Bearshare removal help, one for Starbuck ?

[I4n]

Hi all, I have been away since an enforced absence due to my laptop being stolen, anyway I now have a nice new Asus K525F with 64 bit Windows 7. All was fine until one of my lads decided to treat me to a little MP3 player and decided to load it up with a load of tracks which he knew I liked, trouble is he used my laptop and put Bearshare on it. I probably don't need to tell you how blo*dy awful this thing is, tried all sorts of removal methods as mentioned on the web, most of which involve removing a couple of DLL files which I am told I don't have access to and also involve a whole list of Registry entries to remove, none of which show up when I search my registry.

I ran a forum search for Bearshare and found that Starbuck had used OTL to analise which seems like a good starting point for me also, if that is the best option for me.

[I4n]

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

OTL Extras logfile created on: 1/12/2012 5:38:20 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ian\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.79 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 47.29% Memory free

7.58 Gb Paging File | 5.30 Gb Available in Paging File | 69.90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 119.24 Gb Total Space | 83.83 Gb Free Space | 70.31% Space Free | Partition Type: NTFS

Drive D: | 153.85 Gb Total Space | 153.57 Gb Free Space | 99.82% Space Free | Partition Type: NTFS

 

Computer Name: IAN-PC | User Name: Ian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources

"{0F696557-180C-4813-A754-5D43969B0691}" = Windows Live Family Safety

"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot

"{169C77B7-69C9-4648-9DD0-72B152AF269F}" = Windows Live Family Safety

"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources

"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources

"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel® PROSet/Wireless WiFi Software

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety

"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources

"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety

"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources

"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{7734509D-A1F7-4A5E-AF9D-77CD17AE41AF}" = Windows Live Family Safety

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{9210D7A2-DC28-43F6-92F9-E6CD4C729F7B}" = Windows Live Family Safety

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources

"{B22C8566-D522-4B40-A7AF-525F5A70D832}" = Windows Live Family Safety

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources

"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources

"{CB7935EF-43EE-4C0F-AC02-B0E4DD5DAC17}" = Windows Live Family Safety

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources

"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources

"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"ProInst" = Intel PROSet Wireless

"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live

"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live

"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack

"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater

"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources

"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common

"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources

"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common

"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials

"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger

"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart

"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack

"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{34F98478-05CB-4A3A-B6F4-DA529ED8FA57}" = Intel® Wireless Display

"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger

"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack

"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger

"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer

"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common

"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail

"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger

"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack

"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger

"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect

"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common

"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker

"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh

"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer

"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources

"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin

"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package

"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail

"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common

"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common

"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader

"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials

"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live

"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений

"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker

"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live

"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker

"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer

"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail

"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack

"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker

"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer

"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas

"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera

"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live

"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心

"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources

"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις

"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager

"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live

"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker

"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Asus Vibe2.0" = AsusVibe2.0

"ASUS WebStorage" = ASUS WebStorage

"avast" = avast! Free Antivirus

"Bookworm Deluxe" = Bookworm Deluxe

"Cooking Dash" = Cooking Dash

"Google Chrome" = Google Chrome

"Governor of Poker" = Governor of Poker

"Hotel Dash Suite Success" = Hotel Dash Suite Success

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"Jewel Quest 3" = Jewel Quest 3

"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN

"Luxor 3" = Luxor 3

"Mahjongg dimensions" = Mahjongg dimensions

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Picasa 3" = Picasa 3

"Plants vs Zombies" = Plants vs Zombies

"WinLiveSuite" = Windows Live Essentials

"World of Goo" = World of Goo

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12/1/2011 9:48:51 AM | Computer Name = Ian-PC | Source = ESENT | ID = 455

Description = Windows (4488) Windows: Error -1811 occurred while opening logfile

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00008.log.

 

Error - 12/1/2011 9:48:52 AM | Computer Name = Ian-PC | Source = Windows Search Service | ID = 9000

Description =

 

Error - 12/1/2011 9:48:52 AM | Computer Name = Ian-PC | Source = Windows Search Service | ID = 7040

Description =

 

Error - 12/1/2011 9:48:52 AM | Computer Name = Ian-PC | Source = Windows Search Service | ID = 7042

Description =

 

Error - 12/1/2011 9:48:52 AM | Computer Name = Ian-PC | Source = Windows Search Service | ID = 9002

Description =

 

Error - 12/1/2011 9:48:52 AM | Computer Name = Ian-PC | Source = Windows Search Service | ID = 3029

Description =

 

Error - 12/1/2011 9:48:53 AM | Computer Name = Ian-PC | Source = Windows Search Service | ID = 3029

Description =

 

Error - 12/1/2011 9:48:53 AM | Computer Name = Ian-PC | Source = Windows Search Service | ID = 3028

Description =

 

Error - 12/1/2011 9:48:53 AM | Computer Name = Ian-PC | Source = Windows Search Service | ID = 3058

Description =

 

Error - 12/1/2011 9:48:53 AM | Computer Name = Ian-PC | Source = Windows Search Service | ID = 7010

Description =

 

[ System Events ]

Error - 12/12/2011 10:12:36 AM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

%%1053

 

Error - 12/12/2011 10:12:53 AM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Search service to connect.

 

Error - 12/12/2011 10:12:53 AM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

%%1053

 

Error - 12/12/2011 10:12:53 AM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Search service to connect.

 

Error - 12/12/2011 10:12:53 AM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

%%1053

 

Error - 12/12/2011 10:18:16 AM | Computer Name = Ian-PC | Source = Microsoft-Windows-Time-Service | ID = 34

Description = The time service has detected that the system time needs to be changed

by -86503 seconds. The time service will not change the system time by more than

54000 seconds. Verify that your time and time zone are correct, and that the time

source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.250.85:123) is working

properly.

