Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Browser hijacked [Solved]

Started by Romeo , Nov 16 2012 11:46 PM

  • This topic is locked This topic is locked
20 replies to this topic

#1 Romeo

Romeo

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 16 November 2012 - 11:46 PM

My browser is being redirected. Please assist me in removing this most pesky issue. I have attached my hijackthis log. Your assistance in this matter is greatly appreciated. Attached File  hijackthislog.txt   10.22KB   285 downloads

    Advertisements

Register to Remove

#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 November 2012 - 01:36 AM

Hello Romeo,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice, this will be a team effort. This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Important Note for Vista and Windows 7 users:

These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

Please stay with this topic until I let you know that your system appears to be "All Clear"
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#3 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 November 2012 - 10:21 AM

Hi Romeo,

Download AdwCleaner to your desktop.

Right click and select "Run as Administrator".
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
Next

Download OTL to your desktop.

Right click and select "Run as Administrator".
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    DRIVES
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Next

Download aswMBR to your desktop.

Right click and select "Run as Administrator".
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the log file to your desktop.
Posted Image
Click the image to enlarge it

In your next post please provide the following:
  • AdwCleaner log
  • OTL.txt
  • Extras.txt
  • aswMBR log
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#4 Romeo

Romeo

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 17 November 2012 - 12:44 PM

Here are (most of) the logfiles requested. OTL did not create an Extras.txt nor was there an OTL folder in my C:\ drive. Attached File  AdwCleaner_S1_.txt   108.51KB   349 downloads Attached File  OTL.Txt   108.24KB   358 downloads Attached File  aswMBR.txt   1.91KB   245 downloads

#5 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 November 2012 - 12:24 AM

Hi Romeo,

Please do not attach logs to your unless specifically requested to do so. Kindly copy & paste them in your reply. I appreciate your cooperation. :)

= = = = = = = = = = = = = = = = = = = =

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next post please provide the following:
  • ComboFix.txt
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#6 Romeo

Romeo

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 18 November 2012 - 03:37 AM

My apologies. Here is the requested logfile. ComboFix 12-11-16.02 - romeoashe 11/18/2012 3:17.6.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2692 [GMT -6:00] Running from: c:\users\romeoashe\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 ))))))))))))))))))))))))))))))) . . 2012-11-18 09:34 . 2012-11-18 09:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-11-18 09:34 . 2012-11-18 09:34 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-18 09:34 . 2012-11-18 09:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-18 09:34 . 2012-11-18 09:34 -------- d-----w- c:\users\AppData\AppData\Local\temp 2012-11-18 03:19 . 2012-11-18 03:19 -------- d-----w- c:\program files (x86)\Applian Technologies 2012-11-18 03:15 . 2012-11-18 03:16 -------- d-----w- c:\program files (x86)\Freecorder extension 2012-11-18 03:14 . 2012-11-18 03:14 -------- d-----w- c:\programdata\Tarma Installer 2012-11-18 03:14 . 2012-11-18 09:13 -------- d-----w- c:\users\romeoashe\AppData\Local\Stronghold_LLC 2012-11-18 03:14 . 2012-11-18 03:14 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2012-11-18 03:14 . 2012-11-18 03:14 -------- d-----w- c:\programdata\Strongvault Online Backup 2012-11-18 03:14 . 2012-11-18 09:15 -------- d-----w- c:\users\romeoashe\AppData\Local\StrongVault 2012-11-18 03:14 . 2012-11-18 03:14 -------- d-----w- c:\program files (x86)\Strongvault Online Backup 2012-11-17 01:04 . 2012-11-17 04:15 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-17 00:07 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-16 21:38 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-16 21:38 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-16 21:38 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-16 03:59 . 2012-11-16 04:00 -------- d-----w- c:\users\romeoashe\AppData\Roaming\System 2012-11-03 18:56 . 2012-11-03 19:05 -------- d-----w- c:\users\romeoashe\Jamie 2012-11-03 02:24 . 2012-11-03 02:54 -------- d-----w- c:\users\romeoashe\AppData\Roaming\Nico Mak Computing 2012-11-03 02:24 . 2011-11-10 15:33 18760 ----a-w- c:\windows\system32\roboot64.exe 2012-11-03 02:24 . 2012-11-03 02:54 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-17 00:04 . 2010-02-12 09:04 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-14 18:06 . 2012-03-30 20:32 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-14 18:06 . 2011-05-16 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-09 02:02 . 2012-08-30 20:40 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-11-04 20:04 . 2011-06-10 01:30 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll 2012-10-06 17:54 . 2012-10-06 17:54 350208 ----a-w- c:\windows\system32\d3drm.dll 2012-09-14 19:19 . 2012-10-11 00:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-11 00:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-07 19:04 . 2012-09-07 19:04 359424 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe 2012-08-30 18:03 . 2012-10-11 00:10 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-11 00:10 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-11 00:10 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 20:43 . 2012-08-24 20:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-08-24 18:05 . 2012-10-11 00:10 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-11 00:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-12 00:07 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 00:07 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 00:07 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}] 2011-03-16 11:59 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}] 2012-10-14 00:43 364920 ----a-w- c:\program files (x86)\Freecorder extension\ScriptHost.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-03-16 81920] . [HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] . c:\users\romeoashe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ StrongVaultApp.exe [2012-9-7 359424] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736] R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664] R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-30 1025352] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-27 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-08 117520] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:06] . 2012-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000Core.job - c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 02:20] . 2012-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000UA.job - c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 02:20] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 17:38] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 17:38] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 FF - ProfilePath - c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p= FF - ExtSQL: 2012-10-04 10:57; TorrentHandler@TorrentHandler.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\TorrentHandler@TorrentHandler.com.xpi FF - ExtSQL: 2012-10-06 13:15; OneClickDownload@OneClickDownload.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\OneClickDownload@OneClickDownload.com FF - ExtSQL: 2012-11-17 21:15; addon@freecorder.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\addon@freecorder.com . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Toolbar-10 - (no file) Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-80437101.sys AddRemove-Freecorder 5.0 - c:\windows\Freecorder\uninstall.exe AddRemove-Freecorder4.02B - c:\windows\Freecorder\uninstall.exe AddRemove-Freecorder5.05 - c:\program files (x86)\Freecorder\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\09\06\18\10\1f4Ú" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-18 03:35:53 ComboFix-quarantined-files.txt 2012-11-18 09:35 ComboFix2.txt 2012-07-16 19:21 ComboFix3.txt 2012-07-16 06:39 ComboFix4.txt 2012-07-15 17:43 . Pre-Run: 229,935,042,560 bytes free Post-Run: 230,050,344,960 bytes free . - - End Of File - - 00D8FE1894B60088204FB65AC1B5223D

#7 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 November 2012 - 10:21 PM

Hi Romeo,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

File::
c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

Folder::
c:\program files (x86)\Freecorder extension
c:\program files (x86)\freecordertoolbar

Collect::
C:\Users\romeoashe\AppData\Local\AMD\Adobe\bgwkitdpx.dll

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"=-
[-HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe"=-

Driver::
AVG Security Toolbar Service
vToolbarUpdater13.2.0

FireFox::
FF - ProfilePath - c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\
FF - ExtSQL: 2012-11-17 21:15; addon@freecorder.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\addon@freecorder.com

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt for further review.


In your next post please provide the following:
  • ComboFix log
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#8 Romeo

Romeo

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 19 November 2012 - 05:01 PM

