - c:\users\Raven\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    AddRemove-FLV Player - c:\program files (x86)\FLVPlayer\Uninstall\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    "Key"="ActionsPane3"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    **************************************************************************
    .
    Completion time: 2013-04-27 22:34:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-04-28 02:34
    .
    Pre-Run: 56,116,363,264 bytes free
    Post-Run: 55,598,034,944 bytes free
    .
    - - End Of File - - DD539D1CC6A41AEDF5F2B4EA2CEBEEB9
     
  6. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    14:20
    My System
    Loading...

    First,just a warning that you should never run Combofix unsupervised.It is a powerfull program and if wrongly used can reduce you compter to the status of a useless piece of junk.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a skilled helper.

    Please make sure you carry out all the instructions posted here.
    http://www.pchelpforum.com/xf/threads/prework-please-read-before-posting.131846/
     
  7. AngelPiscean

    AngelPiscean New Member Bronze Member

    Joined:
    Apr 27, 2013
    Posts:
    11
    Likes Received:
    0
    Local time:
    00:20
    My System
    Loading...

    Here is the OTL. Thank you
     

    Attached Files:

  8. AngelPiscean

    AngelPiscean New Member Bronze Member

    Joined:
    Apr 27, 2013
    Posts:
    11
    Likes Received:
    0
    Local time:
    00:20
    My System
    Loading...

    aswMBR. Thank you again.
     

    Attached Files:

  9. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    14:20
    My System
    Loading...

    To uninstall Funmoods program from your computer, click the Start button, then select Control Panel, and if you are using Windows Vista, Windows 7 and Windows 8 ,click on Uninstall a program. (Add or Remove Programs for Windows XP)
    Select for Funmoods and then click Uninstall. (Remove for Windows XP).
    The Funmoods uninstaller will start and then you’ll just need to follow the on-screen instructions.
    Also Look in Uninstall a Program and remove Babylon.

    =========================


    Please download Malwarebytes Anti-Malware from Malwarebytes.org
    Alternate link: Download Mirror

    (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

    Double Click mbam-setup.exe to install the application.

    (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
    Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    If an update is found, it will download and install the latest version.
    Once the program has loaded, select "Perform Full Scan", then click Scan.
    The scan may take some time to finish,so please be patient.
    When the scan is complete, click OK, then Show Results to view the results.
    Make sure that everything is checked, and click Remove Selected.
    When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    Please save the log to a location you will remember.
    The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Copy and paste the entire report in your next reply.
    If Malwarebytes fails to download please use the following link:

    http://malwarebytes.org/mbam-download-exe-random.php
     
  10. AngelPiscean

    AngelPiscean New Member Bronze Member

    Joined:
    Apr 27, 2013
    Posts:
    11
    Likes Received:
    0
    Local time:
    00:20
    My System
    Loading...

    I uninstalled those programs awhile ago. Should I go into regedit and get rid of them that way? My Maleware says I have no Maleware now, but I have 17 in Quarantine. My bf is overseas and Its getting really annoying not to be able to IM or send photos to him. Here is the newest log.Thank you so much.
     

    Attached Files:

  11. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Local time:
    14:20
    My System
    Loading...

    Ok.This is not looking like a malware issue more one of configuration.I suggest you open a new thread and list all your problem there.I'M sure they will assist.

    You can now uninstall ComboFix

    • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
    • In the field, type in ComboFix /uninstall
    [​IMG]

    (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

    • Then, press Enter, or click OK.
    • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
     
  12. AngelPiscean

    AngelPiscean New Member Bronze Member

    Joined:
    Apr 27, 2013
    Posts:
    11
    Likes Received:
    0
    Local time:
    00:20
    My System
    Loading...

    Ok thanks.
     
Similar Threads
Forum Title Date
System Security Help Needed> many issues on my system. Nov 9, 2010
System Security possible probleam with utorrent (see PCHF ToS)? many BSOD caused by atikmdag.sys Dec 8, 2013
System Security Team viewer and many more application not loading Jun 18, 2012
System Security Why do I have so many process running? May 16, 2012

Thread Status:
Not open for further replies.