 

Error - 12/18/2011 7:02:36 AM | Computer Name = Ian-PC | Source = Microsoft-Windows-Time-Service | ID = 34

Description = The time service has detected that the system time needs to be changed

by -86506 seconds. The time service will not change the system time by more than

54000 seconds. Verify that your time and time zone are correct, and that the time

source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.21:123) is working

properly.

 

Error - 12/18/2011 8:10:23 AM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7023

Description = The Server service terminated with the following error: %%1062

 

Error - 12/21/2011 2:52:51 AM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7024

Description = The Windows Search service terminated with service-specific error

%%-1073473535.

 

Error - 12/21/2011 2:52:51 AM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7031

Description = The Windows Search service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 30000 milliseconds:

Restart the service.

 

 

< End of report >

Here is the OTL results.

Edited January 12, 2012 by I4n

[Starbuck]

Hi I4n

 

You forgot the most important part.... the main OTL report.

 

It will be saved here:

C:\Users\Ian\Downloads

 

Should have been saved to the Desktop, but we can work around that.

Please post the main OTL report and then i can take a look for you.

 

Thanks

[I4n]

Hi Starbuck, the only report in Downloads is the Extras report which I have already posted ?

[Starbuck]

Ok, let's get a fresh scan then.......

 

Double click on OTL to run it.

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• The scan wont take long.
  
• When the scan completes, it will open a notepad window. With the OTL.Txt This will be saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

[I4n]

Hear we go................

 

OTL logfile created on: 1/13/2012 4:49:03 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ian\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

3.79 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 55.57% Memory free

7.58 Gb Paging File | 5.48 Gb Available in Paging File | 72.22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 119.24 Gb Total Space | 84.45 Gb Free Space | 70.83% Space Free | Partition Type: NTFS

Drive D: | 153.85 Gb Total Space | 153.57 Gb Free Space | 99.82% Space Free | Partition Type: NTFS

 

Computer Name: IAN-PC | User Name: Ian | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Ian\Downloads\OTL (1).exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Windows\AsScrPro.exe (ASUS)

PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus)

PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)

PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)

PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)

PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppgooglenaclpluginchrome.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\avutil-51.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\avformat-53.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\avcodec-53.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll ()

MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll ()

MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll ()

MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll ()

MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()

MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()

MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)

SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()

SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)

SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)

DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)

DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)

DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

 

 

 

========== Chrome ==========

 

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=102&systemid=2&sr=0&q={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\

CHR - Extension: Google Search = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: avast! WebRep = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

CHR - Extension: AOL Mail = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\phgdojkomekmnemlclopfjlmbamhnafp\1.0.2.0_0\

CHR - Extension: Gmail = C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96D32B07-BB66-4DA8-BC8C-F09D5A8600CF}: DhcpNameServer = 192.168.1.1 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)

MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)

MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/12 17:52:56 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/01/12 14:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2012/01/12 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\TestApp

[2012/01/12 12:54:26 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2012/01/12 12:54:26 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2012/01/12 12:54:25 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012/01/12 12:54:25 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012/01/12 12:54:03 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2012/01/12 12:54:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll

[2012/01/12 12:54:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2012/01/11 19:22:20 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\MusicNet

[2012/01/11 19:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\1465

[2012/01/11 19:22:12 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\My Received Files

[2012/01/11 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BearShare Applications

[2012/01/11 19:21:10 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\PackageAware

[2012/01/11 17:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SigmaTel

[2012/01/11 12:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/01/02 17:45:14 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Skype

[2012/01/02 17:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skype

[2012/01/02 17:44:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2011/12/21 07:39:01 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\SUPERAntiSpyware.com

[2011/12/21 07:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011/12/21 07:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011/12/21 07:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2011/12/21 07:02:43 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Malwarebytes

[2011/12/21 07:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/21 07:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/12/21 07:02:32 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/12/21 07:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/12/20 17:22:05 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2011/12/20 17:22:05 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2011/12/20 17:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2011/12/20 17:22:04 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2011/12/20 17:22:04 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2011/12/20 17:22:04 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys

[2011/12/20 17:22:03 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2011/12/20 17:22:03 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2011/12/20 17:21:46 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2011/12/20 17:21:46 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/12/20 17:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2011/12/20 17:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2011/12/14 20:54:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011/12/14 20:54:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011/12/14 20:53:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/12/14 20:53:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011/12/14 20:53:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011/12/14 20:53:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/12/14 20:53:58 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011/12/14 20:53:58 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2011/12/14 20:53:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2011/12/14 20:53:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011/12/14 20:53:57 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011/12/14 20:53:01 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2011/12/14 20:53:01 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2011/12/14 20:53:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2011/12/14 19:45:59 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2008/08/12 04:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

 

========== Files - Modified Within 30 Days ==========

 

[2012/01/13 16:52:12 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/01/13 16:47:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/13 16:47:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/13 16:40:59 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/01/13 16:39:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/01/13 16:39:41 | 3054,792,704 | -HS- | M] () -- C:\hiberfil.sys

[2012/01/12 23:15:54 | 000,748,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/01/12 23:15:54 | 000,627,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/01/12 23:15:54 | 000,110,326 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/01/12 13:58:40 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/01/11 17:50:08 | 000,437,000 | ---- | M] () -- C:\Users\Ian\Documents\Napa MP3 Player.pdf

[2012/01/08 20:04:57 | 000,004,489 | ---- | M] () -- C:\Users\Ian\Documents\Phone Numbers.odt

[2011/12/22 18:20:15 | 000,001,948 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini

[2011/12/22 18:20:10 | 000,001,181 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini

[2011/12/21 07:38:20 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/12/21 07:02:37 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/20 17:22:05 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/12/20 17:22:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2011/12/20 17:17:27 | 003,422,690 | ---- | M] () -- C:\Users\Ian\Documents\T-MOBILE ZEST (E110) USER MANUAL.PDF

[2011/12/14 20:58:11 | 000,275,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/12/14 19:45:59 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

 

========== Files Created - No Company Name ==========

 