Done. And here is the requested logfile. ComboFix 12-11-16.02 - romeoashe 11/19/2012 1:52.8.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2864 [GMT -6:00] Running from: c:\users\romeoashe\Desktop\ComboFix.exe Command switches used :: c:\users\romeoashe\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe" "c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe c:\program files (x86)\Freecorder extension c:\program files (x86)\Freecorder extension\AddonsFramework.dll c:\program files (x86)\Freecorder extension\background.html c:\program files (x86)\Freecorder extension\ButtonSite.dll c:\program files (x86)\Freecorder extension\config.xml c:\program files (x86)\Freecorder extension\DefSearchService.exe c:\program files (x86)\Freecorder extension\Freecorder.crx c:\program files (x86)\Freecorder extension\icon.ico c:\program files (x86)\Freecorder extension\img\fc7_toolbar_icon-128.png c:\program files (x86)\Freecorder extension\img\fc7_toolbar_icon-16.png c:\program files (x86)\Freecorder extension\img\fc7_toolbar_icon-18.png c:\program files (x86)\Freecorder extension\img\fc7_toolbar_icon-48.png c:\program files (x86)\Freecorder extension\jquery-1.6.2.min.js c:\program files (x86)\Freecorder extension\js\bg.js c:\program files (x86)\Freecorder extension\js\content.js c:\program files (x86)\Freecorder extension\json2.min.js c:\program files (x86)\Freecorder extension\popup\arrow-dn.gif c:\program files (x86)\Freecorder extension\popup\images\clipper.png c:\program files (x86)\Freecorder extension\popup\images\convert.png c:\program files (x86)\Freecorder extension\popup\images\help.png c:\program files (x86)\Freecorder extension\popup\images\lock.png c:\program files (x86)\Freecorder extension\popup\images\logo-24.png c:\program files (x86)\Freecorder extension\popup\images\logo.png c:\program files (x86)\Freecorder extension\popup\images\mp3_editor.png c:\program files (x86)\Freecorder extension\popup\images\music.png c:\program files (x86)\Freecorder extension\popup\images\play-flv.png c:\program files (x86)\Freecorder extension\popup\images\play.png c:\program files (x86)\Freecorder extension\popup\images\radio.png c:\program files (x86)\Freecorder extension\popup\images\screen.png c:\program files (x86)\Freecorder extension\popup\images\search.png c:\program files (x86)\Freecorder extension\popup\images\triangle-1-s.png c:\program files (x86)\Freecorder extension\popup\images\tv.png c:\program files (x86)\Freecorder extension\popup\images\upgrade.png c:\program files (x86)\Freecorder extension\popup\images\upgrade2.png c:\program files (x86)\Freecorder extension\popup\images\vid-history.png c:\program files (x86)\Freecorder extension\popup\images\video-history.png c:\program files (x86)\Freecorder extension\popup\images\video.png c:\program files (x86)\Freecorder extension\popup\images\video_encryptor.png c:\program files (x86)\Freecorder extension\popup\images\vpl.png c:\program files (x86)\Freecorder extension\popup\images\youtube-square.png c:\program files (x86)\Freecorder extension\popup\images\youtube.png c:\program files (x86)\Freecorder extension\popup\jquery-1.7.2.min.js c:\program files (x86)\Freecorder extension\popup\popup.html c:\program files (x86)\Freecorder extension\popup\popup.js c:\program files (x86)\Freecorder extension\popup\style.css c:\program files (x86)\Freecorder extension\PropertySync.exe c:\program files (x86)\Freecorder extension\PropertySyncPS.dll c:\program files (x86)\Freecorder extension\RegistryHelper.dll c:\program files (x86)\Freecorder extension\ScriptHost.dll c:\program files (x86)\Freecorder extension\uninstall.exe c:\program files (x86)\Freecorder extension\UninstallChromeToolbar.exe c:\program files (x86)\Freecorder extension\UninstallFirefoxToolbar.exe c:\program files (x86)\Freecorder extension\updater.js c:\program files (x86)\Freecorder extension\updaterWrapper.js c:\program files (x86)\freecordertoolbar c:\program files (x86)\freecordertoolbar\chrome\content\lib\about.xml c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxpanel.xul c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxpanelwin.xul c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxprefwin.xul c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxtransparentwin.xul c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxwin.xul c:\program files (x86)\freecordertoolbar\chrome\content\lib\emailnotifierproviders.xml c:\program files (x86)\freecordertoolbar\chrome\content\lib\external.js c:\program files (x86)\freecordertoolbar\chrome\content\lib\neterror.xhtml c:\program files (x86)\freecordertoolbar\chrome\content\lib\nsDragAndDrop.js c:\program files (x86)\freecordertoolbar\chrome\content\lib\rsspreview.html c:\program files (x86)\freecordertoolbar\chrome\content\lib\rsswin.xml c:\program files (x86)\freecordertoolbar\chrome\content\lib\rsswin.xsl c:\program files (x86)\freecordertoolbar\chrome\content\lib\vmncode.js c:\program files (x86)\freecordertoolbar\chrome\content\lib\wmpstreamer.html c:\program files (x86)\freecordertoolbar\chrome\content\modules\datastore.jsm c:\program files (x86)\freecordertoolbar\chrome\content\neterror.xhtml c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\btn_search.gif c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\bullet.gif c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\field_bg.gif c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\powered_by_yahoo.gif c:\program files (x86)\freecordertoolbar\chrome\content\newtab\newtab.html c:\program files (x86)\freecordertoolbar\chrome\content\newtab\newtab_mystart.html c:\program files (x86)\freecordertoolbar\chrome\content\newtab\newtab_yahoo.html c:\program files (x86)\freecordertoolbar\chrome\content\preferences.xml c:\program files (x86)\freecordertoolbar\chrome\content\toolbar.htm c:\program files (x86)\freecordertoolbar\chrome\content\toolbar.xul c:\program files (x86)\freecordertoolbar\chrome\content\vmncode.js c:\program files (x86)\freecordertoolbar\chrome\content\vmnrsswin.xml c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\country.json c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\css\dialog.css c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\css\videoplayer.css c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\favorites.json c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\arrow-grey.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\arrows_grey-left.gif c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\arrows_grey-right.gif c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\back.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\btn-search-over.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\btn-search.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\delete.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb-disable.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb-down.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt-disable.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt-down.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\star-grey.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\star.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-arrow-hover.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-arrow.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-off-l.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-off-r.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-on-l.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-on-r.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-over-l.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-over-r.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-left.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-mdl.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-right.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-left.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-mdl.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-right.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\throbber.gif c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\vid-bg.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\index.html c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\function.js c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery-1.4.2.min.js c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.autocomplete.min.js c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.event.wheel.js c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.jlembed.js c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.scrollTo-min.js c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.url.js c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\JSON.js c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\main.js c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\videoplayer.js c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\videoplayer.html c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.js c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt c:\program files (x86)\freecordertoolbar\chrome\data\dynamicElements\vmntoolbar.xsl c:\program files (x86)\freecordertoolbar\chrome\data\product.xml c:\program files (x86)\freecordertoolbar\chrome\data\rss\rss.xml c:\program files (x86)\freecordertoolbar\chrome\data\search\engines.xml c:\program files (x86)\freecordertoolbar\chrome\data\search\search.xsl c:\program files (x86)\freecordertoolbar\chrome\data\weather\icons.xml c:\program files (x86)\freecordertoolbar\chrome\skin\1x1_png c:\program files (x86)\freecordertoolbar\chrome\skin\about.gif c:\program files (x86)\freecordertoolbar\chrome\skin\about_logo.png c:\program files (x86)\freecordertoolbar\chrome\skin\babylon_logo.png c:\program files (x86)\freecordertoolbar\chrome\skin\bluelite.gif c:\program files (x86)\freecordertoolbar\chrome\skin\bluesky.gif c:\program files (x86)\freecordertoolbar\chrome\skin\btn-search-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\btn-search.png c:\program files (x86)\freecordertoolbar\chrome\skin\btn-settings-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\btn-settings.png c:\program files (x86)\freecordertoolbar\chrome\skin\btn-widgets-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\btn-widgets.png c:\program files (x86)\freecordertoolbar\chrome\skin\btn_settings.png c:\program files (x86)\freecordertoolbar\chrome\skin\ca.png c:\program files (x86)\freecordertoolbar\chrome\skin\convert_png c:\program files (x86)\freecordertoolbar\chrome\skin\dictionary.png c:\program files (x86)\freecordertoolbar\chrome\skin\divider.png c:\program files (x86)\freecordertoolbar\chrome\skin\downloadcom.png c:\program files (x86)\freecordertoolbar\chrome\skin\dtxlogo.png c:\program files (x86)\freecordertoolbar\chrome\skin\email.png c:\program files (x86)\freecordertoolbar\chrome\skin\email_on.png c:\program files (x86)\freecordertoolbar\chrome\skin\facebook.png c:\program files (x86)\freecordertoolbar\chrome\skin\freecoder_small_Logo_png c:\program files (x86)\freecordertoolbar\chrome\skin\freecoder_small_Logo2_png c:\program files (x86)\freecordertoolbar\chrome\skin\freecoder_small_Logo3_png c:\program files (x86)\freecordertoolbar\chrome\skin\freecorder_logo5_small_png c:\program files (x86)\freecordertoolbar\chrome\skin\games.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphna.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphred0.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphred0_5.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphred1.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphred1_5.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphred2.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphred2_5.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphred3.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphred3_5.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphred4.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphred4_5.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphred5.png c:\program files (x86)\freecordertoolbar\chrome\skin\graphredna.png c:\program files (x86)\freecordertoolbar\chrome\skin\grey.gif c:\program files (x86)\freecordertoolbar\chrome\skin\ico-shield.png c:\program files (x86)\freecordertoolbar\chrome\skin\images.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\add.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\alexabutton.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\aol.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-dn.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-right-disabled.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-right.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-up.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-divider.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-end.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-mdl.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-mdl_ff.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-start.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-divider.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-end.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-mdl.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-start.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\blank.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btn-widgets-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btn-widgets.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btn_slider.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnback-down-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnback-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnleft-down-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnleft-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnright-down-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnright-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\button-splitter-down-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\button-splitter-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\button-splitter.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\checkmark.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\chevron.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\collapse.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\comcast.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\debugbar\debug.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\dtx-test.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\dtx.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\edit-back-hot.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\edit-back.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\embarq.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\expand.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\fast.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\found.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\gmail.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\gripper.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_blue.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_cyan.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_lime.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_magenta.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_yellow.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\hotmail.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\ico-check.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\imap.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\lastsearch-thumb-back.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\launchers.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\loadingMid.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\lock.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\logo-separator.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\mailcom.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menu_bg-basic.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menu_separator_bar.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menu_separator_white.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitem-splitter.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemback-down-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemback-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemleft-down-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemleft-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemleft.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemright-down-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemright-vista.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\minus.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\modify.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\move.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\movetarget.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\newsitem.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\panels.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupAbout.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupGames.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupRSS.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupWidgets.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\css\dialog.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\bg.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\btn-search.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\default.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\transparent.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-left.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-right.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\main.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\scripts\defscript.js c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\footer.htm c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gamecategory.xsl c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gameData.js c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gameList.xsl c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\games.xsl c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gametype.xsl c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-dn.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-sml.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-up.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bg-btnover.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-back.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-close-grey.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-drag.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-mdl.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-moredetails.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-next-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-next.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-play-left.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-previous-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-previous.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-right-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-try-left.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bullet-orange.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\gamethumb-on.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-calendar.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-dollar.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-download.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-joystick24.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-news24.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-play.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-tags.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-Add.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-download.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-Info.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-play.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-shop.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\menul-bgon.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\menul-bgover.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scroll-bg.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scroll-topwin.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb-disable.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb-down.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt-disable.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt-down.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\star_x_grey.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\star_x_orange.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-detailed-on.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-detailed-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-thumb-on.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-thumb-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\widgets.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\initHTML.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupGames.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupHTML.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupRSS.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupWidgets.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\scroll.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\plus.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\pop.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\css\manager.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\css\slider.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\bg-pnl.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\btn-close-grey.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\collapsed_button.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\expanded_button.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-playstation.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-radio.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\music-note.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-play.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-off.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options-design.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options-on.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-0.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-1.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-2.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-3.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\scrollbar-track.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\slider.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\slideron.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\track.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\managerpanel.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\volumeslider.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank0.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank0_5.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank1.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank1_5.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank2.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank2_5.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank3.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank3_5.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank4.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank4_5.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank5.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rankna.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\reload.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\remove.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rename.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\resize-box.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rss.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rsschannelback.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\RSSLogo.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rsstabdivider.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\scroll-left.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\scroll-right.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\search-go.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\search.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\separator.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\text-ellipsis.xml c:\program files (x86)\freecordertoolbar\chrome\skin\lib\throbber.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\toolbarsplitter.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\transparent_1px.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_02.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_03.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_04.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_06.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_07.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_08.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_09.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_10.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_11.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_12.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_13.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_14.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_15.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_16.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_18.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_19.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_20.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_21.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\btn-close-grey.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\btn-close-greyover.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\close-hot.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\close-normal.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\loadingMid.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\proxy.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\template.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\template.xml c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\templateFF.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\throbber.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\na.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\weather.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-highrisk.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-norating.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-verified-user.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-verified.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-verifying.gif c:\program files (x86)\freecordertoolbar\chrome\skin\lib\yahoo.png c:\program files (x86)\freecordertoolbar\chrome\skin\lichen.gif c:\program files (x86)\freecordertoolbar\chrome\skin\logo-about.png c:\program files (x86)\freecordertoolbar\chrome\skin\logo-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\logo-separator.png c:\program files (x86)\freecordertoolbar\chrome\skin\logo.png c:\program files (x86)\freecordertoolbar\chrome\skin\mail.png c:\program files (x86)\freecordertoolbar\chrome\skin\menuseparatorback.gif c:\program files (x86)\freecordertoolbar\chrome\skin\modify-save.png c:\program files (x86)\freecordertoolbar\chrome\skin\modify.png c:\program files (x86)\freecordertoolbar\chrome\skin\modifyhot.png c:\program files (x86)\freecordertoolbar\chrome\skin\music.png c:\program files (x86)\freecordertoolbar\chrome\skin\namespacetoolbar.css c:\program files (x86)\freecordertoolbar\chrome\skin\news.png c:\program files (x86)\freecordertoolbar\chrome\skin\options-main.png c:\program files (x86)\freecordertoolbar\chrome\skin\options-search.png c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-main.png c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-search.png c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-weather.gif c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-weather.png c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-widgets.png c:\program files (x86)\freecordertoolbar\chrome\skin\options_png c:\program files (x86)\freecordertoolbar\chrome\skin\orange.gif c:\program files (x86)\freecordertoolbar\chrome\skin\p_yahoo.png c:\program files (x86)\freecordertoolbar\chrome\skin\pixsy.png c:\program files (x86)\freecordertoolbar\chrome\skin\play_png c:\program files (x86)\freecordertoolbar\chrome\skin\ppcbully.png c:\program files (x86)\freecordertoolbar\chrome\skin\protect-id.png c:\program files (x86)\freecordertoolbar\chrome\skin\record_audio_png c:\program files (x86)\freecordertoolbar\chrome\skin\relatedlinks.png c:\program files (x86)\freecordertoolbar\chrome\skin\rss-collapse.png c:\program files (x86)\freecordertoolbar\chrome\skin\rss-delete.png c:\program files (x86)\freecordertoolbar\chrome\skin\rss-expand.png c:\program files (x86)\freecordertoolbar\chrome\skin\rss-feed.png c:\program files (x86)\freecordertoolbar\chrome\skin\rss-folder-remove.png c:\program files (x86)\freecordertoolbar\chrome\skin\rss-folder-rename.png c:\program files (x86)\freecordertoolbar\chrome\skin\rss-folder.png c:\program files (x86)\freecordertoolbar\chrome\skin\rss-found.png c:\program files (x86)\freecordertoolbar\chrome\skin\rss-reload.png c:\program files (x86)\freecordertoolbar\chrome\skin\rss-subscribe.png c:\program files (x86)\freecordertoolbar\chrome\skin\rss.png c:\program files (x86)\freecordertoolbar\chrome\skin\rssback.gif c:\program files (x86)\freecordertoolbar\chrome\skin\rsstopback.gif c:\program files (x86)\freecordertoolbar\chrome\skin\search-over.png c:\program files (x86)\freecordertoolbar\chrome\skin\search.png c:\program files (x86)\freecordertoolbar\chrome\skin\searchbar\searchbar-background-left.png c:\program files (x86)\freecordertoolbar\chrome\skin\searchbar\searchbar-background-middle.png c:\program files (x86)\freecordertoolbar\chrome\skin\searchbar\searchbar-background-right.png c:\program files (x86)\freecordertoolbar\chrome\skin\settings.png c:\program files (x86)\freecordertoolbar\chrome\skin\shopping.png c:\program files (x86)\freecordertoolbar\chrome\skin\siteinfo.png c:\program files (x86)\freecordertoolbar\chrome\skin\skin-bluelite.png c:\program files (x86)\freecordertoolbar\chrome\skin\skin-bluesky.png c:\program files (x86)\freecordertoolbar\chrome\skin\skin-grey.png c:\program files (x86)\freecordertoolbar\chrome\skin\skin-lichen.png c:\program files (x86)\freecordertoolbar\chrome\skin\skin-orange.png c:\program files (x86)\freecordertoolbar\chrome\skin\skin-yellow.png c:\program files (x86)\freecordertoolbar\chrome\skin\skin.xml c:\program files (x86)\freecordertoolbar\chrome\skin\technorati.png c:\program files (x86)\freecordertoolbar\chrome\skin\throbber.gif c:\program files (x86)\freecordertoolbar\chrome\skin\toolbarsplitter.png c:\program files (x86)\freecordertoolbar\chrome\skin\translate.png c:\program files (x86)\freecordertoolbar\chrome\skin\TRUSTe_about.png c:\program files (x86)\freecordertoolbar\chrome\skin\tv_png c:\program files (x86)\freecordertoolbar\chrome\skin\video_history_png c:\program files (x86)\freecordertoolbar\chrome\skin\vmn.css c:\program files (x86)\freecordertoolbar\chrome\skin\vmn.png c:\program files (x86)\freecordertoolbar\chrome\skin\web.png c:\program files (x86)\freecordertoolbar\chrome\skin\websearch.png c:\program files (x86)\freecordertoolbar\chrome\skin\wikipedia.png c:\program files (x86)\freecordertoolbar\chrome\skin\yahoosearch.png c:\program files (x86)\freecordertoolbar\chrome\skin\yellow.gif c:\program files (x86)\freecordertoolbar\chrome\skin\youtube.png c:\program files (x86)\freecordertoolbar\chrome\skin\youtube_png c:\program files (x86)\freecordertoolbar\chrome\skin\zoom.png c:\program files (x86)\freecordertoolbar\components\windowmediator.js c:\program files (x86)\freecordertoolbar\install.ico c:\program files (x86)\freecordertoolbar\manifest.xml c:\program files (x86)\freecordertoolbar\partner.xml c:\program files (x86)\freecordertoolbar\uninstall.exe c:\program files (x86)\freecordertoolbar\vmntemplate.dll c:\program files (x86)\freecordertoolbar\vmntemplateX.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_AVG Security Toolbar Service -------\Service_vToolbarUpdater13.2.0 . . ((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 ))))))))))))))))))))))))))))))) . . 2012-11-19 07:56 . 2012-11-19 07:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-11-19 07:56 . 2012-11-19 07:56 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-11-19 07:56 . 2012-11-19 07:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-19 07:56 . 2012-11-19 07:56 -------- d-----w- c:\users\AppData\AppData\Local\temp 2012-11-18 03:19 . 2012-11-18 03:19 -------- d-----w- c:\program files (x86)\Applian Technologies 2012-11-18 03:14 . 2012-11-18 03:14 -------- d-----w- c:\programdata\Tarma Installer 2012-11-18 03:14 . 2012-11-18 09:13 -------- d-----w- c:\users\romeoashe\AppData\Local\Stronghold_LLC 2012-11-18 03:14 . 2012-11-18 03:14 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2012-11-18 03:14 . 2012-11-18 03:14 -------- d-----w- c:\programdata\Strongvault Online Backup 2012-11-18 03:14 . 2012-11-19 07:50 -------- d-----w- c:\users\romeoashe\AppData\Local\StrongVault 2012-11-18 03:14 . 2012-11-18 03:14 -------- d-----w- c:\program files (x86)\Strongvault Online Backup 2012-11-17 01:04 . 2012-11-17 04:15 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-17 00:07 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-11-16 21:38 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-16 21:38 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-16 21:38 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-16 03:59 . 2012-11-16 04:00 -------- d-----w- c:\users\romeoashe\AppData\Roaming\System 2012-11-03 18:56 . 2012-11-03 19:05 -------- d-----w- c:\users\romeoashe\Jamie 2012-11-03 02:24 . 2012-11-03 02:54 -------- d-----w- c:\users\romeoashe\AppData\Roaming\Nico Mak Computing 2012-11-03 02:24 . 2011-11-10 15:33 18760 ----a-w- c:\windows\system32\roboot64.exe 2012-11-03 02:24 . 2012-11-03 02:54 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-17 00:04 . 2010-02-12 09:04 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-14 18:06 . 2012-03-30 20:32 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-14 18:06 . 2011-05-16 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-09 02:02 . 2012-08-30 20:40 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-11-04 20:04 . 2011-06-10 01:30 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll 2012-10-06 17:54 . 2012-10-06 17:54 350208 ----a-w- c:\windows\system32\d3drm.dll 2012-09-14 19:19 . 2012-10-11 00:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-11 00:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-07 19:04 . 2012-09-07 19:04 359424 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe 2012-08-30 18:03 . 2012-10-11 00:10 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-11 00:10 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-11 00:10 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 20:43 . 2012-08-24 20:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-08-24 18:05 . 2012-10-11 00:10 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-11 00:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-12 00:07 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-12 00:07 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 00:07 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] . c:\users\romeoashe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ StrongVaultApp.exe [2012-9-7 359424] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664] R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568] S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-27 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-08 117520] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:06] . 2012-11-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000Core.job - c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 02:20] . 2012-11-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000UA.job - c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 02:20] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 17:38] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 17:38] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 FF - ProfilePath - c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p= FF - ExtSQL: 2012-10-04 10:57; TorrentHandler@TorrentHandler.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\TorrentHandler@TorrentHandler.com.xpi FF - ExtSQL: 2012-10-06 13:15; OneClickDownload@OneClickDownload.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\OneClickDownload@OneClickDownload.com FF - ExtSQL: 2012-11-17 21:15; addon@freecorder.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\addon@freecorder.com . - - - - ORPHANS REMOVED - - - - . BHO-{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files (x86)\freecordertoolbar\vmntemplateX.dll BHO-{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - c:\program files (x86)\Freecorder extension\ScriptHost.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Toolbar-10 - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Freecorder 5.0 - c:\windows\Freecorder\uninstall.exe AddRemove-Freecorder extension - c:\program files (x86)\Freecorder extension\uninstall.exe AddRemove-Freecorder extension for Chrome - c:\program files (x86)\Freecorder extension\UninstallChromeToolbar.exe AddRemove-Freecorder extension for Firefox - c:\program files (x86)\Freecorder extension\UninstallFirefoxToolbar.exe AddRemove-Freecorder4.02B - c:\windows\Freecorder\uninstall.exe AddRemove-Freecorder5.05 - c:\program files (x86)\Freecorder\uninstall.exe AddRemove-freecordertoolbar - c:\program files (x86)\freecordertoolbar\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\09\06\18\10\1f4Ú" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-19 02:01:44 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-19 08:01 ComboFix2.txt 2012-11-18 09:35 ComboFix3.txt 2012-07-16 19:21 ComboFix4.txt 2012-07-16 06:39 ComboFix5.txt 2012-11-19 07:07 . Pre-Run: 228,893,515,776 bytes free Post-Run: 228,571,881,472 bytes free . - - End Of File - - 7C185D5851FC5FC9D19ADEB3055238D6