[2012/01/11 17:50:03 | 000,437,000 | ---- | C] () -- C:\Users\Ian\Documents\Napa MP3 Player.pdf

[2011/12/21 07:38:20 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011/12/21 07:02:37 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/12/20 17:22:05 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/12/20 17:22:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2011/12/20 17:17:26 | 003,422,690 | ---- | C] () -- C:\Users\Ian\Documents\T-MOBILE ZEST (E110) USER MANUAL.PDF

[2011/11/29 16:10:49 | 000,750,814 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/11/20 14:31:10 | 000,003,584 | ---- | C] () -- C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/17 22:28:09 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini

[2011/10/21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2011/04/13 02:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2011/01/12 11:02:34 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2009/07/29 05:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini

[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009/04/08 17:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

[2009/02/26 06:50:32 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config

[2008/05/22 15:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

 

========== LOP Check ==========

 

[2011/11/17 21:07:22 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\ASUS WebStorage

[2012/01/11 19:22:20 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\MusicNet

[2011/11/17 22:11:10 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Nuance

[2011/12/01 13:58:50 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Research In Motion

[2012/01/12 12:41:52 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SoftGrid Client

[2012/01/12 14:00:31 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\TestApp

[2011/11/29 16:11:26 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\TP

[2011/11/17 22:11:08 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Zeon

[2011/12/12 14:10:24 | 000,016,336 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2009/07/14 01:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2009/07/29 06:03:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2011/07/26 22:38:53 | 000,014,766 | ---- | M] () -- C:\devlist.txt

[2011/11/17 18:27:00 | 000,000,010 | ---- | M] () -- C:\dpi.txt

[2011/07/26 07:38:53 | 000,000,009 | ---- | M] () -- C:\Finish.log

[2012/01/13 16:39:41 | 3054,792,704 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/01 17:50:26 | 002,097,152 | -H-- | M] () -- C:\K52F.BIN

[2011/01/12 11:03:58 | 000,000,019 | ---- | M] () -- C:\K52F_K62F_WIN7.100

[2010/05/06 10:56:34 | 002,097,152 | -H-- | M] () -- C:\K62F.BIN

[2012/01/13 16:39:45 | 4073,058,304 | -HS- | M] () -- C:\pagefile.sys

[2011/07/26 08:40:09 | 000,000,303 | ---- | M] () -- C:\Pass.txt

[2011/01/12 11:03:58 | 000,000,012 | ---- | M] () -- C:\RECOVERY.DAT

[2011/07/26 22:25:35 | 000,000,090 | ---- | M] () -- C:\setup.log

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

 

< %PROGRAMFILES%\* >

[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/03/28 16:27:18 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/03/28 16:27:18 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/03/28 16:27:18 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/03/28 16:27:18 | 000,748,336 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/03/28 16:27:18 | 000,748,336 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/12/07 11:16:29 | 001,047,096 | ---- | M] (Google Inc.)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/03/28 16:27:18 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/03/28 16:27:18 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/03/28 16:27:18 | 000,089,088 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/03/28 16:27:18 | 000,748,336 | ---- | M] (Microsoft Corporation)

64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/03/28 16:27:18 | 000,748,336 | ---- | M] (Microsoft Corporation)

 

 

< End of report >

[Starbuck]

Hi I4n

 

Sorry for the delay in response to your thread, I've been ill for the last few days.

 

There's not much reference to Bearshare in your reports, but we'll remove what's showing.

Also you are running than out of date version of MBAM.

Let's get that updated.

The new version can scan for P2P programs and remove what it finds.

 

Step 1

Please update MBAM and run another scan:

Start MBAM

Click on the Update tab

 

http://img.photobucket.com/albums/v708/starbuck50/new/mbamnew.png

 

Click Check for Updates

 

The latest Database Version is: v2012.01.15.04

 

If it says that MBAM needs to close to update it... let it close and then restart.

Then click the 'Check for updates' again.

 

Now:

Click the Settings tab, then select Scanner Settings.

At the bottom change the Actions for P2P software to:

Show in results list and check for removal.

 

Then click the Scanner tab.

Then click the Scan button.

 

Don't forget:

• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  
• Click OK to close the message box and continue with the removal process.
  
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

 

 

Step 2

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:otl
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012/01/11 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BearShare Applications

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

In your next reply, please submit:

MBAM scan report

and the OTL fix report

 

 

Thanks.

[I4n]

Test post problems posting now

[I4n]

4th reply attempt, here goes...........

 

Sorry to hear you where unwell Starbuck, hope your feeling better now.

 

I ran Mbam last week when I 1st got the problem, it showed no problems but I did not know about the p2p selection. Anyway when I tried to run it just now i got this error "Run-time error '5'; invalid procedure call or argument "

 

I then tried to uninstall/re-install but get this error " Runtime error (at-1:0:) cannot import dll:C:Program Files (x86) Malwarebytes' anti-malware\mbam.dll. "

 

I have had real problems posting this as each time I try to post I either get the forum message telling me I am not logged in or I get a "Confirm Navigation changes made in the editor will be lost . Are you sure you want to leave this page ? (Leave this page) (Stay on this page) . Lost the post using either option. What a crock of cr*p this Bearshre is !!!:(

[I4n]

now i'm getting emoticons wher I dont want them !

[RandyL]

at-1:0:) cannot import

 

Sometimes the forum software will parse some things like that as html code giving a smiley.

 

As for posting issues I can't find any problems here.

[I4n]

The posting problem seems to have cleared up at the present but as post #9 mentioned, 4th attempt, if it had not worked that time I was gonna hijack the wifes PC to get a post in !!!!

 

Just waiting for a little of that Starbuck magic !!!! :p

[Starbuck]

Hi I4n

 

Sorry to hear you where unwell Starbuck, hope your feeling better now.

A lot better thanks.

 

Did you run the OTL fix?

If so, please post the report.