#9 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 November 2012 - 09:15 PM

Hi Romeo,

These steps require all browser windows to be closed in order for the items to be fixed completely.

= = = = = = = = = = = = = = = = = = = =

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

http://forums.whatthetech.com/index.php?showtopic=124878

Collect::
C:\Users\romeoashe\AppData\Local\AMD\Adobe\bgwkitdpx.dll

FF - ProfilePath - c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\
FF - ExtSQL: 2012-11-17 21:15; addon@freecorder.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\addon@freecorder.com

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt for further review.

Next

Re-run OTL (it should be located on your desktop).

Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
In your next post please provide the following:
  • ComboFix.txt
  • OTL.txt
  • How is the computer running?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#10 Romeo

Romeo

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 21 November 2012 - 07:31 PM

ComboFix 12-11-21.01 - romeoashe 11/21/2012 18:50:33.9.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2834 [GMT -6:00]
Running from: c:\users\romeoashe\Desktop\ComboFix.exe
Command switches used :: c:\users\romeoashe\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))))
.
.
2012-11-22 00:55 . 2012-11-22 00:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-22 00:55 . 2012-11-22 00:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-22 00:55 . 2012-11-22 00:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-22 00:55 . 2012-11-22 00:55 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-11-18 03:19 . 2012-11-18 03:19 -------- d-----w- c:\program files (x86)\Applian Technologies
2012-11-18 03:14 . 2012-11-18 03:14 -------- d-----w- c:\programdata\Tarma Installer
2012-11-18 03:14 . 2012-11-18 09:13 -------- d-----w- c:\users\romeoashe\AppData\Local\Stronghold_LLC
2012-11-18 03:14 . 2012-11-18 03:14 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-11-18 03:14 . 2012-11-18 03:14 -------- d-----w- c:\programdata\Strongvault Online Backup
2012-11-18 03:14 . 2012-11-22 00:48 -------- d-----w- c:\users\romeoashe\AppData\Local\StrongVault
2012-11-18 03:14 . 2012-11-18 03:14 -------- d-----w- c:\program files (x86)\Strongvault Online Backup
2012-11-17 01:04 . 2012-11-17 04:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-17 00:07 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-16 21:38 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 21:38 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 21:38 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 03:59 . 2012-11-16 04:00 -------- d-----w- c:\users\romeoashe\AppData\Roaming\System
2012-11-03 18:56 . 2012-11-03 19:05 -------- d-----w- c:\users\romeoashe\Jamie
2012-11-03 02:24 . 2012-11-03 02:54 -------- d-----w- c:\users\romeoashe\AppData\Roaming\Nico Mak Computing
2012-11-03 02:24 . 2011-11-10 15:33 18760 ----a-w- c:\windows\system32\roboot64.exe
2012-11-03 02:24 . 2012-11-03 02:54 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 00:04 . 2010-02-12 09:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-14 18:06 . 2012-03-30 20:32 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 18:06 . 2011-05-16 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-09 02:02 . 2012-08-30 20:40 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-04 20:04 . 2011-06-10 01:30 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-10-06 17:54 . 2012-10-06 17:54 350208 ----a-w- c:\windows\system32\d3drm.dll
2012-09-14 19:19 . 2012-10-11 00:10 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-11 00:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-07 19:04 . 2012-09-07 19:04 359424 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
2012-08-30 18:03 . 2012-10-11 00:10 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-11 00:10 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-11 00:10 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 20:43 . 2012-08-24 20:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-24 18:05 . 2012-10-11 00:10 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-11 00:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
c:\program files (x86)\freecordertoolbar\vmntemplateX.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}]
c:\program files (x86)\Freecorder extension\ScriptHost.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\users\romeoashe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
StrongVaultApp.exe [2012-9-7 359424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-27 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-08 117520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:06]
.
2012-11-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000Core.job
- c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 02:20]
.
2012-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000UA.job
- c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 02:20]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 17:38]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 17:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
FF - ProfilePath - c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - ExtSQL: 2012-10-04 10:57; TorrentHandler@TorrentHandler.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\TorrentHandler@TorrentHandler.com.xpi
FF - ExtSQL: 2012-10-06 13:15; OneClickDownload@OneClickDownload.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\OneClickDownload@OneClickDownload.com
FF - ExtSQL: 2012-11-17 21:15; addon@freecorder.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\addon@freecorder.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Freecorder 5.0 - c:\windows\Freecorder\uninstall.exe
AddRemove-Freecorder extension - c:\program files (x86)\Freecorder extension\uninstall.exe
AddRemove-Freecorder extension for Chrome - c:\program files (x86)\Freecorder extension\UninstallChromeToolbar.exe
AddRemove-Freecorder extension for Firefox - c:\program files (x86)\Freecorder extension\UninstallFirefoxToolbar.exe
AddRemove-Freecorder4.02B - c:\windows\Freecorder\uninstall.exe
AddRemove-Freecorder5.05 - c:\program files (x86)\Freecorder\uninstall.exe
AddRemove-freecordertoolbar - c:\program files (x86)\freecordertoolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\06\18\10\1f4Ú"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-21 19:00:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-22 01:00
ComboFix2.txt 2012-11-19 08:01
ComboFix3.txt 2012-11-18 09:35
ComboFix4.txt 2012-07-16 19:21
ComboFix5.txt 2012-11-22 00:48
.
Pre-Run: 226,483,240,960 bytes free
Post-Run: 232,895,721,472 bytes free
.
- - End Of File - - EA532AD1B706EDB695C2FE8CE96DB1A4

And the OTL log:

OTL logfile created on: 11/21/2012 7:20:18 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\romeoashe\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 71.73% Memory free
8.00 Gb Paging File | 6.78 Gb Available in Paging File | 84.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 217.00 Gb Free Space | 31.07% Space Free | Partition Type: NTFS
Drive E: | 650.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 575.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROMEO-PC | User Name: romeoashe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\romeoashe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\zlib.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\CrashRpt.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\DockShellHook.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nosGetPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (GFI Software)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{095DE46B-2FF1-7C93-8A70-352BAEC12404}: "URL" = http://www.searchqu....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 4B 68 94 D8 63 CD 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{095DE46B-2FF1-7C93-8A70-352BAEC12404}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKCU\..\SearchScopes\{0D6CBECC-85EF-4BD6-BD4B-55B9C200E869}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: ytvdw@pgport.com:1.1.10
FF - prefs.js..extensions.enabledAddons: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}:5.0.0.0
FF - prefs.js..extensions.enabledAddons: addon@freecorder.com:7.0.0.7
FF - prefs.js..extensions.enabledAddons: {003e1c8f-ebd6-f074-7551-4b31c0f547ec}:1.300.433
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.260.0
FF - prefs.js..extensions.enabledItems: btpersonas@brandthunder.com:1.0.7.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..extensions.enabledItems: {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}:5.0.0.0
FF - prefs.js..extensions.enabledItems: ytvdw@pgport.com:1.1.4
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\romeoashe\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/10 16:52:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/24 18:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 14:22:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/14 00:18:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 14:22:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/14 00:18:46 | 000,000,000 | ---D | M]

[2011/11/03 08:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Extensions
[2012/11/20 19:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions
[2011/04/12 10:17:54 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}
[2011/02/24 16:15:22 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/11/17 21:15:52 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\addon@freecorder.com
[2011/05/12 17:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\nostmp
[2012/10/06 16:27:38 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\OneClickDownload@OneClickDownload.com
[1636/08/31 17:22:20 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\fgqopuuudj@fgqopuuudj.org.xpi
[2012/11/13 18:08:14 | 000,202,367 | ---- | M] () (No name found) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\TorrentHandler@TorrentHandler.com.xpi
[2011/10/29 11:59:44 | 000,061,854 | ---- | M] () (No name found) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\ytvdw@pgport.com.xpi
[2012/11/20 19:18:43 | 000,555,630 | ---- | M] () (No name found) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\{003e1c8f-ebd6-f074-7551-4b31c0f547ec}.xpi
[2012/10/27 14:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 14:22:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/27 14:22:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 12:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/08/30 21:19:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 01:48:31 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: {_signature:bj+nNbgQFf4tLmbXAkjB7L1LmLpobQkiI0LCKZPP1tI=,_version:3,browser:{sho
w_home_button:false},extensions:{ids:[ahfgeienlihckogmohjhadlkjgocpleb,cjpglkicen
ollcignonpgiafdgfeehoj,fdloijijlkoblmigdofommgnheckmaki,jmfkcklnlgedgbglfkkgedjfm
ejoahla,jpnbdefcbnoefmmcpelplabbkfmfhlho,lifbcibllhkdhoafpjfnlhfpfgnpldfl,ndibdjn
fmopecpmkdieinmbadjfpblof,nneajnkjbffgblleaoojgaacokifdkhm]},homepage:http://www.google.com/favicon.ico
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch

O1 HOSTS File: ([2012/11/21 18:57:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\romeoashe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3735079-E34F-4129-92E3-5A3A7E1A1394}: DhcpNameServer = 208.180.42.68 208.180.42.100
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/19 08:47:13 | 000,467,456 | R--- | M] (Obsidian Entertainment, Inc.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/01/19 08:47:13 | 000,000,715 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/01/19 08:47:24 | 000,467,456 | R--- | M] (Obsidian Entertainment, Inc.) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/01/19 08:47:24 | 000,000,715 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/21 19:00:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/21 18:57:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/18 03:14:41 | 005,004,435 | R--- | C] (Swearware) -- C:\Users\romeoashe\Desktop\ComboFix.exe
[2012/11/17 21:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
[2012/11/17 21:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/11/17 21:14:26 | 000,000,000 | ---D | C] -- C:\Users\romeoashe\AppData\Local\Stronghold_LLC
[2012/11/17 21:14:08 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012/11/17 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2012/11/17 21:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup
[2012/11/17 21:14:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strongvault Online Backup
[2012/11/17 21:14:01 | 000,000,000 | ---D | C] -- C:\Users\romeoashe\AppData\Local\StrongVault
[2012/11/17 12:04:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\romeoashe\Desktop\aswMBR.exe
[2012/11/17 12:04:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\romeoashe\Desktop\OTL.exe
[2012/11/16 19:04:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/16 18:08:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/16 18:08:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/16 18:08:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/16 18:08:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/16 18:08:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/16 18:08:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/16 18:08:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/16 18:08:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/16 18:08:14 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/16 18:08:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/16 18:08:13 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/16 18:08:13 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/16 18:08:11 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/16 18:08:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/16 18:08:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/16 15:38:20 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/16 15:38:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/15 21:59:54 | 000,000,000 | ---D | C] -- C:\Users\romeoashe\AppData\Roaming\System
[2012/11/14 00:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/11/03 12:56:23 | 000,000,000 | ---D | C] -- C:\Users\romeoashe\Jamie
[2012/11/02 20:24:24 | 000,000,000 | ---D | C] -- C:\Users\romeoashe\AppData\Roaming\Nico Mak Computing
[2012/11/02 20:24:21 | 000,018,760 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe
[2012/11/02 20:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Registry Optimizer
[2012/10/27 14:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/21 19:18:47 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/21 19:18:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/21 19:18:43 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/21 19:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/21 19:04:36 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/21 19:04:36 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/21 19:02:46 | 100,892,136 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/11/21 19:01:14 | 009,036,266 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/21 19:01:14 | 002,959,298 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/21 19:01:14 | 000,004,750 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/21 18:57:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/21 18:48:37 | 005,004,435 | R--- | M] (Swearware) -- C:\Users\romeoashe\Desktop\ComboFix.exe
[2012/11/21 18:25:05 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000UA.job
[2012/11/21 17:57:10 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/20 17:34:26 | 000,487,294 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/11/19 21:25:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000Core.job
[2012/11/17 21:14:03 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Shortcut to Strongvault.exe.lnk
[2012/11/17 21:11:12 | 000,734,584 | ---- | M] () -- C:\Users\romeoashe\Desktop\freecorder7-setup.exe
[2012/11/17 12:41:52 | 000,000,512 | ---- | M] () -- C:\Users\romeoashe\Desktop\MBR.dat
[2012/11/17 12:05:17 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\romeoashe\Desktop\aswMBR.exe
[2012/11/17 12:04:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\romeoashe\Desktop\OTL.exe
[2012/11/17 12:04:28 | 000,541,569 | ---- | M] () -- C:\Users\romeoashe\Desktop\adwcleaner.exe
[2012/11/17 12:01:26 | 451,040,138 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/16 21:01:43 | 000,002,939 | ---- | M] () -- C:\scu.dat
[2012/11/16 19:52:26 | 000,275,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/16 18:06:51 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/11/14 12:19:37 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2012/11/14 12:13:01 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2012/11/14 12:12:16 | 000,000,047 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.FRE
[2012/11/14 12:06:33 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/14 12:06:33 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/14 00:18:47 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/11/08 20:02:35 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/11/04 14:04:51 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/11/02 20:23:46 | 000,001,852 | ---- | M] () -- C:\Users\romeoashe\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/11/02 20:23:46 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/17 21:14:03 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Shortcut to Strongvault.exe.lnk
[2012/11/17 21:11:10 | 000,734,584 | ---- | C] () -- C:\Users\romeoashe\Desktop\freecorder7-setup.exe
[2012/11/17 12:41:52 | 000,000,512 | ---- | C] () -- C:\Users\romeoashe\Desktop\MBR.dat
[2012/11/17 12:04:27 | 000,541,569 | ---- | C] () -- C:\Users\romeoashe\Desktop\adwcleaner.exe
[2012/11/17 12:01:26 | 451,040,138 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/11/16 20:35:20 | 000,002,939 | ---- | C] () -- C:\scu.dat
[2012/11/16 18:06:51 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/11/14 12:15:17 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2012/11/14 00:18:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/11/14 00:18:15 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/22 16:38:27 | 000,000,218 | ---- | C] () -- C:\Users\romeoashe\.recently-used.xbel
[2012/07/16 22:57:02 | 000,027,520 | ---- | C] () -- C:\Users\romeoashe\AppData\Local\dt.dat
[2012/07/15 11:15:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/15 11:15:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/15 11:15:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/15 11:15:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/15 11:15:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/24 20:25:11 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/11/10 22:29:34 | 000,000,656 | ---- | C] () -- C:\Users\romeoashe\Romeo.lnk
[2011/10/29 12:00:11 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/10/29 11:47:56 | 000,003,584 | ---- | C] () -- C:\Users\romeoashe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/07 21:14:26 | 000,109,784 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/22 17:21:46 | 000,007,616 | ---- | C] () -- C:\Users\romeoashe\AppData\Local\resmon.resmoncfg
[2011/06/09 19:30:30 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/03/18 12:51:18 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/12/20 20:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/06/24 13:41:11 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/01 05:21:51 | 000,000,000 | ---- | C] () -- C:\Users\romeoashe\AppData\Local\prvlcl.dat
[2010/02/24 14:02:50 | 000,001,825 | ---- | C] () -- C:\Users\romeoashe\.gtkrc-2.0

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/08/02 13:16:18 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\AnvSoft
[2011/09/25 11:34:05 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\AVG2012
[2012/11/03 00:10:56 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Azureus
[2011/01/17 19:28:51 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Big Fish Games
[2011/01/16 16:02:36 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Boomzap
[2010/02/11 21:14:50 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\CheckPoint
[2012/08/04 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Coby
[2012/08/04 14:45:30 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Coby Media Manager
[2011/07/29 20:16:48 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Command and Conquer 4
[2010/03/19 18:31:26 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\DAEMON Tools Pro
[2010/02/24 15:52:35 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\devede
[2010/06/22 22:54:36 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\EurekaLog
[2012/11/02 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\FreeBurner
[2011/01/16 15:08:52 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Ghost Ship Studios
[2012/07/22 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\gtk-2.0
[2010/02/24 16:08:15 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\ImgBurn
[2011/01/12 22:01:20 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\LolClient
[2012/05/23 15:54:39 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\LolClient2
[2012/03/24 18:49:58 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\MotioninJoy
[2012/02/23 17:49:17 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\My Battle for Middle-earth™ II Files
[2010/06/28 01:35:05 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\My Games
[2012/11/02 20:54:30 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Nico Mak Computing
[2012/03/24 18:39:11 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Opera
[2011/01/20 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Orneon
[2010/06/24 14:41:30 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Philips
[2011/03/18 12:58:57 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Stardock
[2012/11/15 22:00:19 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\System
[2010/06/29 19:09:14 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\TP
[2010/06/28 01:34:11 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\uTorrent
[2010/02/11 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\Win7codecs
[2010/07/13 11:06:14 | 000,000,000 | ---D | M] -- C:\Users\romeoashe\AppData\Roaming\WinAVI

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:AECF4772
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Firefox is still getting redirected. Also of note, it continually advises me that it is not my default browser (despite my attempts to make it contrary.)

    Advertisements

Register to Remove

#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 22 November 2012 - 07:15 AM

Hi Romeo,
  • Can you confirm that you are closing all browsers prior to running the CF script?
  • Also, reboot after running the CF script.
= = = = = = = = = = = = = = = = = = = =

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

KILLALL::

Firefox::
FF - ProfilePath - c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\
FF - ExtSQL: 2012-11-17 21:15; addon@freecorder.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\addon@freecorder.com

File::
C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\addon@freecorder.com
C:\Users\romeoashe\Desktop\freecorder7-setup.exe

Folder::
c:\program files (x86)\freecordertoolbar
c:\program files (x86)\Freecorder extension

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"{095DE46B-2FF1-7C93-8A70-352BAEC12404}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\SearchScopes]
"{095DE46B-2FF1-7C93-8A70-352BAEC12404}"=-

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt for further review.

Next

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
In your next post please provide the following:
  • Answer to the questions presented
  • ComboFix.txt
  • JRT.txt
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#12 Romeo

Romeo

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 22 November 2012 - 07:05 PM

ComboFix 12-11-22.03 - romeoashe 11/22/2012 18:38:46.10.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2625 [GMT -6:00]
Running from: c:\users\romeoashe\Desktop\ComboFix.exe
Command switches used :: c:\users\romeoashe\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\addon@freecorder.com"
"c:\users\romeoashe\Desktop\freecorder7-setup.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2012-11-23 00:44 . 2012-11-23 00:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-23 00:44 . 2012-11-23 00:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-23 00:44 . 2012-11-23 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-23 00:44 . 2012-11-23 00:44 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-11-22 06:34 . 2012-11-22 06:38 -------- d-----w- c:\users\romeoashe\AppData\Roaming\Mumble
2012-11-22 06:33 . 2012-11-22 06:33 -------- d-----w- c:\program files (x86)\Mumble
2012-11-22 06:32 . 2012-11-22 06:32 -------- d-----w- C:\AI_RecycleBin
2012-11-18 03:19 . 2012-11-18 03:19 -------- d-----w- c:\program files (x86)\Applian Technologies
2012-11-18 03:14 . 2012-11-22 06:33 -------- d-----w- c:\programdata\Tarma Installer
2012-11-18 03:14 . 2012-11-18 09:13 -------- d-----w- c:\users\romeoashe\AppData\Local\Stronghold_LLC
2012-11-18 03:14 . 2012-11-22 06:32 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-11-17 01:04 . 2012-11-17 04:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-17 00:07 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-16 21:38 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 21:38 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 21:38 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 03:59 . 2012-11-16 04:00 -------- d-----w- c:\users\romeoashe\AppData\Roaming\System
2012-11-03 18:56 . 2012-11-03 19:05 -------- d-----w- c:\users\romeoashe\Jamie
2012-11-03 02:24 . 2012-11-03 02:54 -------- d-----w- c:\users\romeoashe\AppData\Roaming\Nico Mak Computing
2012-11-03 02:24 . 2011-11-10 15:33 18760 ----a-w- c:\windows\system32\roboot64.exe
2012-11-03 02:24 . 2012-11-03 02:54 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 00:04 . 2010-02-12 09:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-14 18:06 . 2012-03-30 20:32 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 18:06 . 2011-05-16 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-09 02:02 . 2012-08-30 20:40 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-04 20:04 . 2011-06-10 01:30 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-10-06 17:54 . 2012-10-06 17:54 350208 ----a-w- c:\windows\system32\d3drm.dll
2012-09-14 19:19 . 2012-10-11 00:10 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-11 00:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-30 18:03 . 2012-10-11 00:10 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-11 00:10 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-11 00:10 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
c:\program files (x86)\freecordertoolbar\vmntemplateX.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}]
c:\program files (x86)\Freecorder extension\ScriptHost.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\users\romeoashe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-27 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-08 117520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:06]
.
2012-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000Core.job
- c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 02:20]
.
2012-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000UA.job
- c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 02:20]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 17:38]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 17:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
mStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
FF - ProfilePath - c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\
FF - prefs.js: browser.search.selectedEngine - Funmoods
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p=
FF - ExtSQL: 2012-10-04 10:57; TorrentHandler@TorrentHandler.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\TorrentHandler@TorrentHandler.com.xpi
FF - ExtSQL: 2012-10-06 13:15; OneClickDownload@OneClickDownload.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\OneClickDownload@OneClickDownload.com
FF - ExtSQL: 2012-11-17 21:15; addon@freecorder.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\addon@freecorder.com
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=aln&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtCyD0D0A0CyB0CyCtC0CtN0D0Tzu0CtAtByCtN1L2Xzut
BtFtBtFtDtFtAyEyE&cr=1023681074
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=aln&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtCyD0D0A0CyB0CyCtC0CtN0D0Tzu0CtAtByCtN1L2Xzut
BtFtBtFtDtFtAyEyE&cr=1023681074
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=aln&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtCyD0D0A0CyB0CyCtC0CtN0D0Tzu0CtAtByCtN1L2Xzut
BtFtBtFtDtFtAyEyE&cr=1023681074&q=
FF - user.js: extensions.funmoods.id - 00306715DAC7C61C
FF - user.js: extensions.funmoods.instlDay - 15666
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.220:30
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - aln
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Freecorder 5.0 - c:\windows\Freecorder\uninstall.exe
AddRemove-Freecorder extension - c:\program files (x86)\Freecorder extension\uninstall.exe
AddRemove-Freecorder extension for Chrome - c:\program files (x86)\Freecorder extension\UninstallChromeToolbar.exe
AddRemove-Freecorder extension for Firefox - c:\program files (x86)\Freecorder extension\UninstallFirefoxToolbar.exe
AddRemove-Freecorder4.02B - c:\windows\Freecorder\uninstall.exe
AddRemove-Freecorder5.05 - c:\program files (x86)\Freecorder\uninstall.exe
AddRemove-freecordertoolbar - c:\program files (x86)\freecordertoolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\06\18\10\1f4Ú"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AVG\AVG2012\avgmfapx.exe
.
**************************************************************************
.
Completion time: 2012-11-22 18:48:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-23 00:48
ComboFix2.txt 2012-11-22 01:00
ComboFix3.txt 2012-11-19 08:01
ComboFix4.txt 2012-11-18 09:35
ComboFix5.txt 2012-11-23 00:37
.
Pre-Run: 232,678,969,344 bytes free
Post-Run: 232,250,658,816 bytes free
.
- - End Of File - - 1259A6E5818A5DF234BDE3494084F9A1

And the JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.4.7 (11.22.2012)
OS: Windows 7 Ultimate x64
Ran by romeoashe on Thu 11/22/2012 at 18:51:33.92
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3282714526-1420211796-1606457181-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_classes_root\esrv.funmoodsesrvc"
Successfully deleted: [Registry Key] "hkey_classes_root\esrv.funmoodsesrvc.1"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\esrv.exe"
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{75a4d144-506d-4be5-81db-ec7da1e7f840}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b15bbe59-42f5-4206-b3f0-be98f5dc4b93}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{b15bbe59-42f5-4206-b3f0-be98f5dc4b93}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7971660-a1ce-4fdd-b9e0-2c37d77afb0b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7971660-a1ce-4fdd-b9e0-2c37d77afb0b}



~~~ Files

Successfully deleted: [File] "C:\Users\romeoashe\appdata\local\funmoods.crx"
Successfully deleted: [File] "C:\Users\romeoashe\appdata\local\funmoods-speeddial_sf.crx"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\romeoashe\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\winzip registry optimizer"



~~~ FireFox

Successfully deleted: [File] C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\user.js
Successfully deleted: [Folder] C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\addon@freecorder.com
Successfully deleted: [Folder] C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\oneclickdownload@oneclickdownload.com
Successfully deleted: [Folder] C:\Users\romeoashe\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Successfully deleted: [File] C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\searchplugins\funmoods.xml
Successfully deleted: [File] C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\fgqopuuudj@fgqopuuudj.org.xpi [Tracur]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\romeoashe\appdata\local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Folder] C:\Users\romeoashe\appdata\local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Successfully deleted: [Folder] C:\Users\romeoashe\appdata\local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\bbjciahceamgodcoidkjpchnokgfpphh
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\bbjciahceamgodcoidkjpchnokgfpphh
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\hphibigbodkkohoglgfkddblldpfohjl
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pmlghpafmmnmmkjdhacccolfgnkiboco



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/22/2012 at 18:55:00.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.
I can confirm I took the following measures. Wait for Windows to boot. Open Firefox. Direct browser to this post. Close Firefox. Temporarily disable AVG Antivirus. Drag CFScript.txt to Combofix icon on desktop. Complete scan. Reboot. Realize I'd forgotten to download the Junkware Removal Tool. Utter curse words (in my head because my children are around.) Open Firefox. Direct browser to this post. Download Junkware Removal Tool. Close Firefox. Since I'm not sure if AVG will also interfere with JRT.exe, temporarily disable AVG Antivirus again. Run JRT.exe. Open Firefox. Direct browser to this post. Post logs.

#13 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 23 November 2012 - 09:46 AM

Hi Romeo,

Click 'Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • Freecorder Toolbar
  • Freecorder Toolbar Application
Next

To uninstall from Firefox:
  • Open the browser and select Tools from the menu.
  • Select Add-ons.
  • Select the Extensions tab.
  • Find your toolbar (Freecorder Toolbar) and select Uninstall
Next

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.(Firewall included)

3. Open notepad and copy/paste the text in the codebox below into it:

Firefox::
FF - ProfilePath - c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\
FF - prefs.js: browser.search.selectedEngine - Funmoods
FF - ExtSQL: 2012-11-17 21:15; addon@freecorder.com; c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\addon@freecorder.com
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=aln&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtCyD0D0A0CyB0CyCtC0CtN0D0Tzu0CtAtByCtN1L2Xzut
BtFtBtFtDtFtAyEyE&cr=1023681074
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=aln&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtCyD0D0A0CyB0CyCtC0CtN0D0Tzu0CtAtByCtN1L2Xzut
BtFtBtFtDtFtAyEyE&cr=1023681074
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=aln&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtAtDyCyBtCyD0D0A0CyB0CyCtC0CtN0D0Tzu0CtAtByCtN1L2Xzut
BtFtBtFtDtFtAyEyE&cr=1023681074&q=
FF - user.js: extensions.funmoods.id - 00306715DAC7C61C
FF - user.js: extensions.funmoods.instlDay - 15666
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.220:30
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - aln
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

Folder::
c:\program files (x86)\freecordertoolbar
c:\program files (x86)\Freecorder extension

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt for further review.

Next

Adobe Reader: Go to http://get.adobe.com.../otherversions/
  • Use the drop down menu's to select your operating system.
  • Select your language > Select Reader 11.0 English for Windows
  • Remove the check mark from the box "Free! McAfee Security Scan Plus"
  • Click the Download button, and follow the onscreen directions to complete the installation.
Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

Next
  • Check to see if you have the current version of Java (Version 7 Update 9) by going to http://java.com/en/d...d/installed.jsp
  • Select the Verify Java Version button and follow the onscreen instructions to update if necessary.
Next

Re-run OTL (it should be located on your desktop).

Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
Next

Please locate this file, and include it in your next reply.
C:\QooBox\Add-Remove Programs.txt

In your next post please provide the following:
  • ComboFix.txt
  • OTL.txt
  • Add-Remove Programs.txt log
  • Are you still being redirected in FF? Any remaining issues?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#14 Romeo

Romeo

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 23 November 2012 - 06:12 PM

ComboFix 12-11-23.02 - romeoashe 11/23/2012 14:25:46.11.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2964 [GMT -6:00]
Running from: c:\users\romeoashe\Desktop\ComboFix.exe
Command switches used :: c:\users\romeoashe\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2012-11-23 20:30 . 2012-11-23 20:30 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-23 20:30 . 2012-11-23 20:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-23 20:30 . 2012-11-23 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-23 20:30 . 2012-11-23 20:30 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-11-23 00:51 . 2012-11-23 00:51 -------- d-----w- c:\windows\ERUNT
2012-11-23 00:51 . 2012-11-23 00:51 -------- d-----w- C:\JRT
2012-11-22 06:34 . 2012-11-22 06:38 -------- d-----w- c:\users\romeoashe\AppData\Roaming\Mumble
2012-11-22 06:33 . 2012-11-22 06:33 -------- d-----w- c:\program files (x86)\Mumble
2012-11-22 06:32 . 2012-11-22 06:32 -------- d-----w- C:\AI_RecycleBin
2012-11-18 03:19 . 2012-11-23 20:20 -------- d-----w- c:\program files (x86)\Applian Technologies
2012-11-18 03:14 . 2012-11-18 09:13 -------- d-----w- c:\users\romeoashe\AppData\Local\Stronghold_LLC
2012-11-18 03:14 . 2012-11-22 06:32 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-11-17 01:04 . 2012-11-17 04:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-17 00:07 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-16 21:38 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-16 21:38 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 21:38 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 03:59 . 2012-11-16 04:00 -------- d-----w- c:\users\romeoashe\AppData\Roaming\System
2012-11-03 18:56 . 2012-11-03 19:05 -------- d-----w- c:\users\romeoashe\Jamie
2012-11-03 02:24 . 2012-11-03 02:54 -------- d-----w- c:\users\romeoashe\AppData\Roaming\Nico Mak Computing
2012-11-03 02:24 . 2011-11-10 15:33 18760 ----a-w- c:\windows\system32\roboot64.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 00:04 . 2010-02-12 09:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-14 18:06 . 2012-03-30 20:32 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 18:06 . 2011-05-16 13:56 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-09 02:02 . 2012-08-30 20:40 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-04 20:04 . 2011-06-10 01:30 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-10-06 17:54 . 2012-10-06 17:54 350208 ----a-w- c:\windows\system32\d3drm.dll
2012-09-14 19:19 . 2012-10-11 00:10 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-11 00:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-30 18:03 . 2012-10-11 00:10 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-11 00:10 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-11 00:10 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\users\romeoashe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-04 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-27 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-08 117520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:06]
.
2012-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000Core.job
- c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 02:20]
.
2012-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000UA.job
- c:\users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 02:20]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 17:38]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 17:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
mStart Page = hxxp://search.yahoo.com?type=994519&fr=spigot-yhp-ie
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
FF - ProfilePath - c:\users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\06\18\10\1f4Ú"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-23 14:31:25
ComboFix-quarantined-files.txt 2012-11-23 20:31
ComboFix2.txt 2012-11-23 00:48
ComboFix3.txt 2012-11-22 01:00
ComboFix4.txt 2012-11-19 08:01
ComboFix5.txt 2012-11-23 20:24
.
Pre-Run: 231,547,088,896 bytes free
Post-Run: 231,480,750,080 bytes free
.
- - End Of File - - 6809A95E493E06F2ABFC1DE3D5A563AA

And the OTL logfile:

OTL logfile created on: 11/23/2012 2:42:02 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\romeoashe\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 68.81% Memory free
8.00 Gb Paging File | 6.61 Gb Available in Paging File | 82.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 215.29 Gb Free Space | 30.82% Space Free | Partition Type: NTFS
Drive E: | 650.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 575.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROMEO-PC | User Name: romeoashe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\romeoashe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\zlib.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\CrashRpt.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDockFree\DockShellHook.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nosGetPlusHelper) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (GFI Software)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...p;cr=1023681074
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{095DE46B-2FF1-7C93-8A70-352BAEC12404}: "URL" = http://www.searchqu....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 4B 68 94 D8 63 CD 01 [binary data]
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{095DE46B-2FF1-7C93-8A70-352BAEC12404}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKCU\..\SearchScopes\{0D6CBECC-85EF-4BD6-BD4B-55B9C200E869}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\romeoashe\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/10 16:52:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/24 18:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 14:22:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/23 14:41:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/27 14:22:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/23 14:41:27 | 000,000,000 | ---D | M]

[2012/11/22 18:54:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Extensions
[2012/11/23 14:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions
[2011/02/24 16:15:22 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/05/12 17:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\extensions\nostmp
[2012/11/22 18:55:42 | 000,001,234 | ---- | M] () -- C:\Users\romeoashe\AppData\Roaming\Mozilla\Firefox\Profiles\yulrg7ko.default\searchplugins\search-the-web.xml
[2012/10/27 14:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 14:22:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/27 14:22:21 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 12:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/08/30 21:19:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 01:48:31 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = http://searchfunmood...p;cr=1023681074
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - homepage: {_signature:bj+nNbgQFf4tLmbXAkjB7L1LmLpobQkiI0LCKZPP1tI=,_version:3,browser:{sho
w_home_button:false},extensions:{ids:[ahfgeienlihckogmohjhadlkjgocpleb,cjpglkicen
ollcignonpgiafdgfeehoj,fdloijijlkoblmigdofommgnheckmaki,jmfkcklnlgedgbglfkkgedjfm
ejoahla,jpnbdefcbnoefmmcpelplabbkfmfhlho,lifbcibllhkdhoafpjfnlhfpfgnpldfl,ndibdjn
fmopecpmkdieinmbadjfpblof,nneajnkjbffgblleaoojgaacokifdkhm]},homepage:http://www.google.com/favicon.ico
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch

O1 HOSTS File: ([2012/11/22 18:45:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\romeoashe\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\romeoashe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.180.42.68 208.180.42.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3735079-E34F-4129-92E3-5A3A7E1A1394}: DhcpNameServer = 208.180.42.68 208.180.42.100
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/19 08:47:13 | 000,467,456 | R--- | M] (Obsidian Entertainment, Inc.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/01/19 08:47:13 | 000,000,715 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/01/19 08:47:24 | 000,467,456 | R--- | M] (Obsidian Entertainment, Inc.) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/01/19 08:47:24 | 000,000,715 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/23 14:41:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/11/23 14:41:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/11/23 14:41:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/23 14:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/23 14:38:01 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/11/23 14:38:00 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/23 14:37:47 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/23 14:37:47 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/23 14:37:47 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/23 14:33:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/23 14:31:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/22 18:51:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/11/22 18:51:26 | 000,000,000 | ---D | C] -- C:\JRT
[2012/11/22 18:37:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/22 00:34:27 | 000,000,000 | ---D | C] -- C:\Users\romeoashe\AppData\Roaming\Mumble
[2012/11/22 00:33:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2012/11/22 00:33:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2012/11/22 00:32:00 | 000,000,000 | ---D | C] -- C:\AI_RecycleBin
[2012/11/18 03:14:41 | 005,005,971 | R--- | C] (Swearware) -- C:\Users\romeoashe\Desktop\ComboFix.exe
[2012/11/17 21:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Applian Technologies
[2012/11/17 21:14:26 | 000,000,000 | ---D | C] -- C:\Users\romeoashe\AppData\Local\Stronghold_LLC
[2012/11/17 21:14:08 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012/11/17 12:04:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\romeoashe\Desktop\aswMBR.exe
[2012/11/17 12:04:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\romeoashe\Desktop\OTL.exe
[2012/11/16 19:04:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/16 18:08:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/16 18:08:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/16 18:08:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/16 18:08:15 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/16 18:08:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/16 18:08:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/16 18:08:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/16 18:08:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/16 18:08:14 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/16 18:08:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/16 18:08:13 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/16 18:08:13 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/16 18:08:11 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/16 18:08:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/16 18:08:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/16 15:38:20 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/16 15:38:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/15 21:59:54 | 000,000,000 | ---D | C] -- C:\Users\romeoashe\AppData\Roaming\System
[2012/11/03 12:56:23 | 000,000,000 | ---D | C] -- C:\Users\romeoashe\Jamie
[2012/11/02 20:24:24 | 000,000,000 | ---D | C] -- C:\Users\romeoashe\AppData\Roaming\Nico Mak Computing
[2012/11/02 20:24:21 | 000,018,760 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\Windows\SysNative\roboot64.exe
[2012/10/27 14:22:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/23 14:41:27 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/23 14:40:51 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 14:40:51 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 14:38:28 | 009,124,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/23 14:38:28 | 002,989,776 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/23 14:38:28 | 000,004,750 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/23 14:37:34 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/23 14:37:33 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/23 14:37:33 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/23 14:37:33 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/23 14:37:32 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/11/23 14:37:32 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/11/23 14:33:42 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 14:33:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/23 14:33:37 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 14:24:30 | 005,005,971 | R--- | M] (Swearware) -- C:\Users\romeoashe\Desktop\ComboFix.exe
[2012/11/23 09:25:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000UA.job
[2012/11/23 09:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/23 08:57:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/23 07:47:09 | 101,000,777 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/11/22 21:25:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3282714526-1420211796-1606457181-1000Core.job
[2012/11/22 18:50:52 | 000,897,780 | ---- | M] () -- C:\Users\romeoashe\Desktop\JRT.exe
[2012/11/22 18:45:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/22 00:37:25 | 000,002,378 | ---- | M] () -- C:\Users\romeoashe\Documents\MumbleAutomaticCertificateBackup.p12
[2012/11/22 00:33:23 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/11/20 17:34:26 | 000,487,294 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/11/17 12:05:17 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\romeoashe\Desktop\aswMBR.exe
[2012/11/17 12:04:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\romeoashe\Desktop\OTL.exe
[2012/11/17 12:04:28 | 000,541,569 | ---- | M] () -- C:\Users\romeoashe\Desktop\adwcleaner.exe
[2012/11/17 12:01:26 | 451,040,138 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/16 21:01:43 | 000,002,939 | ---- | M] () -- C:\scu.dat
[2012/11/16 19:52:26 | 000,275,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/16 18:06:51 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/11/14 12:19:37 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2012/11/14 12:13:01 | 000,001,032 | ---- | M] () -- C:\Users\Public\Desktop\WinUtilities.lnk
[2012/11/14 12:12:16 | 000,000,047 | ---- | M] () -- C:\Windows\SysWow64\_WKERNEL.FRE
[2012/11/14 12:06:33 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/14 12:06:33 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/08 20:02:35 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/11/04 14:04:51 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/11/02 20:23:46 | 000,001,852 | ---- | M] () -- C:\Users\romeoashe\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/11/02 20:23:46 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/23 14:41:27 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/23 14:41:27 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/11/22 18:50:51 | 000,897,780 | ---- | C] () -- C:\Users\romeoashe\Desktop\JRT.exe
[2012/11/22 00:37:25 | 000,002,378 | ---- | C] () -- C:\Users\romeoashe\Documents\MumbleAutomaticCertificateBackup.p12
[2012/11/22 00:33:23 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/11/17 12:04:27 | 000,541,569 | ---- | C] () -- C:\Users\romeoashe\Desktop\adwcleaner.exe
[2012/11/17 12:01:26 | 451,040,138 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/11/16 20:35:20 | 000,002,939 | ---- | C] () -- C:\scu.dat
[2012/11/16 18:06:51 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/11/14 12:15:17 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\_WKERNEL.SYL
[2012/07/22 16:38:27 | 000,000,218 | ---- | C] () -- C:\Users\romeoashe\.recently-used.xbel
[2012/07/16 22:57:02 | 000,027,520 | ---- | C] () -- C:\Users\romeoashe\AppData\Local\dt.dat
[2012/07/15 11:15:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/15 11:15:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/15 11:15:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/15 11:15:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/15 11:15:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/24 20:25:11 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/11/10 22:29:34 | 000,000,656 | ---- | C] () -- C:\Users\romeoashe\Romeo.lnk
[2011/10/29 12:00:11 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/10/29 11:47:56 | 000,003,584 | ---- | C] () -- C:\Users\romeoashe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/07 21:14:26 | 000,109,784 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/22 17:21:46 | 000,007,616 | ---- | C] () -- C:\Users\romeoashe\AppData\Local\resmon.resmoncfg
[2011/06/09 19:30:30 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/03/18 12:51:18 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/12/20 20:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/06/24 13:41:11 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/01 05:21:51 | 000,000,000 | ---- | C] () -- C:\Users\romeoashe\AppData\Local\prvlcl.dat
[2010/02/24 14:02:50 | 000,001,825 | ---- | C] () -- C:\Users\romeoashe\.gtkrc-2.0

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:AECF4772
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9BAC4211
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

And the final requested item:


1ClickDownloader
7-Zip 4.65
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Any Video Converter 3.0.7
Apple Application Support
Apple Software Update
ATI Catalyst Registration
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Coby Media Manager
DeVeDe
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DOSBox 0.73 Installer
Facebook Messenger 2.1.4651.0
File Type Assistant
Free Easy Burner V 5.0
gBurner
Google Chrome
Google Earth
Google Update Helper
Guild Wars 2
ImgBurn
InstaCodecs
Java Auto Updater
Java™ 6 Update 29
League of Legends
Magic Workstation 0.94f
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Matrix-ks
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft Office Click-to-Run 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MTG Card Images for Magic Workstation
MTG GamePack for Magic Workstation
Mumble 1.2.3
Neverwinter Nights 2
NVIDIA PhysX
ObjectDock Free
Pando Media Booster
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
Planescape - Torment
Premiumplay Codec-C
Project64 1.6
Quest for Glory II
Quest for Glory IV: Shadows of Darkness
Quest for Glory V: Dragon Fire
QuickTime
Realtek High Definition Audio Driver
Sid Meier's Civilization 4 - Warlords
Sierra Utilities
Skype Click to Call
Skype™ 5.10
SpeedFan (remove only)
Star Wars® Knights of the Old Republic® II: The Sith Lords™
The Battle for Middle-earth ™ II
The Lord of the Rings FREE Trial
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Veoh Web Player
Visual C++ 8.0 Runtime Setup Package (x64)
Visual C++ 9.0 CRT (x86) WinSXS MSM
Visual C++ 9.0 OpenMP (x86) WinSXS MSM
Visual Studio 2008 x64 Redistributables
Vuze
Vuze Remote Toolbar v6.5
Warcraft III
Warcraft III: All Products
Win7codecs
Winamp
Winamp Detector Plug-in
Windows 7 USB/DVD Download Tool
WinRAR archiver
WinUtilities 10.53 Free Edition
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update

#15 Romeo

Romeo

    Authentic Member

  • Authentic Member
  • PipPip
  • 61 posts

Posted 23 November 2012 - 06:14 PM

My browser is no longer being redirected. I really appreciate your assistance with this problem OCD. Thanks a million :)

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·