 

Let's check a little deeper, seeing that you are still having problems:

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
  For more information read:
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
   
  Then:
   
  Double click on Combo-Fix.exe & follow the prompts.
   
  Vista/Win7 users should right click on the icon and select Run as Administrator.
   
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   
  If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
   
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

Thanks

[I4n]

Hi Starbuck, glad your O.K.

 

I just ran the OTL fix but the homepage is still being hijacked by bearshare search. I will post the Otl log here and then a little later this afternoon I will run the ComboFix routine.

Thanks for the help so far.

All processes killed

========== OTL ==========

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

C:\Program Files (x86)\BearShare Applications folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Ian\Downloads\cmd.bat deleted successfully.

C:\Users\Ian\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Ian

->Temp folder emptied: 132 bytes

->Temporary Internet Files folder emptied: 331827 bytes

->Google Chrome cache emptied: 49739099 bytes

->Flash cache emptied: 1788 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 14257 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes

RecycleBin emptied: 1129 bytes

 

Total Files Cleaned = 48.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01172012_130141

 

 

Files\Folders moved on Reboot...

C:\Users\Ian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

 

Registry entries deleted on Reboot...

[I4n]

Hi Starbuck, I just ran ComboFix, I didn't have to save or rename etc, it just auto ran once I O.Ked with the UAC box.

 

ComboFix log here

 

 

ComboFix 12-01-17.01 - Ian 17/01/2012 15:53:30.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3884.2095 [GMT 0:00]

Running from: c:\users\Ian\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini

c:\program files (x86)\Common Files\ASPG_icon.ico

c:\programdata\FullRemove.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-12-17 to 2012-01-17 )))))))))))))))))))))))))))))))

.

.

2012-01-17 15:58 . 2012-01-17 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-17 15:04 . 2012-01-17 15:04 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E28047B-83C7-4130-82A7-5E97B8EC6D05}\offreg.dll

2012-01-17 15:04 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E28047B-83C7-4130-82A7-5E97B8EC6D05}\mpengine.dll

2012-01-12 17:52 . 2012-01-12 17:52 -------- d-----w- C:\_OTL

2012-01-12 14:00 . 2012-01-12 14:00 -------- d-----w- c:\programdata\PC Tools

2012-01-12 14:00 . 2012-01-12 14:00 -------- d-----w- c:\users\Ian\AppData\Roaming\TestApp

2012-01-12 12:54 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-12 12:54 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-12 12:54 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-12 12:54 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-12 12:54 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-12 12:54 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-12 12:54 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-12 12:54 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-11 19:22 . 2012-01-11 19:22 -------- d-----w- c:\users\Ian\AppData\Roaming\MusicNet

2012-01-11 19:22 . 2012-01-11 19:22 -------- d-----w- c:\programdata\1465

2012-01-11 19:21 . 2012-01-11 19:21 -------- d-----w- c:\users\Ian\AppData\Local\PackageAware

2012-01-11 17:52 . 2012-01-11 17:52 -------- d-----w- c:\program files (x86)\SigmaTel

2012-01-11 12:23 . 2012-01-11 12:23 -------- d-----w- c:\programdata\boost_interprocess

2012-01-02 17:45 . 2012-01-12 12:42 -------- d-----w- c:\users\Ian\AppData\Roaming\Skype

2012-01-02 17:45 . 2012-01-12 12:42 -------- d-----w- c:\program files (x86)\Skype

2012-01-02 17:44 . 2012-01-12 12:42 -------- d-----w- c:\programdata\Skype

2011-12-21 07:39 . 2011-12-21 07:39 -------- d-----w- c:\users\Ian\AppData\Roaming\SUPERAntiSpyware.com

2011-12-21 07:38 . 2011-12-21 07:39 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-21 07:38 . 2011-12-21 07:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-21 07:14 . 2011-11-15 14:29 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-12-21 07:02 . 2011-12-21 07:02 -------- d-----w- c:\users\Ian\AppData\Roaming\Malwarebytes

2011-12-21 07:02 . 2011-12-21 07:02 -------- d-----w- c:\programdata\Malwarebytes

2011-12-21 07:02 . 2012-01-12 12:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-21 07:02 . 2011-08-31 17:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-20 17:22 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-12-20 17:22 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-12-20 17:22 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-12-20 17:22 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-12-20 17:22 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-12-20 17:22 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-12-20 17:22 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-12-20 17:21 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2011-12-20 17:21 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-12-20 17:21 . 2011-12-20 17:21 -------- d-----w- c:\programdata\AVAST Software

2011-12-20 17:21 . 2011-12-20 17:21 -------- d-----w- c:\program files\AVAST Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-14 19:45 . 2011-12-14 19:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-01 13:58 . 2011-12-01 13:58 53248 ----a-r- c:\users\Ian\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

2011-11-24 04:52 . 2011-12-14 20:53 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 16:30 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-11-05 05:32 . 2011-12-14 20:53 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:26 . 2011-12-14 20:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-04 01:53 . 2011-12-14 20:53 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-11-04 01:44 . 2011-12-14 20:53 1390080 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 01:44 . 2011-12-14 20:53 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 01:34 . 2011-12-14 20:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-03 22:47 . 2011-12-14 20:53 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-11-03 22:40 . 2011-12-14 20:53 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-11-03 22:39 . 2011-12-14 20:53 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-03 22:31 . 2011-12-14 20:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-10-26 05:21 . 2011-12-14 20:53 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-21 17:41 . 2011-10-21 17:41 510232 ----a-w- c:\windows\system32\igfxsrvc.exe

2011-10-21 17:41 . 2011-10-21 17:41 167704 ----a-w- c:\windows\system32\igfxtray.exe

2011-10-21 17:41 . 2011-10-21 17:41 416024 ----a-w- c:\windows\system32\igfxpers.exe

2011-10-21 17:41 . 2011-10-21 17:41 239896 ----a-w- c:\windows\system32\igfxext.exe

2011-10-21 17:41 . 2011-10-21 17:41 392472 ----a-w- c:\windows\system32\hkcmd.exe

2011-10-21 17:41 . 2011-10-21 17:41 4378392 ----a-w- c:\windows\system32\GfxUI.exe

2011-10-21 17:41 . 2011-10-21 17:41 184600 ----a-w- c:\windows\system32\difx64.exe

2011-10-21 17:36 . 2011-10-21 17:36 90112 ----a-w- c:\windows\system32\igfxCoIn_v2559.dll

2011-10-21 17:30 . 2011-10-21 17:30 8313856 ----a-w- c:\windows\system32\igdumd64.dll

2011-10-21 17:30 . 2011-10-21 17:30 12310112 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2011-10-21 17:25 . 2011-01-12 11:02 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll

2011-10-21 17:21 . 2011-01-12 11:02 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll

2011-10-21 17:19 . 2011-01-12 11:02 14592512 ----a-w- c:\windows\system32\igd10umd64.dll

2011-10-21 17:13 . 2011-10-21 17:13 12340224 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2011-10-21 17:08 . 2011-10-21 17:08 18651648 ----a-w- c:\windows\system32\ig4icd64.dll

2011-10-21 17:03 . 2011-10-21 17:03 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrrom.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrsky.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrslv.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrsve.lrc

2011-10-21 16:59 . 2011-10-21 16:59 285696 ----a-w- c:\windows\system32\igfxrtha.lrc

2011-10-21 16:59 . 2011-10-21 16:59 287232 ----a-w- c:\windows\system32\igfxresn.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrrus.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrptg.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrplk.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrptb.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrita.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrnor.lrc

2011-10-21 16:59 . 2011-10-21 16:59 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc

2011-10-21 16:59 . 2011-10-21 16:59 283136 ----a-w- c:\windows\system32\igfxrkor.lrc

2011-10-21 16:59 . 2011-10-21 16:59 287232 ----a-w- c:\windows\system32\igfxrell.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrhun.lrc

2011-10-21 16:59 . 2011-10-21 16:59 285184 ----a-w- c:\windows\system32\igfxrheb.lrc

2011-10-21 16:59 . 2011-10-21 16:59 287232 ----a-w- c:\windows\system32\igfxrfra.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrfin.lrc

2011-10-21 16:58 . 2011-10-21 16:58 286720 ----a-w- c:\windows\system32\igfxrnld.lrc

2011-10-21 16:58 . 2011-10-21 16:58 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc

2011-10-21 16:58 . 2011-10-21 16:58 285696 ----a-w- c:\windows\system32\igfxrdan.lrc

2011-10-21 16:58 . 2011-10-21 16:58 285184 ----a-w- c:\windows\system32\igfxrara.lrc

2011-10-21 16:58 . 2011-10-21 16:58 282624 ----a-w- c:\windows\system32\igfxrcht.lrc

2011-10-21 16:58 . 2011-10-21 16:58 282624 ----a-w- c:\windows\system32\igfxrchs.lrc

2011-10-21 16:58 . 2011-10-21 16:58 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2011-10-21 16:58 . 2011-10-21 16:58 375808 ----a-w- c:\windows\system32\igfxpph.dll

2011-10-21 16:58 . 2011-10-21 16:58 378368 ----a-w- c:\windows\system32\igfxTMM.dll

2011-10-21 16:58 . 2011-10-21 16:58 28672 ----a-w- c:\windows\system32\igfxexps.dll

2011-10-21 16:57 . 2011-01-12 11:02 62464 ----a-w- c:\windows\system32\igfxsrvc.dll

2011-10-21 16:57 . 2011-01-12 11:02 110080 ----a-w- c:\windows\system32\hccutils.dll

2011-10-21 16:57 . 2011-10-21 16:57 146432 ----a-w- c:\windows\system32\gfxSrvc.dll

2011-10-21 16:57 . 2011-10-21 16:57 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2011-10-21 16:57 . 2011-10-21 16:57 390144 ----a-w- c:\windows\system32\igfxdev.dll

2011-10-21 16:56 . 2011-10-21 16:56 285696 ----a-w- c:\windows\system32\igfxrenu.lrc

2011-10-21 16:56 . 2011-10-21 16:56 142336 ----a-w- c:\windows\system32\igfxdo.dll

2011-10-21 16:56 . 2011-01-12 11:02 9014784 ----a-w- c:\windows\system32\igfxress.dll

2011-10-21 16:52 . 2011-10-21 16:52 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2011-10-21 16:52 . 2011-10-21 16:52 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2011-10-21 16:50 . 2011-10-21 16:50 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll

2011-10-21 16:50 . 2011-10-21 16:50 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2011-10-21 16:50 . 2011-10-21 16:50 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll

2011-10-21 16:50 . 2011-10-21 16:50 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll

2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 549040]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-7-26 12862]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-7-26 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

2012-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-01-17 16:00:53

ComboFix-quarantined-files.txt 2012-01-17 16:00

.

Pre-Run: 89,887,817,728 bytes free

Post-Run: 89,613,586,432 bytes free

.

- - End Of File - - 3F0703FCDAC4A0C109B2D0F698E2AA91

[Starbuck]

Hi I4n

 

the homepage is still being hijacked by bearshare search.

Which browser is this?

 

Step 1

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:otl
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=102&systemid=2&sr=0&q={searchTerm s}

:commands
[emptytemp]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

 

Step 2

Close any open browsers.

Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

 

Open Notepad - it must be Notepad, not Wordpad.

Copy the text below in the code box by highlighting all the text and pressing Ctrl+C

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Go to the Notepad window and click Edit >> Paste

Then click File >> Save

Name the file "CFScript.txt" (including the quotes)

Save the file to your Desktop

 

The main ComboFix.exe program should be on your Desktop

Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon

as below.

http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/cf.gif

 

Now please wait for ComboFix to finish running.

 

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

 

 

In your next reply, please submit:

Otl fix report

Combofix.txt

 

 

Thanks.

[I4n]

Hi Starbuck,

My usual browser/frontpage is Chrome.

 

Logs here

All processes killed

========== OTL ==========

Unable to fix default_search_provider items.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Ian

->Temp folder emptied: 24235 bytes

->Temporary Internet Files folder emptied: 33488 bytes

->Google Chrome cache emptied: 7058067 bytes

->Flash cache emptied: 467 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 7.00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 01182012_201949

 

 

Files\Folders moved on Reboot...

C:\Users\Ian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

 

 

Registry entries deleted on Reboot...

 

 

ComboFix 12-01-17.01 - Ian 18/01/2012 20:01:51.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3884.2360 [GMT 0:00]

Running from: c:\users\Ian\Downloads\ComboFix.exe

Command switches used :: c:\users\Ian\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-12-18 to 2012-01-18 )))))))))))))))))))))))))))))))

.

.

2012-01-18 20:06 . 2012-01-18 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-18 19:32 . 2012-01-18 19:32 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E28047B-83C7-4130-82A7-5E97B8EC6D05}\offreg.dll

2012-01-17 15:04 . 2011-11-30 02:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3E28047B-83C7-4130-82A7-5E97B8EC6D05}\mpengine.dll

2012-01-12 17:52 . 2012-01-12 17:52 -------- d-----w- C:\_OTL

2012-01-12 14:00 . 2012-01-12 14:00 -------- d-----w- c:\programdata\PC Tools

2012-01-12 14:00 . 2012-01-12 14:00 -------- d-----w- c:\users\Ian\AppData\Roaming\TestApp

2012-01-12 12:54 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-12 12:54 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-12 12:54 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-12 12:54 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-12 12:54 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-12 12:54 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-12 12:54 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-12 12:54 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-11 19:22 . 2012-01-11 19:22 -------- d-----w- c:\users\Ian\AppData\Roaming\MusicNet

2012-01-11 19:22 . 2012-01-11 19:22 -------- d-----w- c:\programdata\1465

2012-01-11 19:21 . 2012-01-11 19:21 -------- d-----w- c:\users\Ian\AppData\Local\PackageAware

2012-01-11 17:52 . 2012-01-11 17:52 -------- d-----w- c:\program files (x86)\SigmaTel

2012-01-11 12:23 . 2012-01-11 12:23 -------- d-----w- c:\programdata\boost_interprocess

2012-01-02 17:45 . 2012-01-12 12:42 -------- d-----w- c:\users\Ian\AppData\Roaming\Skype

2012-01-02 17:45 . 2012-01-12 12:42 -------- d-----w- c:\program files (x86)\Skype

2012-01-02 17:44 . 2012-01-12 12:42 -------- d-----w- c:\programdata\Skype

2011-12-21 07:39 . 2011-12-21 07:39 -------- d-----w- c:\users\Ian\AppData\Roaming\SUPERAntiSpyware.com

2011-12-21 07:38 . 2011-12-21 07:39 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-12-21 07:38 . 2011-12-21 07:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-12-21 07:14 . 2011-11-15 14:29 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-12-21 07:02 . 2011-12-21 07:02 -------- d-----w- c:\users\Ian\AppData\Roaming\Malwarebytes

2011-12-21 07:02 . 2011-12-21 07:02 -------- d-----w- c:\programdata\Malwarebytes

2011-12-21 07:02 . 2012-01-12 12:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-21 07:02 . 2011-08-31 17:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-20 17:22 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-12-20 17:22 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-12-20 17:22 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-12-20 17:22 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-12-20 17:22 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-12-20 17:22 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-12-20 17:22 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-12-20 17:21 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2011-12-20 17:21 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-12-20 17:21 . 2011-12-20 17:21 -------- d-----w- c:\programdata\AVAST Software

2011-12-20 17:21 . 2011-12-20 17:21 -------- d-----w- c:\program files\AVAST Software

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-14 19:45 . 2011-12-14 19:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-01 13:58 . 2011-12-01 13:58 53248 ----a-r- c:\users\Ian\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

2011-11-24 04:52 . 2011-12-14 20:53 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 16:30 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-11-05 05:32 . 2011-12-14 20:53 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:26 . 2011-12-14 20:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-04 01:53 . 2011-12-14 20:53 2309120 ----a-w- c:\windows\system32\jscript9.dll

2011-11-04 01:44 . 2011-12-14 20:53 1390080 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 01:44 . 2011-12-14 20:53 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 01:34 . 2011-12-14 20:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-03 22:47 . 2011-12-14 20:53 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-11-03 22:40 . 2011-12-14 20:53 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-11-03 22:39 . 2011-12-14 20:53 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-03 22:31 . 2011-12-14 20:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-10-26 05:21 . 2011-12-14 20:53 43520 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-21 17:41 . 2011-10-21 17:41 510232 ----a-w- c:\windows\system32\igfxsrvc.exe

2011-10-21 17:41 . 2011-10-21 17:41 167704 ----a-w- c:\windows\system32\igfxtray.exe

2011-10-21 17:41 . 2011-10-21 17:41 416024 ----a-w- c:\windows\system32\igfxpers.exe

2011-10-21 17:41 . 2011-10-21 17:41 239896 ----a-w- c:\windows\system32\igfxext.exe

2011-10-21 17:41 . 2011-10-21 17:41 392472 ----a-w- c:\windows\system32\hkcmd.exe

2011-10-21 17:41 . 2011-10-21 17:41 4378392 ----a-w- c:\windows\system32\GfxUI.exe

2011-10-21 17:41 . 2011-10-21 17:41 184600 ----a-w- c:\windows\system32\difx64.exe

2011-10-21 17:36 . 2011-10-21 17:36 90112 ----a-w- c:\windows\system32\igfxCoIn_v2559.dll

2011-10-21 17:30 . 2011-10-21 17:30 8313856 ----a-w- c:\windows\system32\igdumd64.dll

2011-10-21 17:30 . 2011-10-21 17:30 12310112 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2011-10-21 17:25 . 2011-01-12 11:02 6323712 ----a-w- c:\windows\SysWow64\igdumd32.dll

2011-10-21 17:21 . 2011-01-12 11:02 581120 ----a-w- c:\windows\SysWow64\igdumdx32.dll

2011-10-21 17:19 . 2011-01-12 11:02 14592512 ----a-w- c:\windows\system32\igd10umd64.dll

2011-10-21 17:13 . 2011-10-21 17:13 12340224 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2011-10-21 17:08 . 2011-10-21 17:08 18651648 ----a-w- c:\windows\system32\ig4icd64.dll

2011-10-21 17:03 . 2011-10-21 17:03 13903872 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrrom.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrsky.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrhrv.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrslv.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrtrk.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrsve.lrc

2011-10-21 16:59 . 2011-10-21 16:59 285696 ----a-w- c:\windows\system32\igfxrtha.lrc

2011-10-21 16:59 . 2011-10-21 16:59 287232 ----a-w- c:\windows\system32\igfxresn.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrrus.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrptg.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrplk.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrptb.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrita.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrnor.lrc

2011-10-21 16:59 . 2011-10-21 16:59 283648 ----a-w- c:\windows\system32\igfxrjpn.lrc

2011-10-21 16:59 . 2011-10-21 16:59 283136 ----a-w- c:\windows\system32\igfxrkor.lrc

2011-10-21 16:59 . 2011-10-21 16:59 287232 ----a-w- c:\windows\system32\igfxrell.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrhun.lrc

2011-10-21 16:59 . 2011-10-21 16:59 285184 ----a-w- c:\windows\system32\igfxrheb.lrc

2011-10-21 16:59 . 2011-10-21 16:59 287232 ----a-w- c:\windows\system32\igfxrfra.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286720 ----a-w- c:\windows\system32\igfxrdeu.lrc

2011-10-21 16:59 . 2011-10-21 16:59 286208 ----a-w- c:\windows\system32\igfxrfin.lrc

2011-10-21 16:58 . 2011-10-21 16:58 286720 ----a-w- c:\windows\system32\igfxrnld.lrc

2011-10-21 16:58 . 2011-10-21 16:58 286720 ----a-w- c:\windows\system32\igfxrcsy.lrc

2011-10-21 16:58 . 2011-10-21 16:58 285696 ----a-w- c:\windows\system32\igfxrdan.lrc

2011-10-21 16:58 . 2011-10-21 16:58 285184 ----a-w- c:\windows\system32\igfxrara.lrc

2011-10-21 16:58 . 2011-10-21 16:58 282624 ----a-w- c:\windows\system32\igfxrcht.lrc

2011-10-21 16:58 . 2011-10-21 16:58 282624 ----a-w- c:\windows\system32\igfxrchs.lrc

2011-10-21 16:58 . 2011-10-21 16:58 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2011-10-21 16:58 . 2011-10-21 16:58 375808 ----a-w- c:\windows\system32\igfxpph.dll

2011-10-21 16:58 . 2011-10-21 16:58 378368 ----a-w- c:\windows\system32\igfxTMM.dll

2011-10-21 16:58 . 2011-10-21 16:58 28672 ----a-w- c:\windows\system32\igfxexps.dll

2011-10-21 16:57 . 2011-01-12 11:02 62464 ----a-w- c:\windows\system32\igfxsrvc.dll

2011-10-21 16:57 . 2011-01-12 11:02 110080 ----a-w- c:\windows\system32\hccutils.dll

2011-10-21 16:57 . 2011-10-21 16:57 146432 ----a-w- c:\windows\system32\gfxSrvc.dll

2011-10-21 16:57 . 2011-10-21 16:57 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2011-10-21 16:57 . 2011-10-21 16:57 390144 ----a-w- c:\windows\system32\igfxdev.dll

2011-10-21 16:56 . 2011-10-21 16:56 285696 ----a-w- c:\windows\system32\igfxrenu.lrc

2011-10-21 16:56 . 2011-10-21 16:56 142336 ----a-w- c:\windows\system32\igfxdo.dll

2011-10-21 16:56 . 2011-01-12 11:02 9014784 ----a-w- c:\windows\system32\igfxress.dll

2011-10-21 16:52 . 2011-10-21 16:52 24576 ----a-w- c:\windows\SysWow64\igfxexps32.dll

2011-10-21 16:52 . 2011-10-21 16:52 294400 ----a-w- c:\windows\SysWow64\igfxdv32.dll

2011-10-21 16:50 . 2011-10-21 16:50 2177536 ----a-w- c:\windows\system32\igfxcmjit64.dll

2011-10-21 16:50 . 2011-10-21 16:50 171520 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll

2011-10-21 16:50 . 2011-10-21 16:50 1663488 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll

2011-10-21 16:50 . 2011-10-21 16:50 148480 ----a-w- c:\windows\system32\igfxcmrt64.dll

2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll

2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-01-17_15.59.05 )))))))))))))))))))))))))))))))))))))))))

.

- 2012-01-16 21:00 . 2012-01-16 21:00 13294 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2012-01-18 19:29 . 2012-01-18 19:29 13294 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2009-07-14 04:54 . 2012-01-17 13:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-18 19:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-18 19:31 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-17 13:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-17 13:04 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-18 19:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-02-18 20:13 . 2012-01-18 19:31 38572 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-18 19:31 39838 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-11-17 18:25 . 2012-01-18 19:31 9112 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1319127176-484964024-1394049995-1000_UserData.bin

- 2012-01-17 12:53 . 2012-01-17 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-18 19:29 . 2012-01-18 19:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-18 19:29 . 2012-01-18 19:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-17 12:53 . 2012-01-17 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-07-26 22:26 . 2012-01-16 21:00 938256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-07-26 22:26 . 2012-01-18 19:29 938256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2012-01-16 21:00 230264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-01-18 19:29 230264 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-11-17 22:31 . 2012-01-18 19:29 1364552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1319127176-484964024-1394049995-1000-8192.dat

- 2011-11-17 22:31 . 2012-01-16 21:00 1364552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1319127176-484964024-1394049995-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 549040]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-7-26 12862]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-7-26 156952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 135664]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 02:33]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

.

.

Completion time: 2012-01-18 20:08:25

ComboFix-quarantined-files.txt 2012-01-18 20:08

ComboFix2.txt 2012-01-17 16:00

.

Pre-Run: 89,675,915,264 bytes free

Post-Run: 89,487,360,000 bytes free

.

- - End Of File - - 8F78E57B930F49E1A902539808FC8659

 

 

 

 

"Unable to fix default_search_provider items." Hmmmm I don't like the look of that !!!!!

[Starbuck]

Hi I4n

 

"Unable to fix default_search_provider items." Hmmmm I don't like the look of that !!!!!

Have you tried to manually reset the search provider?

 

http://support.google.com/chrome/bin/answer.py?hl=en&answer=95426

[I4n]

O.K, I couldn't delete the bearshare on the "open this page" option but changed it to the new tab option which gives me an alternative that suits me for now.

 

Bearshare is still in there but not making it's prescence felt this way.

 

I still have a seriously crocked Malwarebytes which I can't un-install as mentioned in post #9.

 

Any help with this issue would be greatly appreciated.

[Starbuck]

Hi I4n

 

I still have a seriously crocked Malwarebytes which I can't un-install as mentioned in post #9.

Try this then:

 

• Try to Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
  
• Restart your computer (very important).
  
• Download and run mbam clean
  
• It will ask to restart your computer (please allow it to).
  
• After the computer restarts, install the latest version from Malwarebytes Anti-Malware.
  

 

Let me know if there's any problems and we'll look into other things if necessary.

[I4n]

That fixed it, the new Mbam found 1 adware agent

 

C:\Users\Ian\Downloads\PDFReaderSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

 

I had enabled the P2P mark for removal option and done a full scan.

 

 

Starbuck, many many thanks for what you have done, if your ever in Essex, I owe you a beer or 3 !!!

 

I'll make a site donation come payday.

 

Keep up the good work, all the time there are guys as good as you then we can all keep our computers sweet. (I put a password on to keep my son off, bless him).

[Starbuck]

Hi I4n

 

That fixed it, the new Mbam found 1 adware agent

Sometimes it takes a bit longer, but we get there in the end.

Glad everything seems ok now.

 

There are a few things we should do to finish off the cleaning.

 

Step 1

Restart MBAM.

Click on the Quarantine tab

If there are items in quarantine.....

Make sure everything is selected and then click Delete All.

Close MBAM.

 

Step 2

Please uninstall ComboFix by

Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok

http://img.photobucket.com/albums/v708/starbuck50/new/cfu.png

 

This action will uninstall Combofix and also perform a few cleanup measures

 

 

Step 3

• Please double-click OTL.exe to run it.
  
• You should see a CleanUp! button, press that button,
   
  http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png
   
  
• This will cleanup an assortment of tools used during malware removal, plus itself

 

Note:

MBAM will not be removed

 

 

Step 4

Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

 

Click Start >> Computer >> System Properties >> System Protection.

Here you have a list of hard drives and partitions available in your computer - mostly just one. Select the drive that has "(System)" written after it and click Configure.

select Turn off system protection under Restore Settings and click Delete button.

Click Continue in confirmation window and click Close after the restore points have been deleted.

Then click OK to close properties for the drive.

 

Now reboot the system.

 

Follow the above procedure again, only this time click Restore system settings and previous Versions of files.

Then click OK.

 

Your System restore will now be active again... starting with a new restore point.

 

To find out how you may have been infected....read this topic:

How did i get infected?

 

Not all of the following information will be applicable to you, but it's still best to read it all.

 

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Use an AntiVirus Software
  
  • Avira AntiVir ... see note* ....installation guide Here
    
  • Avast free
    
  • MS Security Essentials ... see note** ... installation guide Here
    

   

  Note*:

  Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation.

   

  Note**:

  Upon installation MS Security Essentials will check that your OS is a legal copy.

   

  Only install one AntiVirus program

   

  [*]Update your AntiVirus Software regularly

   

  [*]Use a 3rd party Firewall

  • Online Armor Free
    
  • ZoneAlarm ...Important note below
    

  NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

   

  Only install one software Firewall

   

  Some 3rd party Firewalls will turn off the windows firewall when they are installed.

  It's always best to check that the Windows Firewall is turned off:

   

  How to turn off Windows Firewall:

  Start ... Control Panel ...click on 'Classic View'.

  now select Windows Firewall.

  When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok

   

  [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner:

  Installing another scanner that you can run once or twice a week is always beneficial.

  Something like:

  Malwarebytes Anti-Malware

  SUPERAntiSypware

  Remember to update these programs each time before running.

  You can install more than one of these if you only run them as stand alone programs.

   

  [*] Use an alternative browser:

  Some excellent alternatives to MS Internet Explorer are:

   

  Firefox

  For added security, add the NoScript extension to this browser:

  Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks

  also consider adding:

  WOT - Safe Browsing Tool

   

  Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.

  Btw: you don't have to make a contribution.

   

  Opera

   

  They offer better security, more stability, and better speed.

   

  [*]Keep a backup of your registry

  Keeping a regular backup of your registry will help when something goes wrong.

  Use a program like:

  Erunt

   

  A full tutorial on how to set up and use Erunt can be found here:

  Erunt tutorial

   

  [*]Keep your system clean of temp files etc, using a 'Cleaner':

  Cleaners are programs that will help to clean out your:

  Windows temp files

  Current user temp files

  Cookies

  Temporary Internet flies

  Browser history

  Recycle bin

  Etc.......

  In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.

  Programs like:

  TFC by OldTimer

  ATF Cleaner

   

  [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

   

  [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

   

  A tutorial on installing & using this product can be found here:

  Using and installing SpywareBlaster

   

  [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

 

Glad I was able to help.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif