Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Help needed.

This is a discussion on Help needed. within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I have a BSOD problem and I don't have access to the installation disks. Here's whats been going on so


Closed Thread
 
Thread Tools Search this Thread
Old 07-27-2012, 09:46 AM   #1
Registered Member
 
Join Date: Jul 2012
Posts: 42
OS: Windows 7 service pack 1


Post

I have a BSOD problem and I don't have access to the installation disks. Here's whats been going on so far : https://www.techsupportforum.com/foru...ed-657528.html
Attached Files
File Type: rar Minidump.rar (307.1 KB, 48 views)
File Type: rar REPORTS.rar (14.4 KB, 44 views)
IneedYourHelp7 is offline  
Sponsored Links
Advertisement
 
Old 07-30-2012, 09:22 AM   #2
Registered Member
 
Join Date: Jul 2012
Posts: 42
OS: Windows 7 service pack 1



BUMP, please
IneedYourHelp7 is offline  
Old 07-30-2012, 11:09 AM   #3
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



As tetonbob explained and posted to you in your other thread here --> https://www.techsupportforum.com/foru...ml#post3822472

Please follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.


Also, as noted in those first steps...

Quote:
... should be zipped/archived using Windows onboard zip utility before attaching to the post (Please do not use Winrar - it is not available as a free utility for our Security Team members)
Thanks. :)
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Sponsored Links
Advertisement
 
Old 07-30-2012, 11:38 AM   #4
Registered Member
 
Join Date: Jul 2012
Posts: 42
OS: Windows 7 service pack 1



ok i followed instructions. heres the logs :

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by NO lag at 10:49:18 on 2012-07-27
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.994 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\NO lag\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
uURLSearchHooks: N/A: {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - c:\program files\radiorage_4j\bar\1.bin\4jSrcAs.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe
BHO: TBLayoutBHO Class: {008f6853-9cb4-41c5-a950-39d55e5e06ba} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\users\albert\appdata\roaming\complitly\Complitly.dll
BHO: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Toolbar BHO: {48909954-14fb-4971-a7b3-47e7af10b38a} - c:\progra~1\radior~2\bar\1.bin\4jbar.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: Search Assistant BHO: {5848763c-2668-44ca-adbe-2999a6ee2858} - c:\program files\radiorage_4j\bar\1.bin\4jSrcAs.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.1.3\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\programdata\white sky, inc\id vault\iebho1.1.613.0\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: AlxHelper Class: {f443a627-5009-4323-9c1d-7fd598d0d712} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
TB: {652853ad-5592-4231-88c6-706613a52e61} - No File
TB: RadioRage: {78ba36c9-6036-482b-b48d-ecca6f964b84} - c:\program files\radiorage_4j\bar\1.bin\4jbar.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll
TB: Amazon Browser Bar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MediaFire Tray] "c:\users\no lag\appdata\local\mediafire express\mf_systray.exe" --boot-start
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpeedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" -d 20000
uRun: [Windows Update Server] c:\users\no lag\34957c8d-5016.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RadioRage Search Scope Monitor] "c:\progra~1\radior~2\bar\1.bin\4jsrchmn.exe" /m=2 /w /h
mRun: [RadioRage_4j Browser Plugin Loader] c:\progra~1\radior~2\bar\1.bin\4jbrmon.exe
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [Lenovokey] c:\program files\lenovo\file32\hotkey.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mExplorerRun: [Policies] c:\windows\windir\Svchost.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{38CCEE28-0C6A-434A-B1AA-47BD10C1F25F} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {078RBO32-N12S-XJ54-W1V5-75I616S1E40V} - c:\windows\windir\Svchost.exe
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\no lag\appdata\roaming\mozilla\firefox\profiles\sxtsxoso.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-customfirefoxright-chromesbox-en-us&tb_uuid=20120605032330837&tb_oid=05-06-2012&tb_mrud=05-06-2012
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=hyplogusaolp00000003
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-customfirefoxright-ab-en-us&tb_uuid=20120605032330837&tb_oid=05-06-2012&tb_mrud=05-06-2012&query=
FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\radiorage_4j\bar\1.bin\NP4jStub.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\no lag\appdata\roaming\mozilla\firefox\profiles\sxtsxoso.default\extensions\[email protected]\plugins\npBP4FUpdater.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmmaud.dll
FF - plugin: c:\windows\system32\npmmprog.dll
FF - plugin: c:\windows\system32\npmmvid.dll
FF - plugin: c:\windows\system32\npmmzip.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - ad77b954-7673-4b75-addb-6620d8dadc61
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,buzzdock
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-11-15 15672]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-5-26 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-5-26 744568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-12-11 239168]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-11-3 25232]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-7 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-7 314456]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120713.001\IDSvix86.sys [2012-7-13 382624]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-5-26 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502010.003\symnets.sys [2012-5-26 299640]
S2 0042421343401505mcinstcleanup;McAfee Application Installer Cleanup (0042421343401505);c:\users\nolag~1\appdata\local\temp\004242~1.exe -cleanup -nolog --> c:\users\nolag~1\appdata\local\temp\004242~1.EXE -cleanup -nolog [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-11-23 497496]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-7 20568]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-7 55128]
S2 avast! Antivirus;avast! Antivirus;"c:\program files\avast software\avast\avastsvc.exe" --> c:\program files\avast software\avast\AvastSvc.exe [?]
S2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-26 136176]
S2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-6-13 66160]
S2 McShield;McAfee McShield;"c:\program files\common files\mcafee\systemcore\\mcshield.exe" --> c:\program files\common files\mcafee\systemcore\\mcshield.exe [?]
S2 mfefire;McAfee Firewall Core Service;"c:\program files\common files\mcafee\systemcore\\mfefire.exe" --> c:\program files\common files\mcafee\systemcore\\mfefire.exe [?]
S2 mfevtp;McAfee Validation Trust Protection Service;"c:\windows\system32\mfevtps.exe" --> c:\windows\system32\mfevtps.exe [?]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2011-4-1 67400]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.1.3\ccsvchst.exe [2012-5-26 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-21 2348352]
S2 RadioRage_4jService;RadioRageService;c:\progra~1\radior~2\bar\1.bin\4jbarsvc.exe [2011-10-22 42504]
S2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [2011-9-30 234304]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
S2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-7-2 2673064]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\amazon browser bar\ToolbarUpdaterService.exe [2012-2-1 203776]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\toolbarupdaterservice.exe --> c:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 AtiDCM;AtiDCM;c:\users\no lag\appdata\local\temp\atidcmxx.sys [2012-7-24 23312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\3.0.207\mcchsvc.exe" --> c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-9-7 25088]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-9 1343400]
S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2011-11-18 677984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 Replication Engine;Replication Engine;c:\program files\microsoft\replication engine\ReplicationEngineWindowsService.exe [2008-8-15 18992]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-07-27 15:05:00 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{06c6fbe8-225d-4455-b5ab-c5cc2b54c67c}\offreg.dll
2012-07-26 23:14:41 -------- d-----w- c:\users\no lag\appdata\local\ElevatedDiagnostics
2012-07-26 20:01:33 -------- d-----w- c:\users\no lag\appdata\roaming\SUPERAntiSpyware.com
2012-07-26 20:01:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-26 20:01:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-26 14:39:59 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2012-07-26 14:39:45 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-07-26 14:39:07 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2012-07-26 14:38:53 -------- d-----w- c:\program files\Application Verifier
2012-07-26 01:13:24 81920 --sh--w- c:\users\no lag\34957c8d-5016.exe
2012-07-26 01:08:44 81920 --sh--w- c:\users\no lag\13810c08-5016.exe
2012-07-26 01:04:44 81920 --sh--w- c:\users\no lag\2242bdd0-5016.exe
2012-07-26 01:04:29 81920 --sh--w- c:\users\no lag\173d03f4-5016.exe
2012-07-25 07:47:54 -------- d-----w- c:\users\no lag\appdata\roaming\RealNetworks
2012-07-25 07:28:26 -------- d-----w- c:\programdata\RealNetworks
2012-07-25 04:47:36 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-07-25 04:41:03 -------- d-----w- C:\SWTOOLS
2012-07-24 22:05:12 -------- d-----w- c:\windows\LastGood.Tmp
2012-07-24 22:00:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-07-24 21:31:47 -------- d-----w- c:\users\no lag\appdata\roaming\Uniblue
2012-07-24 19:37:25 -------- d-----w- c:\program files\MagicISO
2012-07-24 18:59:08 -------- d-----w- c:\users\no lag\appdata\local\uTorrent
2012-07-24 18:01:07 -------- d-----w- c:\users\no lag\appdata\roaming\PowerISO
2012-07-24 17:56:07 -------- d-----w- c:\program files\PowerISO
2012-07-24 17:25:32 -------- d-----w- c:\users\no lag\appdata\local\Lenovo
2012-07-24 17:12:21 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-07-24 17:12:21 -------- d-----w- c:\windows\system32\sda
2012-07-24 17:12:17 -------- d-----w- c:\program files\Realtek
2012-07-24 17:08:18 -------- d-----w- c:\program files\Lenovo
2012-07-24 17:08:14 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-07-24 17:08:14 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-07-24 17:08:14 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-07-24 17:08:14 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-07-24 17:08:14 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-07-24 17:08:14 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-07-24 17:08:14 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-07-24 17:08:14 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-07-24 17:07:41 -------- d-----w- c:\windows\system32\Hauppauge
2012-07-24 17:07:41 -------- d-----w- c:\program files\WinTV
2012-07-24 17:07:36 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2012-07-24 17:07:36 36921 ------w- c:\windows\system32\hcwutl32_priv.dll
2012-07-24 17:07:36 274488 ----a-w- c:\windows\system32\hcwpnp32.dll
2012-07-24 17:07:36 106552 ----a-w- c:\windows\system32\hcwi2c32.dll
2012-07-24 17:06:04 98304 ----a-w- c:\windows\system32\VMCtrl.ax
2012-07-24 17:06:04 73728 ----a-w- c:\windows\system32\exvmuvc.ax
2012-07-24 17:06:01 -------- d-----w- c:\program files\Vimicro Corporation
2012-07-24 17:04:28 -------- d-----w- C:\Drivers
2012-07-24 17:03:12 -------- d-----w- C:\LENOVOTOOLS
2012-07-24 14:44:25 -------- d--h--w- C:\$WINDOWS.~BT
2012-07-23 21:45:46 -------- d-----w- c:\users\no lag\appdata\roaming\SpeedyPC Software
2012-07-23 21:45:46 -------- d-----w- c:\users\no lag\appdata\roaming\DriverCure
2012-07-23 21:45:39 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-07-23 21:45:37 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-23 17:42:54 -------- d-----w- C:\3bd24e8949beeb89ecf04c8c
2012-07-23 17:41:19 -------- d-----w- C:\3fded4bb7a12cd6301373f41962ee767
2012-07-23 17:40:11 -------- d-----w- C:\e8532e93756c265cb2
2012-07-22 15:22:00 -------- d-----w- c:\windows\ehome
2012-07-22 11:57:24 -------- d-----w- c:\users\no lag\appdata\roaming\Tific
2012-07-22 11:57:11 -------- d-----w- c:\users\no lag\appdata\local\Symantec
2012-07-19 09:38:52 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-07-12 23:11:33 -------- d-----w- c:\users\no lag\appdata\local\WMTools Downloaded Files
2012-07-10 06:31:43 -------- d--h--w- c:\program files\Temp
2012-07-10 02:31:20 -------- d-----w- c:\program files\common files\Steam
2012-07-10 02:30:56 -------- d-----w- c:\program files\Steam
2012-07-06 18:08:28 -------- d-----w- c:\users\no lag\temp
2012-07-05 18:20:05 -------- d-----w- c:\users\no lag\appdata\local\Microsoft Games
2012-07-05 01:27:29 -------- d-----w- c:\users\no lag\appdata\local\Google
2012-07-05 01:23:58 -------- d-----w- c:\programdata\WEBZEN
.
==================== Find3M ====================
.
2012-07-12 02:04:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 02:04:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-19 21:58:31 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-29 15:30:33 3993600 ----a-w- c:\program files\GUTD5E1.tmp
2011-09-02 19:03:28 730192 ----a-w- c:\program files\common files\ZugoInstaller.exe
2006-07-27 00:02:53 77112 --sha-r- c:\windows\windir\Svchost.exe
.
============= FINISH: 10:49:32.98 ===============
Attached Files
File Type: txt DDS.txt (25.6 KB, 51 views)
File Type: zip Attach.zip (6.7 KB, 54 views)
IneedYourHelp7 is offline  
Old 07-30-2012, 11:55 AM   #5
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. :)

Before we attempt running any cleaning tools, you need to get rid of some of your protection programs. You have way too many and no doubt they are conflicting with one another and causing some of your problems. It is never a good idea to have more than 1 AV installed at a given time. Even if you have it disabled, it still has services and drivers running in the background.

Click Start>Control Panel>Programs and Features and see if you can uninstall the following while in Safe Mode:

McAfee Security Scan Plus
Norton Security Suite
StartNow Toolbar
SUPERAntiSpyware <--you already have Advanced SystemCare 5 and active anti malware protection provided by Comcast. This is too many

=====================================

I'd also like to gather a bit more information based on what I see in your dds.txt

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. Select Yes if prompted to download the Avast database.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-30-2012, 12:16 PM   #6
Registered Member
 
Join Date: Jul 2012
Posts: 42
OS: Windows 7 service pack 1



i don't really think asc works because i get the same errors every time i scan and fix. i was asked to get Superantispyware from loda117, norton is my only antivirus right now and superantispyware, do i delete still delete both of them? i deleted mcafee.norton security suite is the security provided by comcast. and i already uninstalled avast so do i reinstall it again?
Attached Files
File Type: zip MBR.zip (1.4 KB, 47 views)
IneedYourHelp7 is offline  
Old 07-30-2012, 02:20 PM   #7
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



This is getting messy now. Look at your dds.txt - as far as Windows is concerned, you have Avast

.
Quote:
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
There are Avast services still in the log and Avast is still slated to run at startup
Quote:
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
Since Norton is provided by Comcast, keep it.

You still need a clean uninstall of Avast. Follow the instructions here for downloading and running Avast Uninstaller --> avast! Uninstall Utility | Download aswClear for avast! Removal

==============================

After you've done that, please run a new scan with dds.scr and post only the dds.txt for now. Don't attach logs unless requested - it's much easier for me to see everything in front of me in this thread.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-30-2012, 03:04 PM   #8
Registered Member
 
Join Date: Jul 2012
Posts: 42
OS: Windows 7 service pack 1



.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by NO lag at 16:56:32 on 2012-07-30
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2089 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
uURLSearchHooks: N/A: {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - c:\program files\radiorage_4j\bar\1.bin\4jSrcAs.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe
BHO: TBLayoutBHO Class: {008f6853-9cb4-41c5-a950-39d55e5e06ba} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\users\albert\appdata\roaming\complitly\Complitly.dll
BHO: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Toolbar BHO: {48909954-14fb-4971-a7b3-47e7af10b38a} - c:\progra~1\radior~2\bar\1.bin\4jbar.dll
BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
BHO: Search Assistant BHO: {5848763c-2668-44ca-adbe-2999a6ee2858} - c:\program files\radiorage_4j\bar\1.bin\4jSrcAs.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.1.3\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\programdata\white sky, inc\id vault\iebho1.1.613.0\NativeBHO.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: AlxHelper Class: {f443a627-5009-4323-9c1d-7fd598d0d712} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB: {338B4DFE-2E2C-4338-9E41-E176D497299E} - No File
TB: {652853ad-5592-4231-88c6-706613a52e61} - No File
TB: RadioRage: {78ba36c9-6036-482b-b48d-ecca6f964b84} - c:\program files\radiorage_4j\bar\1.bin\4jbar.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
TB: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.1.3\coIEPlg.dll
TB: Amazon Browser Bar: {ea582743-9076-4178-9aa6-7393fdf4d5ce} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MediaFire Tray] "c:\users\no lag\appdata\local\mediafire express\mf_systray.exe" --boot-start
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [SpeedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" -d 20000
uRun: [Windows Update Server] c:\users\no lag\34957c8d-5016.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RadioRage Search Scope Monitor] "c:\progra~1\radior~2\bar\1.bin\4jsrchmn.exe" /m=2 /w /h
mRun: [RadioRage_4j Browser Plugin Loader] c:\progra~1\radior~2\bar\1.bin\4jbrmon.exe
mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s
mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [Lenovokey] c:\program files\lenovo\file32\hotkey.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mExplorerRun: [Policies] c:\windows\windir\Svchost.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{38CCEE28-0C6A-434A-B1AA-47BD10C1F25F} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {078RBO32-N12S-XJ54-W1V5-75I616S1E40V} - c:\windows\windir\Svchost.exe
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\no lag\appdata\roaming\mozilla\firefox\profiles\sxtsxoso.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-customfirefoxright-chromesbox-en-us&tb_uuid=20120605032330837&tb_oid=05-06-2012&tb_mrud=05-06-2012
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=hyplogusaolp00000003
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-customfirefoxright-ab-en-us&tb_uuid=20120605032330837&tb_oid=05-06-2012&tb_mrud=05-06-2012&query=
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\radiorage_4j\bar\1.bin\NP4jStub.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\no lag\appdata\roaming\mozilla\firefox\profiles\sxtsxoso.default\extensions\[email protected]\plugins\npBP4FUpdater.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmmaud.dll
FF - plugin: c:\windows\system32\npmmprog.dll
FF - plugin: c:\windows\system32\npmmvid.dll
FF - plugin: c:\windows\system32\npmmzip.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
FF - user.js: extentions.y2layers.installId - ad77b954-7673-4b75-addb-6620d8dadc61
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,buzzdock,pagerage
.
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-11-15 15672]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502010.003\symds.sys [2012-5-26 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502010.003\symefa.sys [2012-5-26 744568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-12-11 239168]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-11-3 25232]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120713.001\IDSvix86.sys [2012-7-13 382624]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502010.003\ironx86.sys [2012-5-26 136312]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0502010.003\symnets.sys [2012-5-26 299640]
S2 0042421343401505mcinstcleanup;McAfee Application Installer Cleanup (0042421343401505);c:\users\nolag~1\appdata\local\temp\004242~1.exe -cleanup -nolog --> c:\users\nolag~1\appdata\local\temp\004242~1.EXE -cleanup -nolog [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-11-23 497496]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
S2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-7-26 136176]
S2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2012-6-13 66160]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2011-4-1 67400]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.1.3\ccsvchst.exe [2012-5-26 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-3-21 2348352]
S2 RadioRage_4jService;RadioRageService;c:\progra~1\radior~2\bar\1.bin\4jbarsvc.exe [2011-10-22 42504]
S2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.sys [2011-9-30 234304]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
S2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-7-2 2673064]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\amazon browser bar\ToolbarUpdaterService.exe [2012-2-1 203776]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\toolbarupdaterservice.exe --> c:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 AtiDCM;AtiDCM;c:\users\no lag\appdata\local\temp\atidcmxx.sys [2012-7-24 23312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\3.0.207\mcchsvc.exe" --> c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-9-7 25088]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-9 1343400]
S3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2011-11-18 677984]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 Replication Engine;Replication Engine;c:\program files\microsoft\replication engine\ReplicationEngineWindowsService.exe [2008-8-15 18992]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-07-28 19:04:57 -------- d-----w- c:\program files\Yontoo Layers Runtime
2012-07-28 10:55:49 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{20c0e805-1bf0-45b5-a597-1e8f09dc8cd7}\mpengine.dll
2012-07-28 00:55:26 -------- d-----w- c:\users\no lag\appdata\local\Unity
2012-07-28 00:55:22 -------- d-----w- c:\program files\Unity
2012-07-26 23:14:41 -------- d-----w- c:\users\no lag\appdata\local\ElevatedDiagnostics
2012-07-26 20:01:33 -------- d-----w- c:\users\no lag\appdata\roaming\SUPERAntiSpyware.com
2012-07-26 20:01:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-26 20:01:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-26 14:39:59 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2012-07-26 14:39:45 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-07-26 14:39:07 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2012-07-26 14:38:53 -------- d-----w- c:\program files\Application Verifier
2012-07-26 01:13:24 81920 --sh--w- c:\users\no lag\34957c8d-5016.exe
2012-07-26 01:08:44 81920 --sh--w- c:\users\no lag\13810c08-5016.exe
2012-07-26 01:04:44 81920 --sh--w- c:\users\no lag\2242bdd0-5016.exe
2012-07-26 01:04:29 81920 --sh--w- c:\users\no lag\173d03f4-5016.exe
2012-07-25 07:47:54 -------- d-----w- c:\users\no lag\appdata\roaming\RealNetworks
2012-07-25 07:28:26 -------- d-----w- c:\programdata\RealNetworks
2012-07-25 04:47:36 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-07-25 04:41:03 -------- d-----w- C:\SWTOOLS
2012-07-24 22:05:12 -------- d-----w- c:\windows\LastGood.Tmp
2012-07-24 22:00:48 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-07-24 21:31:47 -------- d-----w- c:\users\no lag\appdata\roaming\Uniblue
2012-07-24 19:37:25 -------- d-----w- c:\program files\MagicISO
2012-07-24 18:59:08 -------- d-----w- c:\users\no lag\appdata\local\uTorrent
2012-07-24 18:01:07 -------- d-----w- c:\users\no lag\appdata\roaming\PowerISO
2012-07-24 17:56:07 -------- d-----w- c:\program files\PowerISO
2012-07-24 17:25:32 -------- d-----w- c:\users\no lag\appdata\local\Lenovo
2012-07-24 17:12:21 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-07-24 17:12:21 -------- d-----w- c:\windows\system32\sda
2012-07-24 17:12:17 -------- d-----w- c:\program files\Realtek
2012-07-24 17:08:18 -------- d-----w- c:\program files\Lenovo
2012-07-24 17:08:14 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2012-07-24 17:08:14 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-07-24 17:08:14 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2012-07-24 17:08:14 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-07-24 17:08:14 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2012-07-24 17:08:14 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-07-24 17:08:14 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2012-07-24 17:08:14 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-07-24 17:07:41 -------- d-----w- c:\windows\system32\Hauppauge
2012-07-24 17:07:41 -------- d-----w- c:\program files\WinTV
2012-07-24 17:07:36 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2012-07-24 17:07:36 36921 ------w- c:\windows\system32\hcwutl32_priv.dll
2012-07-24 17:07:36 274488 ----a-w- c:\windows\system32\hcwpnp32.dll
2012-07-24 17:07:36 106552 ----a-w- c:\windows\system32\hcwi2c32.dll
2012-07-24 1704 98304 ----a-w- c:\windows\system32\VMCtrl.ax
2012-07-24 1704 73728 ----a-w- c:\windows\system32\exvmuvc.ax
2012-07-24 1701 -------- d-----w- c:\program files\Vimicro Corporation
2012-07-24 17:04:28 -------- d-----w- C:\Drivers
2012-07-24 17:03:12 -------- d-----w- C:\LENOVOTOOLS
2012-07-24 14:44:25 -------- d--h--w- C:\$WINDOWS.~BT
2012-07-23 21:45:46 -------- d-----w- c:\users\no lag\appdata\roaming\SpeedyPC Software
2012-07-23 21:45:46 -------- d-----w- c:\users\no lag\appdata\roaming\DriverCure
2012-07-23 21:45:39 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-07-23 21:45:37 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-23 17:42:54 -------- d-----w- C:\3bd24e8949beeb89ecf04c8c
2012-07-23 17:41:19 -------- d-----w- C:\3fded4bb7a12cd6301373f41962ee767
2012-07-23 17:40:11 -------- d-----w- C:\e8532e93756c265cb2
2012-07-22 15:22:00 -------- d-----w- c:\windows\ehome
2012-07-22 11:57:24 -------- d-----w- c:\users\no lag\appdata\roaming\Tific
2012-07-22 11:57:11 -------- d-----w- c:\users\no lag\appdata\local\Symantec
2012-07-19 09:38:52 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-07-12 23:11:33 -------- d-----w- c:\users\no lag\appdata\local\WMTools Downloaded Files
2012-07-10 06:31:43 -------- d--h--w- c:\program files\Temp
2012-07-10 02:31:20 -------- d-----w- c:\program files\common files\Steam
2012-07-10 02:30:56 -------- d-----w- c:\program files\Steam
2012-07-06 18:08:28 -------- d-----w- c:\users\no lag\temp
2012-07-05 18:20:05 -------- d-----w- c:\users\no lag\appdata\local\Microsoft Games
2012-07-05 01:27:29 -------- d-----w- c:\users\no lag\appdata\local\Google
2012-07-05 01:23:58 -------- d-----w- c:\programdata\WEBZEN
.
==================== Find3M ====================
.
2012-07-12 02:04:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 02:04:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-19 21:58:31 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-29 15:30:33 3993600 ----a-w- c:\program files\GUTD5E1.tmp
2011-09-02 19:03:28 730192 ----a-w- c:\program files\common files\ZugoInstaller.exe
2006-07-27 00:02:53 77112 --sha-r- c:\windows\windir\Svchost.exe
.
============= FINISH: 16:58:04.43 ===============
IneedYourHelp7 is offline  
Old 07-30-2012, 03:36 PM   #9
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Avast is still showing as installed in the header, but services and run key are gone - those are the main concern. We'll get rid of WMI seeing Avast as installed later on.

Download ComboFix from here


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts. It will alert you that Avast is active - click OK to both prompts and let ComboFix run.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-30-2012, 04:58 PM   #10
Registered Member
 
Join Date: Jul 2012
Posts: 42
OS: Windows 7 service pack 1



ComboFix 12-07-30.01 - NO lag 07/30/2012 18:34:45.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1889 [GMT -5:00]
Running from: c:\users\NO lag\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\CFLog
c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\[email protected]\chrome.manifest
c:\program files\Complitly\[email protected]\chrome\content\appIcon.png
c:\program files\Complitly\[email protected]\chrome\content\browserOverlay.xul
c:\program files\Complitly\[email protected]\chrome\content\options.js
c:\program files\Complitly\[email protected]\chrome\content\options.xul
c:\program files\Complitly\[email protected]\chrome\content\utils.js
c:\program files\Complitly\[email protected]\defaults\preferences\predictad.js
c:\program files\Complitly\[email protected]\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{BA19D5DC-37BE-4FE5-98DB-1C35CA26592A}\setup.msi
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\program files\RadioRage_4j
c:\program files\RadioRage_4j\bar\1.bin\4jauxstb.dll
c:\program files\RadioRage_4j\bar\1.bin\4jbar.dll
c:\program files\RadioRage_4j\bar\1.bin\4jbarsvc.exe
c:\program files\RadioRage_4j\bar\1.bin\4jbrmon.exe
c:\program files\RadioRage_4j\bar\1.bin\4jbrstub.dll
c:\program files\RadioRage_4j\bar\1.bin\4jdatact.dll
c:\program files\RadioRage_4j\bar\1.bin\4jdlghk.dll
c:\program files\RadioRage_4j\bar\1.bin\4jdyn.dll
c:\program files\RadioRage_4j\bar\1.bin\4jfeedmg.dll
c:\program files\RadioRage_4j\bar\1.bin\4jhighin.exe
c:\program files\RadioRage_4j\bar\1.bin\4jhkstub.dll
c:\program files\RadioRage_4j\bar\1.bin\4jhtml.dll
c:\program files\RadioRage_4j\bar\1.bin\4jhtmlmu.dll
c:\program files\RadioRage_4j\bar\1.bin\4jhttpct.dll
c:\program files\RadioRage_4j\bar\1.bin\4jidle.dll
c:\program files\RadioRage_4j\bar\1.bin\4jieovr.dll
c:\program files\RadioRage_4j\bar\1.bin\4jimpipe.exe
c:\program files\RadioRage_4j\bar\1.bin\4jmedint.exe
c:\program files\RadioRage_4j\bar\1.bin\4jmlbtn.dll
c:\program files\RadioRage_4j\bar\1.bin\4jmsg.dll
c:\program files\RadioRage_4j\bar\1.bin\4jPlugin.dll
c:\program files\RadioRage_4j\bar\1.bin\4jradio.dll
c:\program files\RadioRage_4j\bar\1.bin\4jregfft.dll
c:\program files\RadioRage_4j\bar\1.bin\4jreghk.dll
c:\program files\RadioRage_4j\bar\1.bin\4jregiet.dll
c:\program files\RadioRage_4j\bar\1.bin\4jscript.dll
c:\program files\RadioRage_4j\bar\1.bin\4jskin.dll
c:\program files\RadioRage_4j\bar\1.bin\4jskplay.exe
c:\program files\RadioRage_4j\bar\1.bin\4jSrcAs.dll
c:\program files\RadioRage_4j\bar\1.bin\4jSrchMn.exe
c:\program files\RadioRage_4j\bar\1.bin\4jtpinst.dll
c:\program files\RadioRage_4j\bar\1.bin\4juabtn.dll
c:\program files\RadioRage_4j\bar\1.bin\CHROME.MANIFEST
c:\program files\RadioRage_4j\bar\1.bin\chrome\4jffxtbr.jar
c:\program files\RadioRage_4j\bar\1.bin\INSTALL.RDF
c:\program files\RadioRage_4j\bar\1.bin\LOGO.BMP
c:\program files\RadioRage_4j\bar\1.bin\NP4jStub.dll
c:\program files\RadioRage_4j\bar\1.bin\T8RES.DLL
c:\program files\RadioRage_4j\bar\Cache\00587936.bmp
c:\program files\RadioRage_4j\bar\Cache\0A27E9D6
c:\program files\RadioRage_4j\bar\Cache\0A282B49
c:\program files\RadioRage_4j\bar\Cache\0A282FFA.bmp
c:\program files\RadioRage_4j\bar\Cache\0A28404F.bmp
c:\program files\RadioRage_4j\bar\Cache\0A284493.bmp
c:\program files\RadioRage_4j\bar\Cache\0A284703.bmp
c:\program files\RadioRage_4j\bar\Cache\0A284C9E.bmp
c:\program files\RadioRage_4j\bar\Cache\0A284FAA.bmp
c:\program files\RadioRage_4j\bar\Cache\0A285304.bmp
c:\program files\RadioRage_4j\bar\Cache\0A285861.bmp
c:\program files\RadioRage_4j\bar\Cache\0A2865C9.jhtml
c:\program files\RadioRage_4j\bar\Cache\0A289A9E.bmp
c:\program files\RadioRage_4j\bar\Cache\0C3D7BC4
c:\program files\RadioRage_4j\bar\Cache\0C59119D
c:\program files\RadioRage_4j\bar\Cache\0C74A776
c:\program files\RadioRage_4j\bar\Cache\files.ini
c:\program files\RadioRage_4j\bar\History\search3
c:\program files\RadioRage_4j\bar\IE9Mesg\COMMON.T8S
c:\program files\RadioRage_4j\bar\Message\COMMON.T8S
c:\program files\RadioRage_4j\bar\Message\COMMON\8_step1.gif
c:\program files\RadioRage_4j\bar\Message\COMMON\index.htm
c:\program files\RadioRage_4j\bar\Message\COMMON\rebut4b.htm
c:\program files\RadioRage_4j\bar\Message\COMMON\shield.png
c:\program files\RadioRage_4j\bar\Settings\prevcfg2.htm
c:\program files\RadioRage_4j\bar\Settings\s_pid.dat
c:\program files\RadioRage_4j\bar\Settings\s_w1.dat
c:\program files\RadioRage_4j\bar\Settings\s_w1.dat.bak
c:\program files\RadioRage_4j\bar\Settings\s_w2.dat
c:\program files\RadioRage_4j\bar\Settings\s_w2.dat.bak
c:\program files\RadioRage_4j\bar\Settings\setting3.htm
c:\program files\RadioRage_4j\bar\Settings\setting3.htm.bak
c:\program files\RadioRage_4j\RadioRage_4j\Cache\PopupProperties100028549.html
c:\program files\RadioRage_4j\RadioRage_4j\Cache\PopupProperties100028552.html
c:\program files\RadioRage_4j\RadioRage_4j\Cache\PopupProperties100064980.html
c:\program files\RadioRage_4j\RadioRage_4j\Cache\Radio.html
c:\users\albert\AppData\Roaming\facemoods.com
c:\users\albert\AppData\Roaming\facemoods.com\facemoods\us\20101003\kywrds.tat
c:\users\albert\AppData\Roaming\facemoods.com\facemoods\us\20101003\kywrds.ttr
c:\users\NO lag\13810c08-5016.exe
c:\users\NO lag\173d03f4-5016.exe
c:\users\NO lag\2242bdd0-5016.exe
c:\users\NO lag\34957c8d-5016.exe
c:\users\Public\AlexaNSISPlugin.796.dll
c:\windows\Dir
c:\windows\system32\WinDir
c:\windows\windir
c:\windows\windir\Svchost.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 23:42 . 2012-07-30 23:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-30 23:42 . 2012-07-30 23:42 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-30 23:42 . 2012-07-30 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-30 23:42 . 2012-07-30 23:42 -------- d-----w- c:\users\albert\AppData\Local\temp
2012-07-30 23:39 . 2012-07-30 23:39 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20C0E805-1BF0-45B5-A597-1E8F09DC8CD7}\offreg.dll
2012-07-28 19:04 . 2012-07-28 19:04 -------- d-----w- c:\program files\Yontoo Layers Runtime
2012-07-28 10:55 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20C0E805-1BF0-45B5-A597-1E8F09DC8CD7}\mpengine.dll
2012-07-28 00:55 . 2012-07-28 00:55 -------- d-----w- c:\users\NO lag\AppData\Local\Unity
2012-07-28 00:55 . 2012-07-28 00:55 -------- d-----w- c:\program files\Unity
2012-07-26 23:14 . 2012-07-26 23:14 -------- d-----w- c:\users\NO lag\AppData\Local\ElevatedDiagnostics
2012-07-26 20:01 . 2012-07-26 20:01 -------- d-----w- c:\users\NO lag\AppData\Roaming\SUPERAntiSpyware.com
2012-07-26 20:01 . 2012-07-26 20:01 -------- d-----w- c:\program files\Google
2012-07-26 20:01 . 2012-07-26 20:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-26 20:01 . 2012-07-26 20:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-26 14:39 . 2012-07-26 14:39 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2012-07-26 14:39 . 2012-07-26 14:39 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-07-26 14:39 . 2012-07-26 14:39 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2012-07-26 14:38 . 2012-07-26 14:38 -------- d-----w- c:\program files\Application Verifier
2012-07-25 07:48 . 2012-07-25 07:48 -------- d-----w- c:\users\free nx.ayeley-PC
2012-07-25 07:47 . 2012-07-25 07:47 -------- d-----w- c:\users\NO lag\AppData\Roaming\RealNetworks
2012-07-25 07:28 . 2012-07-25 07:28 -------- d-----w- c:\programdata\RealNetworks
2012-07-25 04:47 . 2012-07-25 04:47 -------- d-----w- c:\windows\LastGood
2012-07-25 04:47 . 2012-07-25 04:47 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-07-25 04:41 . 2012-07-25 04:41 -------- d-----w- C:\SWTOOLS
2012-07-24 22:00 . 2012-07-24 22:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-24 21:31 . 2012-07-25 05:55 -------- d-----w- c:\users\NO lag\AppData\Roaming\Uniblue
2012-07-24 19:37 . 2012-07-24 19:37 -------- d-----w- c:\program files\MagicISO
2012-07-24 18:59 . 2012-07-24 18:59 -------- d-----w- c:\users\NO lag\AppData\Local\uTorrent
2012-07-24 18:01 . 2012-07-24 18:01 -------- d-----w- c:\users\NO lag\AppData\Roaming\PowerISO
2012-07-24 17:56 . 2012-07-24 17:56 -------- d-----w- c:\program files\PowerISO
2012-07-24 17:25 . 2012-07-24 17:25 -------- d-----w- c:\users\NO lag\AppData\Local\Lenovo
2012-07-24 17:12 . 2012-07-24 17:12 -------- d-----w- c:\windows\system32\sda
2012-07-24 17:12 . 2009-02-02 23:27 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-07-24 17:12 . 2012-07-24 17:36 -------- d-----w- c:\program files\Realtek
2012-07-24 17:08 . 2012-07-24 17:36 -------- d-----w- c:\program files\Lenovo
2012-07-24 17:08 . 2012-07-24 17:08 -------- d-----w- c:\program files\Common Files\InstallShield
2012-07-24 17:07 . 2012-07-24 17:07 -------- d-----w- c:\program files\WinTV
2012-07-24 17:07 . 2012-07-24 17:07 -------- d-----w- c:\windows\system32\Hauppauge
2012-07-24 17:07 . 2008-02-08 20:07 274488 ----a-w- c:\windows\system32\hcwpnp32.dll
2012-07-24 17:07 . 2008-02-08 19:59 106552 ----a-w- c:\windows\system32\hcwi2c32.dll
2012-07-24 17:07 . 2006-10-10 22:47 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2012-07-24 17:07 . 2006-10-10 22:47 36921 ------w- c:\windows\system32\hcwutl32_priv.dll
2012-07-24 17:06 . 2007-04-16 20:12 98304 ----a-w- c:\windows\system32\VMCtrl.ax
2012-07-24 17:06 . 2007-04-13 03:59 73728 ----a-w- c:\windows\system32\exvmuvc.ax
2012-07-24 17:06 . 2012-07-24 17:06 -------- d-----w- c:\program files\Vimicro Corporation
2012-07-24 17:05 . 2012-07-24 17:05 -------- d-----w- c:\users\NO lag\AppData\Roaming\InstallShield
2012-07-24 17:04 . 2012-07-24 17:18 -------- d-----w- C:\Drivers
2012-07-24 17:03 . 2012-07-24 17:03 -------- d-----w- C:\LENOVOTOOLS
2012-07-24 14:44 . 2012-07-24 14:44 -------- d-----w- C:\$WINDOWS.~BT
2012-07-23 21:45 . 2012-07-23 21:45 -------- d-----w- c:\users\NO lag\AppData\Roaming\SpeedyPC Software
2012-07-23 21:45 . 2012-07-23 21:45 -------- d-----w- c:\users\NO lag\AppData\Roaming\DriverCure
2012-07-23 21:45 . 2012-07-23 21:45 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-07-23 21:45 . 2012-07-23 21:45 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-23 17:42 . 2012-07-23 17:42 -------- d-----w- C:\3bd24e8949beeb89ecf04c8c
2012-07-23 17:41 . 2012-07-23 17:41 -------- d-----w- C:\3fded4bb7a12cd6301373f41962ee767
2012-07-23 17:40 . 2012-07-23 17:40 -------- d-----w- C:\e8532e93756c265cb2
2012-07-22 15:22 . 2012-07-26 19:12 -------- d-----w- c:\windows\ehome
2012-07-22 11:57 . 2012-07-22 11:57 -------- d-----w- c:\users\NO lag\AppData\Roaming\Tific
2012-07-22 11:57 . 2012-07-22 11:57 -------- d-----w- c:\users\NO lag\AppData\Local\Symantec
2012-07-19 09:38 . 2012-07-19 09:38 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-07-12 23:11 . 2012-07-12 23:11 -------- d-----w- c:\users\NO lag\AppData\Local\WMTools Downloaded Files
2012-07-10 22:16 . 2012-07-10 22:16 -------- d-----w- c:\users\NO lag\AppData\Roaming\SystemRequirementsLab
2012-07-10 06:31 . 2012-07-24 17:13 -------- d--h--w- c:\program files\Temp
2012-07-10 02:31 . 2012-07-10 03:16 -------- d-----w- c:\program files\Common Files\Steam
2012-07-10 02:30 . 2012-07-29 19:59 -------- d-----w- c:\program files\Steam
2012-07-06 18:08 . 2012-07-06 18:08 -------- d-----w- c:\users\NO lag\temp
2012-07-05 18:20 . 2012-07-10 02:08 -------- d-----w- c:\users\NO lag\AppData\Local\Microsoft Games
2012-07-05 01:27 . 2012-07-05 20:49 -------- d-----w- c:\users\NO lag\AppData\Local\Google
2012-07-05 01:23 . 2012-07-25 05:53 -------- d-----w- c:\programdata\WEBZEN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 02:04 . 2012-03-31 13:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 02:04 . 2011-09-07 20:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-19 21:58 . 2012-05-19 14:46 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-29 15:30 . 2012-03-29 15:29 3993600 ----a-w- c:\program files\GUTD5E1.tmp
2011-09-02 19:03 . 2011-11-16 21:23 730192 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
2012-06-23 13:45 . 2012-02-14 00:00 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 20:08 . 2011-12-05 01:55 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"MediaFire Tray"="c:\users\NO lag\AppData\Local\MediaFire Express\mf_systray.exe" [2012-06-15 2172488]
"Steam"="c:\program files\Steam\Steam.exe" [2012-07-10 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-03-04 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-07-19 336992]
"Lenovokey"="c:\program files\Lenovo\file32\hotkey.exe" [2008-06-18 78024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-6-13 6534768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [x]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120713.001\IDSvix86.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\Ironx86.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502010.003\SYMNETS.SYS [x]
R2 0042421343401505mcinstcleanup;McAfee Application Installer Cleanup (0042421343401505);c:\users\NOLAG~1\AppData\Local\Temp\004242~1.EXE [x]
R2 5016;5016;c:\users\NOLAG~1\AppData\Local\Temp\5016.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [x]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [x]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 RadioRage_4jService;RadioRageService;c:\progra~1\RADIOR~2\bar\1.bin\4jbarsvc.exe [x]
R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\DRIVERS\SCRCAMHRDRV.sys [x]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
R2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\Amazon Browser Bar\ToolbarUpdaterService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AtiDCM;AtiDCM;c:\users\NO lag\AppData\Local\Temp\atidcmxx.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 EagleXNt;EagleXNt;c:\users\NO lag\AppData\Local\Temp\EagleXNt.sys [x]
R3 KeDetective131;KeDetective131; [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 vtany;vtany; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva391;XDva391; [x]
R3 xhunter1;xhunter1; [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R3 xspirit;xspirit; [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 Replication Engine;Replication Engine;c:\program files\Microsoft\Replication Engine\ReplicationEngineWindowsService.exe [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\SYMEFA.SYS [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 GIDv2;GIDv2; [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:04]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-26 20:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\NO lag\AppData\Roaming\Mozilla\Firefox\Profiles\sxtsxoso.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-customfirefoxright-chromesbox-en-us&tb_uuid=20120605032330837&tb_oid=05-06-2012&tb_mrud=05-06-2012
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=hyplogusaolp00000003
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-customfirefoxright-ab-en-us&tb_uuid=20120605032330837&tb_oid=05-06-2012&tb_mrud=05-06-2012&query=
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extentions.y2layers.installId - ad77b954-7673-4b75-addb-6620d8dadc61
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,buzzdock,pagerage
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{3c35ad63-af1d-4e21-b484-b6651a8efcf9} - c:\program files\RadioRage_4j\bar\1.bin\4jSrcAs.dll
BHO-{008f6853-9cb4-41c5-a950-39d55e5e06ba} - c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{F443A627-5009-4323-9C1D-7FD598D0D712} - c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
Toolbar-10 - (no file)
Toolbar-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Toolbar-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{EA582743-9076-4178-9AA6-7393FDF4D5CE} - c:\program files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKCU-Run-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
HKCU-Run-Windows Update Server - c:\users\NO lag\34957c8d-5016.exe
HKLM-Run-RadioRage Search Scope Monitor - c:\progra~1\RADIOR~2\bar\1.bin\4jsrchmn.exe
HKLM-Run-RadioRage_4j Browser Plugin Loader - c:\progra~1\RADIOR~2\bar\1.bin\4jbrmon.exe
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
MSConfigStartUp-Google Update - c:\users\bryan\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-HKLM - c:\windows\windir\svchost.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-Fraps - c:\fraps\fraps 7\Fraps\uninstall.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
AddRemove-{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1 - c:\program files\Uniblue\SpeedUpMyPC\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}"=hex:51,66,7a,6c,4c,1d,38,12,4a,94,5d,
df,2a,bb,93,08,e3,6a,3b,f5,24,5d,8e,ad
"{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
"{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}"=hex:51,66,7a,6c,4c,1d,38,12,86,cf,88,
4f,39,e9,44,05,d8,f7,98,d6,86,40,a6,7b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
"{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{64182481-4F71-486B-A045-B233BD0DA8FC}"=hex:51,66,7a,6c,4c,1d,38,12,ef,27,0b,
60,43,01,05,0d,df,53,f1,73,b8,53,ec,e8
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{B84CDBE7-1B46-494B-A188-01D4C52DEB61}"=hex:51,66,7a,6c,4c,1d,38,12,89,d8,5f,
bc,74,55,25,0c,de,9e,42,94,c0,73,af,75
"{BB46BE07-13EB-4C49-B0F0-FC78B9EA4983}"=hex:51,66,7a,6c,4c,1d,38,12,69,bd,55,
bf,d9,5d,27,09,cf,e6,bf,38,bc,b4,0d,97
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b6,e7,ea,21,39,e9,cc,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2012-07-30 18:53:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 23:53
.
Pre-Run: 201,550,065,664 bytes free
Post-Run: 217,459,466,240 bytes free
.
- - End Of File - - 3B58C08FE9C1DCC57083B3279FE11678
IneedYourHelp7 is offline  
Old 07-30-2012, 05:07 PM   #11
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Open notepad and copy/paste the text in the code box below into it:

Quote:
Folder::
c:\program files\Yontoo Layers Runtime
SecCenter::
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
Reboot::
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe


It will reboot the machine - allow it to boot into Normal Mode and see if Windows will load for you.

Post the C:\ComboFix.txt in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 07-30-2012, 06:53 PM   #12
Registered Member
 
Join Date: Jul 2012
Posts: 42
OS: Windows 7 service pack 1



I stopped getting BSOD!. is the problem fixed?, if it is thank you very much, you and all of techsupportforum, thanks for the support.
ComboFix 12-07-30.01 - NO lag 07/30/2012 19:34:11.2.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2394 [GMT -5:00]
Running from: c:\users\NO lag\Downloads\ComboFix.exe
Command switches used :: c:\users\NO lag\Downloads\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Yontoo Layers Runtime
c:\program files\Yontoo Layers Runtime\OptChrome.exe
c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
c:\program files\Yontoo Layers Runtime\YontooLayers.crx
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 00:43 . 2012-07-31 00:43 -------- d-----w- c:\users\NO lag\AppData\Local\VirtualStore
2012-07-31 00:42 . 2012-07-31 00:46 -------- d-----w- c:\users\NO lag\AppData\Local\temp
2012-07-31 00:42 . 2012-07-31 00:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-31 00:42 . 2012-07-31 00:42 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-31 00:42 . 2012-07-31 00:42 -------- d-----w- c:\users\free nx\AppData\Local\temp
2012-07-31 00:42 . 2012-07-31 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 00:42 . 2012-07-31 00:42 -------- d-----w- c:\users\chelsea\AppData\Local\temp
2012-07-31 00:42 . 2012-07-31 00:42 -------- d-----w- c:\users\ayeley\AppData\Local\temp
2012-07-31 00:42 . 2012-07-31 00:42 -------- d-----w- c:\users\albert\AppData\Local\temp
2012-07-30 23:39 . 2012-07-30 23:39 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20C0E805-1BF0-45B5-A597-1E8F09DC8CD7}\offreg.dll
2012-07-28 10:55 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{20C0E805-1BF0-45B5-A597-1E8F09DC8CD7}\mpengine.dll
2012-07-28 00:55 . 2012-07-28 00:55 -------- d-----w- c:\users\NO lag\AppData\Local\Unity
2012-07-28 00:55 . 2012-07-28 00:55 -------- d-----w- c:\program files\Unity
2012-07-26 23:14 . 2012-07-26 23:14 -------- d-----w- c:\users\NO lag\AppData\Local\ElevatedDiagnostics
2012-07-26 20:01 . 2012-07-26 20:01 -------- d-----w- c:\users\NO lag\AppData\Roaming\SUPERAntiSpyware.com
2012-07-26 20:01 . 2012-07-26 20:01 -------- d-----w- c:\program files\Google
2012-07-26 20:01 . 2012-07-26 20:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-26 20:01 . 2012-07-26 20:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-26 14:39 . 2012-07-26 14:39 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2012-07-26 14:39 . 2012-07-26 14:39 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-07-26 14:39 . 2012-07-26 14:39 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2012-07-26 14:38 . 2012-07-26 14:38 -------- d-----w- c:\program files\Application Verifier
2012-07-25 07:48 . 2012-07-25 07:48 -------- d-----w- c:\users\free nx.ayeley-PC
2012-07-25 07:47 . 2012-07-25 07:47 -------- d-----w- c:\users\NO lag\AppData\Roaming\RealNetworks
2012-07-25 07:28 . 2012-07-25 07:28 -------- d-----w- c:\programdata\RealNetworks
2012-07-25 04:47 . 2012-07-25 04:47 -------- d-----w- c:\windows\LastGood
2012-07-25 04:47 . 2012-07-25 04:47 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-07-25 04:41 . 2012-07-25 04:41 -------- d-----w- C:\SWTOOLS
2012-07-24 22:00 . 2012-07-24 22:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-24 21:31 . 2012-07-25 05:55 -------- d-----w- c:\users\NO lag\AppData\Roaming\Uniblue
2012-07-24 19:37 . 2012-07-24 19:37 -------- d-----w- c:\program files\MagicISO
2012-07-24 18:59 . 2012-07-24 18:59 -------- d-----w- c:\users\NO lag\AppData\Local\uTorrent
2012-07-24 18:01 . 2012-07-24 18:01 -------- d-----w- c:\users\NO lag\AppData\Roaming\PowerISO
2012-07-24 17:56 . 2012-07-24 17:56 -------- d-----w- c:\program files\PowerISO
2012-07-24 17:25 . 2012-07-24 17:25 -------- d-----w- c:\users\NO lag\AppData\Local\Lenovo
2012-07-24 17:12 . 2012-07-24 17:12 -------- d-----w- c:\windows\system32\sda
2012-07-24 17:12 . 2009-02-02 23:27 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-07-24 17:12 . 2012-07-24 17:36 -------- d-----w- c:\program files\Realtek
2012-07-24 17:08 . 2012-07-24 17:36 -------- d-----w- c:\program files\Lenovo
2012-07-24 17:08 . 2012-07-24 17:08 -------- d-----w- c:\program files\Common Files\InstallShield
2012-07-24 17:07 . 2012-07-24 17:07 -------- d-----w- c:\program files\WinTV
2012-07-24 17:07 . 2012-07-24 17:07 -------- d-----w- c:\windows\system32\Hauppauge
2012-07-24 17:07 . 2008-02-08 20:07 274488 ----a-w- c:\windows\system32\hcwpnp32.dll
2012-07-24 17:07 . 2008-02-08 19:59 106552 ----a-w- c:\windows\system32\hcwi2c32.dll
2012-07-24 17:07 . 2006-10-10 22:47 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2012-07-24 17:07 . 2006-10-10 22:47 36921 ------w- c:\windows\system32\hcwutl32_priv.dll
2012-07-24 17:06 . 2007-04-16 20:12 98304 ----a-w- c:\windows\system32\VMCtrl.ax
2012-07-24 17:06 . 2007-04-13 03:59 73728 ----a-w- c:\windows\system32\exvmuvc.ax
2012-07-24 17:06 . 2012-07-24 17:06 -------- d-----w- c:\program files\Vimicro Corporation
2012-07-24 17:05 . 2012-07-24 17:05 -------- d-----w- c:\users\NO lag\AppData\Roaming\InstallShield
2012-07-24 17:04 . 2012-07-24 17:18 -------- d-----w- C:\Drivers
2012-07-24 17:03 . 2012-07-24 17:03 -------- d-----w- C:\LENOVOTOOLS
2012-07-24 14:44 . 2012-07-24 14:44 -------- d-----w- C:\$WINDOWS.~BT
2012-07-23 21:45 . 2012-07-23 21:45 -------- d-----w- c:\users\NO lag\AppData\Roaming\SpeedyPC Software
2012-07-23 21:45 . 2012-07-23 21:45 -------- d-----w- c:\users\NO lag\AppData\Roaming\DriverCure
2012-07-23 21:45 . 2012-07-23 21:45 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-07-23 21:45 . 2012-07-23 21:45 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-23 17:42 . 2012-07-23 17:42 -------- d-----w- C:\3bd24e8949beeb89ecf04c8c
2012-07-23 17:41 . 2012-07-23 17:41 -------- d-----w- C:\3fded4bb7a12cd6301373f41962ee767
2012-07-23 17:40 . 2012-07-23 17:40 -------- d-----w- C:\e8532e93756c265cb2
2012-07-22 15:22 . 2012-07-26 19:12 -------- d-----w- c:\windows\ehome
2012-07-22 11:57 . 2012-07-22 11:57 -------- d-----w- c:\users\NO lag\AppData\Roaming\Tific
2012-07-22 11:57 . 2012-07-22 11:57 -------- d-----w- c:\users\NO lag\AppData\Local\Symantec
2012-07-19 09:38 . 2012-07-19 09:38 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-07-12 23:11 . 2012-07-12 23:11 -------- d-----w- c:\users\NO lag\AppData\Local\WMTools Downloaded Files
2012-07-10 22:16 . 2012-07-10 22:16 -------- d-----w- c:\users\NO lag\AppData\Roaming\SystemRequirementsLab
2012-07-10 06:31 . 2012-07-24 17:13 -------- d--h--w- c:\program files\Temp
2012-07-10 02:31 . 2012-07-10 03:16 -------- d-----w- c:\program files\Common Files\Steam
2012-07-10 02:30 . 2012-07-31 00:45 -------- d-----w- c:\program files\Steam
2012-07-06 18:08 . 2012-07-06 18:08 -------- d-----w- c:\users\NO lag\temp
2012-07-05 23:45 . 2012-07-05 23:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-05 18:20 . 2012-07-10 02:08 -------- d-----w- c:\users\NO lag\AppData\Local\Microsoft Games
2012-07-05 01:27 . 2012-07-05 20:49 -------- d-----w- c:\users\NO lag\AppData\Local\Google
2012-07-05 01:23 . 2012-07-25 05:53 -------- d-----w- c:\programdata\WEBZEN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 02:04 . 2012-03-31 13:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 02:04 . 2011-09-07 20:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-19 21:58 . 2012-05-19 14:46 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-29 15:30 . 2012-03-29 15:29 3993600 ----a-w- c:\program files\GUTD5E1.tmp
2011-09-02 19:03 . 2011-11-16 21:23 730192 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
2012-06-23 13:45 . 2012-02-14 00:00 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 20:08 . 2011-12-05 01:55 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"MediaFire Tray"="c:\users\NO lag\AppData\Local\MediaFire Express\mf_systray.exe" [2012-06-15 2172488]
"Steam"="c:\program files\Steam\Steam.exe" [2012-07-10 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-03-04 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-07-19 336992]
"Lenovokey"="c:\program files\Lenovo\file32\hotkey.exe" [2008-06-18 78024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-6-13 6534768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0042421343401505mcinstcleanup;McAfee Application Installer Cleanup (0042421343401505);c:\users\NOLAG~1\AppData\Local\Temp\004242~1.EXE [x]
R2 5016;5016;c:\users\NOLAG~1\AppData\Local\Temp\5016.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 RadioRage_4jService;RadioRageService;c:\progra~1\RADIOR~2\bar\1.bin\4jbarsvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AtiDCM;AtiDCM;c:\users\NO lag\AppData\Local\Temp\atidcmxx.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 EagleXNt;EagleXNt;c:\users\NO lag\AppData\Local\Temp\EagleXNt.sys [x]
R3 KeDetective131;KeDetective131; [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 vtany;vtany; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva391;XDva391; [x]
R3 xhunter1;xhunter1; [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R3 xspirit;xspirit; [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 Replication Engine;Replication Engine;c:\program files\Microsoft\Replication Engine\ReplicationEngineWindowsService.exe [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 GIDv2;GIDv2; [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120713.001\IDSvix86.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502010.003\SYMNETS.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [x]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe [x]
S2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\DRIVERS\SCRCAMHRDRV.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\Amazon Browser Bar\ToolbarUpdaterService.exe [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:04]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-26 20:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\NO lag\AppData\Roaming\Mozilla\Firefox\Profiles\sxtsxoso.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-customfirefoxright-chromesbox-en-us&tb_uuid=20120605032330837&tb_oid=05-06-2012&tb_mrud=05-06-2012
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=hyplogusaolp00000003
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-customfirefoxright-ab-en-us&tb_uuid=20120605032330837&tb_oid=05-06-2012&tb_mrud=05-06-2012&query=
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extentions.y2layers.installId - ad77b954-7673-4b75-addb-6620d8dadc61
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,buzzdock,pagerage
FF - user.js: security.csp.enable - false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}"=hex:51,66,7a,6c,4c,1d,38,12,4a,94,5d,
df,2a,bb,93,08,e3,6a,3b,f5,24,5d,8e,ad
"{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
"{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}"=hex:51,66,7a,6c,4c,1d,38,12,86,cf,88,
4f,39,e9,44,05,d8,f7,98,d6,86,40,a6,7b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
"{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{64182481-4F71-486B-A045-B233BD0DA8FC}"=hex:51,66,7a,6c,4c,1d,38,12,ef,27,0b,
60,43,01,05,0d,df,53,f1,73,b8,53,ec,e8
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{B84CDBE7-1B46-494B-A188-01D4C52DEB61}"=hex:51,66,7a,6c,4c,1d,38,12,89,d8,5f,
bc,74,55,25,0c,de,9e,42,94,c0,73,af,75
"{BB46BE07-13EB-4C49-B0F0-FC78B9EA4983}"=hex:51,66,7a,6c,4c,1d,38,12,69,bd,55,
bf,d9,5d,27,09,cf,e6,bf,38,bc,b4,0d,97
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b6,e7,ea,21,39,e9,cc,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(696)
c:\windows\system32\GIDHook.dll
c:\windows\system32\GIDBIN1.dll
c:\windows\system32\EasyHook32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\conhost.exe
c:\windows\system32\msiexec.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-07-30 19:51:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 00:51
ComboFix2.txt 2012-07-30 23:53
.
Pre-Run: 217,798,377,472 bytes free
Post-Run: 217,827,741,696 bytes free
.
- - End Of File - - 67C4A046845F017687B853326C656649
IneedYourHelp7 is offline  
Old 07-30-2012, 06:56 PM   #13
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit





I would say it's fixed most of the way. You need to a repair install of Norton. It's not running properly.

It's also important to run an online scan to search for any remnants that may be lurking. Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked

  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 08-02-2012, 09:41 AM   #14
Registered Member
 
Join Date: Jul 2012
Posts: 42
OS: Windows 7 service pack 1



hey, its scanning, today i just got another bsod starting windows normaly, i didnt get to read it because it was too quick to read. It looked the same as before, do i repeat the same steps to fix it if it is?
IneedYourHelp7 is offline  
Old 08-02-2012, 11:59 AM   #15
Registered Member
 
Join Date: Jul 2012
Posts: 42
OS: Windows 7 service pack 1



C:\Program Files\Common Files\ZugoInstaller.exe Win32/Toolbar.Zugo application
C:\Program Files\Windows Movie Maker\toolbar\solidyoutube-hybrid.exe Win32/Somoto application
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe Win32/Toolbar.SearchSuite application
C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application
C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jhtml.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jhtmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jieovr.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jPlugin.dll.vir a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\RadioRage_4j\bar\1.bin\4jskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\Yontoo Layers Runtime\YontooIEClient.dll.vir a variant of Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\Users\NO lag\13810c08-5016.exe.vir a variant of Win32/Kryptik.AIYY trojan
C:\Qoobox\Quarantine\C\Users\NO lag\173d03f4-5016.exe.vir a variant of Win32/Kryptik.AIYY trojan
C:\Qoobox\Quarantine\C\Users\NO lag\2242bdd0-5016.exe.vir a variant of Win32/Kryptik.AIYY trojan
C:\Qoobox\Quarantine\C\Users\NO lag\34957c8d-5016.exe.vir a variant of Win32/Kryptik.AIYY trojan
C:\Users\albert\AppData\LocalLow\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe Win32/Somoto application
C:\Users\albert\Desktop\Mw3 Modding Tools\Keygen.exe a variant of Win32/Keygen.AR application
C:\Users\albert\Downloads\modern warfare 3 gpd editor.exe probably a variant of MSIL/PSW.Agent.NEZ trojan
C:\Users\albert\Downloads\SoftonicDownloader_for_xpadder (1).exe Win32/SoftonicDownloader.D application
C:\Users\albert\Downloads\SoftonicDownloader_for_xpadder.exe Win32/SoftonicDownloader.D application
C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe Win32/Toolbar.SearchSuite application
C:\Users\NO lag\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\5caf746d-682a56c7 a variant of Win32/Injector.UNP trojan
IneedYourHelp7 is offline  
Old 08-03-2012, 05:21 AM   #16
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Open notepad and copy/paste the text in the code box below into it:

Quote:
File::
C:\Program Files\Common Files\ZugoInstaller.exe
C:\Program Files\Windows Movie Maker\toolbar\solidyoutube-hybrid.exe
Folder::
C:\ProgramData\Tarma Installer
C:\ProgramData\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
C:\Users\All Users\Tarma Installer
C:\Users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, post the C:\Combofix.txt

If you get another bsod, run dds.scr and post the 2nd log it creates - the one entitled Attach.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 08-03-2012, 09:45 PM   #17
Registered Member
 
Join Date: Jul 2012
Posts: 42
OS: Windows 7 service pack 1



Quote:
Originally Posted by Ried View Post
Open notepad and copy/paste the text in the code box below into it:



Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, post the C:\Combofix.txt

If you get another bsod, run dds.scr and post the 2nd log it creates - the one entitled Attach.txt



I found out i got BSOD from trying to run 30 day free trial of adobe after effects cs4 and i get bsod everytime i try to open it and run free trial, so i do iunstall it and do i need to do the combo fix since its only my adobe after effects thats getting me bsod?. My norton security suite isnt working, every time i open it i dont see any settings, i just get a small box from it.it comes with my internet,tv, and phone service from comcast/xfinity, do i reinstall it?
IneedYourHelp7 is offline  
Old 08-03-2012, 10:18 PM   #18
TSF Security Manager
Emeritus
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Yes, still run the CFScript I gave you and post the log.

Quote:
My norton security suite isnt working, every time i open it i dont see any settings, i just get a small box from it.it comes with my internet,tv, and phone service from comcast/xfinity, do i reinstall it?
Yes, I believe I mentioned that earlier.

Quote:
Originally Posted by Ried
I would say it's fixed most of the way. You need to do a repair install of Norton. It's not running properly.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 08-05-2012, 09:00 PM   #19
Registered Member
 
Join Date: Jul 2012
Posts: 42
OS: Windows 7 service pack 1



ComboFix 12-08-05.02 - NO lag 08/05/2012 22:44:45.3.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2196 [GMT -5:00]
Running from: c:\users\NO lag\Downloads\ComboFix.exe
Command switches used :: c:\users\NO lag\Desktop\techsupport\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\program files\Common Files\ZugoInstaller.exe"
"c:\program files\Windows Movie Maker\toolbar\solidyoutube-hybrid.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\15BB407A\330D798\ImageUploader5.ocx
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\1E190BD6\D48124DA\CDRip.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\20836516\330D798\Player.swf
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\2E3847F1\CD47D6EC\license.txt
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\30A9F530\D48124DA\lic_helper.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\3211319B\D48124DA\GIFAnimator.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\330097AF\D48124DA\lame_enc.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\DefArtwork.jpg
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\DefFemale.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\DefMale.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\FriendshipNotif.jpg
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\SendPlaylist.jpg
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\TAFLogo.PNG
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\ToGoLogo.PNG
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\37FD4E2F\D48124DA\UpdateInst.exe
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\390BD02D\361BAE4D\Settings.xml
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\3E441ED\D48124DA\IMTrProgress.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\421AA19E\7AFFCC20\Default.skn
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\43A9AD78\87D413FA\ResourcesLoc.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\44CB064F\330D798\Copy_Folder.bat
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\46674F6\3FE5EA20\MP4Splitter.ax
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\48ED1525\330D798\Creatives.xml
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\493B558B\D48124DA\ammp3.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\4EBA599C\D48124DA\DiscoveryHelper.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\51EF7DC1\CD47D6EC\Recommendation_Offline.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\557D0157\D48124DA\avcodec-51.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\59EAB653\3FE5EA20\MpaDecFilter.ax
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\5C64C4FA\3FE5EA20\aac_parser.ax
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\6C1E3153\3FE5EA20\ac3filter.ax
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\6D663D0B\7AFFCC20\Default.xml
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\728C9006\361BAE4D\RemoteSkin.wmz
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\8E5E0FAF\D48124DA\avutil-49.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\97DEC5D6\D48124DA\avformat-51.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\23E80E04\common.css
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\23E80E04\common.tis
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\23E80E04\guitest.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\43245446\albums.css
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\43245446\albums.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\47EF03AA\artists.css
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\47EF03AA\artists.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\47EF03AA\header.css
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\47EF03AA\header.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\4942D0D0\defpreview.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\4942D0D0\play.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\4942D0D0\play_disabled.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\4942D0D0\play_down.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\4942D0D0\play_over.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\defalbum.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\defbutton.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\ls_btn.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\ls_btn_hover.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\ls_btn_pressed.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_bottom.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_bottom_over.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_bottom_pressed.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_fill.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_slider.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_slider_center.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_slider_center_over.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_slider_center_pressed.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_slider_over.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_slider_pressed.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_top.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_top_over.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_top_pressed.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\th_btn.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\th_btn_hover.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\th_btn_pressed.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\tip.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\tipb.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\white.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\8E610E87\videos.css
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\8E610E87\videos.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9D34C7B6\defpreview.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9D34C7B6\list_btn.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9D34C7B6\playbtn.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9D34C7B6\playing.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9E26AEB4\defpreview.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9E26AEB4\playbtn.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9E26AEB4\playing.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\D73B2D26\cdrip_view.css
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\D73B2D26\cdrip_view.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\D73B2D26\cdrip_view.tis
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\EA1F2EA1\pro-view.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\EA1F2EA1\scheme.css
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\EA1F2EA1\scheme.tis
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\EA1F2EA1\view.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\active.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\azure.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\black.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\blue.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\bs.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\byzantium.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\close-hovered.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\close-normal.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\close-pressed.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\close.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\dark-blue.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\green.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\grey.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\hover.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\inactive.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\magenta.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\olive.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\orange.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\pink.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\pro.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\red.png
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\10.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1040.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1043.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1044.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1050.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1054.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1055.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1057.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1058.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1060.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1062.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1063.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1070.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\11.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\12.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\13.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\14.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\15.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\16.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\17.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\18.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\19.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\2.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\20.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\21.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\22.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\23.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\24.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\25.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\26.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\27.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\28.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\29.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\3.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\30.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\31.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\32.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\33.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\34.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\35.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\36.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\37.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\38.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\4.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\5.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\6.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\7.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\8.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\9.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\BC96A9C5\D48124DA\libungif4.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\BEE7EE4\330D798\BerkeleyLoader.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\C2006858\D48124DA\UninstallUsers.exe
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\C4C1AD15\330D798\FixAudioDriverSignature.reg
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\C8D24B\330D798\SHW32.DLL
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\C8DFF939\D48124DA\iMesh.exe
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\C92B6398\D48124DA\InstallHelper.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\CA0AE3B4\CD47D6EC\noInternet.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\CA128B0F\2A5A42C6\iMesh.ico
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\D8D0E2B1\330D798\sciter-x.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\D8D1CE05\D48124DA\Nickel.ocx
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\DB01D948\330D798\WMAProfiles.prx
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\DB3F94E6\D48124DA\IMWebControl.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\E20D0084\CD47D6EC\loading.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\E29481F0\CD47D6EC\offline.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\E5032806\8EFB23AB\WMHelper.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\E5A606DA\1628E0F2\Smiley.ico
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\F6F60989\CD47D6EC\error.html
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\FC4A1FDA\59C6BBF0\bg-top.jpg
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\FC4A1FDA\59C6BBF0\closeRecommend.gif
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\mIDEFunc.dll\mEXEFunc.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\OFFLINE\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\OFFLINE\mDown.dll\mDownExec.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
c:\programdata\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\OFFLINE\mMSI.dll\mMSIExec.dll
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setup.dll
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.dat
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.exe
c:\programdata\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.ico
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\15BB407A\330D798\ImageUploader5.ocx
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\1E190BD6\D48124DA\CDRip.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\20836516\330D798\Player.swf
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\2E3847F1\CD47D6EC\license.txt
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\30A9F530\D48124DA\lic_helper.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\3211319B\D48124DA\GIFAnimator.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\330097AF\D48124DA\lame_enc.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\DefArtwork.jpg
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\DefFemale.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\DefMale.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\FriendshipNotif.jpg
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\SendPlaylist.jpg
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\TAFLogo.PNG
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\377FF9D1\17CCB08F\ToGoLogo.PNG
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\37FD4E2F\D48124DA\UpdateInst.exe
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\390BD02D\361BAE4D\Settings.xml
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\3E441ED\D48124DA\IMTrProgress.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\421AA19E\7AFFCC20\Default.skn
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\43A9AD78\87D413FA\ResourcesLoc.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\44CB064F\330D798\Copy_Folder.bat
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\46674F6\3FE5EA20\MP4Splitter.ax
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\48ED1525\330D798\Creatives.xml
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\493B558B\D48124DA\ammp3.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\4EBA599C\D48124DA\DiscoveryHelper.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\51EF7DC1\CD47D6EC\Recommendation_Offline.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\557D0157\D48124DA\avcodec-51.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\59EAB653\3FE5EA20\MpaDecFilter.ax
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\5C64C4FA\3FE5EA20\aac_parser.ax
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\6C1E3153\3FE5EA20\ac3filter.ax
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\6D663D0B\7AFFCC20\Default.xml
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\728C9006\361BAE4D\RemoteSkin.wmz
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\8E5E0FAF\D48124DA\avutil-49.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\97DEC5D6\D48124DA\avformat-51.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\23E80E04\common.css
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\23E80E04\common.tis
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\23E80E04\guitest.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\43245446\albums.css
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\43245446\albums.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\47EF03AA\artists.css
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\47EF03AA\artists.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\47EF03AA\header.css
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\47EF03AA\header.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\4942D0D0\defpreview.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\4942D0D0\play.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\4942D0D0\play_disabled.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\4942D0D0\play_down.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\4942D0D0\play_over.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\defalbum.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\defbutton.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\ls_btn.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\ls_btn_hover.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\ls_btn_pressed.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_bottom.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_bottom_over.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_bottom_pressed.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_fill.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_slider.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_slider_center.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_slider_center_over.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_slider_center_pressed.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_slider_over.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_slider_pressed.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_top.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_top_over.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\sbv_top_pressed.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\th_btn.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\th_btn_hover.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\th_btn_pressed.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\tip.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\tipb.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\5D86A10B\white.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\8E610E87\videos.css
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\8E610E87\videos.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9D34C7B6\defpreview.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9D34C7B6\list_btn.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9D34C7B6\playbtn.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9D34C7B6\playing.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9E26AEB4\defpreview.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9E26AEB4\playbtn.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\9E26AEB4\playing.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\D73B2D26\cdrip_view.css
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\D73B2D26\cdrip_view.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\D73B2D26\cdrip_view.tis
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\EA1F2EA1\pro-view.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\EA1F2EA1\scheme.css
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\EA1F2EA1\scheme.tis
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\EA1F2EA1\view.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\active.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\azure.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\black.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\blue.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\bs.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\byzantium.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\close-hovered.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\close-normal.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\close-pressed.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\close.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\dark-blue.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\green.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\grey.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\hover.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\inactive.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\magenta.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\olive.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\orange.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\pink.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\pro.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\9B75E884\ED951B7\red.png
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\10.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1040.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1043.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1044.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1050.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1054.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1055.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1057.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1058.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1060.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1062.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1063.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\1070.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\11.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\12.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\13.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\14.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\15.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\16.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\17.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\18.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\19.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\2.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\20.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\21.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\22.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\23.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\24.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\25.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\26.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\27.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\28.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\29.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\3.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\30.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\31.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\32.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\33.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\34.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\35.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\36.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\37.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\38.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\4.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\5.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\6.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\7.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\8.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\A2D58F4\DE6FBBA0\9.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\BC96A9C5\D48124DA\libungif4.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\BEE7EE4\330D798\BerkeleyLoader.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\C2006858\D48124DA\UninstallUsers.exe
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\C4C1AD15\330D798\FixAudioDriverSignature.reg
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\C8D24B\330D798\SHW32.DLL
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\C8DFF939\D48124DA\iMesh.exe
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\C92B6398\D48124DA\InstallHelper.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\CA0AE3B4\CD47D6EC\noInternet.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\CA128B0F\2A5A42C6\iMesh.ico
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\D8D0E2B1\330D798\sciter-x.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\D8D1CE05\D48124DA\Nickel.ocx
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\DB01D948\330D798\WMAProfiles.prx
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\DB3F94E6\D48124DA\IMWebControl.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\E20D0084\CD47D6EC\loading.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\E29481F0\CD47D6EC\offline.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\E5032806\8EFB23AB\WMHelper.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\E5A606DA\1628E0F2\Smiley.ico
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\F6F60989\CD47D6EC\error.html
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\F9A8E141\CD47D6EC\SetupDataMngr_iMesh.exe
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\FC4A1FDA\59C6BBF0\bg-top.jpg
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\FC4A1FDA\59C6BBF0\closeRecommend.gif
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\BRAND_FILES\mIDEFunc.dll\mEXEFunc.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\OFFLINE\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\OFFLINE\mDown.dll\mDownExec.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
c:\users\All Users\{BD8912D9-3040-46C4-B96A-4C3AC7E43486}\OFFLINE\mMSI.dll\mMSIExec.dll
c:\users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setup.dll
c:\users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll
c:\users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.dat
c:\users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.exe
c:\users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.ico
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 03:55 . 2012-08-06 03:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-06 03:55 . 2012-08-06 03:55 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-06 03:55 . 2012-08-06 03:55 -------- d-----w- c:\users\free nx\AppData\Local\temp
2012-08-06 03:55 . 2012-08-06 03:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 03:55 . 2012-08-06 03:55 -------- d-----w- c:\users\chelsea\AppData\Local\temp
2012-08-06 03:55 . 2012-08-06 03:55 -------- d-----w- c:\users\ayeley\AppData\Local\temp
2012-08-06 03:55 . 2012-08-06 03:55 -------- d-----w- c:\users\albert\AppData\Local\temp
2012-08-06 03:35 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B73CF3D5-4AE7-4FFD-8D3A-153178AA6D0D}\mpengine.dll
2012-08-06 03:27 . 2012-08-06 03:28 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-06 03:27 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-06 03:25 . 2012-08-06 03:25 -------- d-----w- C:\fa8317495c9bef364f5093
2012-08-05 20:13 . 2012-08-05 20:13 -------- d-----w- c:\users\NO lag\AppData\Roaming\Sony Creative Software Inc
2012-08-05 18:05 . 2012-08-05 18:05 -------- d-----w- c:\users\NO lag\AppData\Local\Apple Computer
2012-08-05 17:37 . 2012-08-05 17:37 -------- d-----w- c:\users\NO lag\AppData\Roaming\Apple Computer
2012-08-05 17:31 . 2012-08-05 17:31 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2012-08-05 17:31 . 2012-08-05 17:31 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2012-08-05 17:31 . 2012-08-05 17:31 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2012-08-05 17:31 . 2012-08-05 17:31 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2012-08-05 17:31 . 2012-08-05 17:31 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2012-08-05 17:31 . 2012-08-05 17:31 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2012-08-05 17:31 . 2012-08-05 17:31 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2012-08-05 17:30 . 2012-08-05 17:31 -------- d-----w- c:\program files\QuickTime
2012-08-05 04:04 . 2012-07-16 07:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{54548AD3-1C88-4FCA-A485-655BF05F1872}\mpengine.dll
2012-08-02 16:24 . 2012-08-02 16:24 -------- d-----w- c:\program files\ESET
2012-08-02 05:09 . 2012-08-02 18:28 -------- d-----w- c:\programdata\FLEXnet
2012-08-02 05:04 . 2012-08-02 05:04 -------- d-----w- c:\program files\Adobe Media Player
2012-08-02 04:59 . 2012-08-02 04:59 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-08-02 04:44 . 2008-08-06 21:22 114688 ----a-w- c:\program files\Mozilla Firefox\plugins\np32dsw.dll
2012-08-02 02:38 . 2012-08-02 02:38 -------- d-----w- c:\program files\uTorrent
2012-08-02 02:17 . 2012-08-02 02:17 -------- d-----w- c:\users\NO lag\AppData\Roaming\BANDISOFT
2012-08-01 07:25 . 2012-08-01 07:25 -------- d-----w- c:\users\NO lag\AppData\Local\Dxtory Software
2012-08-01 07:25 . 2011-05-24 04:23 3166720 ----a-w- c:\windows\system32\DxtoryCodec.dll
2012-08-01 07:25 . 2012-08-01 07:25 -------- d-----w- c:\program files\Dxtory Software
2012-07-31 18:18 . 2012-07-31 18:21 -------- d-----w- c:\program files\Zenote
2012-07-31 16:59 . 2012-08-05 18:23 -------- d-----w- C:\Fraps
2012-07-31 02:20 . 2012-05-15 10:26 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-07-31 02:20 . 2012-05-15 10:26 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-07-31 02:20 . 2012-05-15 10:26 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-07-31 02:20 . 2012-05-15 10:26 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-07-31 02:20 . 2012-05-15 10:26 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-07-31 02:20 . 2012-05-15 10:26 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-07-31 02:20 . 2012-05-15 10:26 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-07-31 02:20 . 2012-05-15 10:26 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-07-31 00:43 . 2012-07-31 00:59 -------- d-----w- c:\users\NO lag\AppData\Local\VirtualStore
2012-07-31 00:42 . 2012-08-06 03:55 -------- d-----w- c:\users\NO lag\AppData\Local\temp
2012-07-28 00:55 . 2012-07-28 00:55 -------- d-----w- c:\users\NO lag\AppData\Local\Unity
2012-07-28 00:55 . 2012-07-28 00:55 -------- d-----w- c:\program files\Unity
2012-07-26 23:14 . 2012-07-26 23:14 -------- d-----w- c:\users\NO lag\AppData\Local\ElevatedDiagnostics
2012-07-26 20:01 . 2012-07-26 20:01 -------- d-----w- c:\users\NO lag\AppData\Roaming\SUPERAntiSpyware.com
2012-07-26 20:01 . 2012-07-26 20:01 -------- d-----w- c:\program files\Google
2012-07-26 20:01 . 2012-07-26 20:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-26 20:01 . 2012-07-26 20:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-26 14:39 . 2012-07-26 14:39 -------- d-----w- c:\program files\Microsoft Windows Performance Toolkit
2012-07-26 14:39 . 2012-07-26 14:39 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-07-26 14:39 . 2012-07-26 14:39 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2012-07-26 14:38 . 2012-07-26 14:38 -------- d-----w- c:\program files\Application Verifier
2012-07-25 07:48 . 2012-07-25 07:48 -------- d-----w- c:\users\free nx.ayeley-PC
2012-07-25 07:47 . 2012-07-25 07:47 -------- d-----w- c:\users\NO lag\AppData\Roaming\RealNetworks
2012-07-25 07:28 . 2012-07-25 07:28 -------- d-----w- c:\programdata\RealNetworks
2012-07-25 04:47 . 2012-07-25 04:47 30144 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-07-25 04:41 . 2012-07-25 04:41 -------- d-----w- C:\SWTOOLS
2012-07-24 22:00 . 2012-07-31 18:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-24 21:31 . 2012-07-25 05:55 -------- d-----w- c:\users\NO lag\AppData\Roaming\Uniblue
2012-07-24 19:37 . 2012-07-24 19:37 -------- d-----w- c:\program files\MagicISO
2012-07-24 18:59 . 2012-07-24 18:59 -------- d-----w- c:\users\NO lag\AppData\Local\uTorrent
2012-07-24 18:01 . 2012-07-24 18:01 -------- d-----w- c:\users\NO lag\AppData\Roaming\PowerISO
2012-07-24 17:56 . 2012-07-24 17:56 -------- d-----w- c:\program files\PowerISO
2012-07-24 17:25 . 2012-07-24 17:25 -------- d-----w- c:\users\NO lag\AppData\Local\Lenovo
2012-07-24 17:12 . 2012-07-24 17:12 -------- d-----w- c:\windows\system32\sda
2012-07-24 17:12 . 2009-02-02 23:27 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-07-24 17:12 . 2012-07-24 17:36 -------- d-----w- c:\program files\Realtek
2012-07-24 17:08 . 2012-07-24 17:36 -------- d-----w- c:\program files\Lenovo
2012-07-24 17:08 . 2012-07-24 17:08 -------- d-----w- c:\program files\Common Files\InstallShield
2012-07-24 17:07 . 2012-07-24 17:07 -------- d-----w- c:\program files\WinTV
2012-07-24 17:07 . 2012-07-24 17:07 -------- d-----w- c:\windows\system32\Hauppauge
2012-07-24 17:07 . 2008-02-08 20:07 274488 ----a-w- c:\windows\system32\hcwpnp32.dll
2012-07-24 17:07 . 2008-02-08 19:59 106552 ----a-w- c:\windows\system32\hcwi2c32.dll
2012-07-24 17:07 . 2006-10-10 22:47 36921 ----a-w- c:\windows\system32\hcwutl32.dll
2012-07-24 17:07 . 2006-10-10 22:47 36921 ------w- c:\windows\system32\hcwutl32_priv.dll
2012-07-24 17:06 . 2007-04-16 20:12 98304 ----a-w- c:\windows\system32\VMCtrl.ax
2012-07-24 17:06 . 2007-04-13 03:59 73728 ----a-w- c:\windows\system32\exvmuvc.ax
2012-07-24 17:06 . 2012-07-24 17:06 -------- d-----w- c:\program files\Vimicro Corporation
2012-07-24 17:05 . 2012-07-24 17:05 -------- d-----w- c:\users\NO lag\AppData\Roaming\InstallShield
2012-07-24 17:04 . 2012-07-24 17:18 -------- d-----w- C:\Drivers
2012-07-24 17:03 . 2012-07-24 17:03 -------- d-----w- C:\LENOVOTOOLS
2012-07-24 14:44 . 2012-07-24 14:44 -------- d-----w- C:\$WINDOWS.~BT
2012-07-23 21:45 . 2012-07-23 21:45 -------- d-----w- c:\users\NO lag\AppData\Roaming\SpeedyPC Software
2012-07-23 21:45 . 2012-07-23 21:45 -------- d-----w- c:\users\NO lag\AppData\Roaming\DriverCure
2012-07-23 21:45 . 2012-07-23 21:45 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-07-23 21:45 . 2012-07-23 21:45 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-23 17:42 . 2012-07-23 17:42 -------- d-----w- C:\3bd24e8949beeb89ecf04c8c
2012-07-23 17:41 . 2012-07-23 17:41 -------- d-----w- C:\3fded4bb7a12cd6301373f41962ee767
2012-07-23 17:40 . 2012-07-23 17:40 -------- d-----w- C:\e8532e93756c265cb2
2012-07-22 15:22 . 2012-07-26 19:12 -------- d-----w- c:\windows\ehome
2012-07-22 11:57 . 2012-07-22 11:57 -------- d-----w- c:\users\NO lag\AppData\Roaming\Tific
2012-07-22 11:57 . 2012-07-22 11:57 -------- d-----w- c:\users\NO lag\AppData\Local\Symantec
2012-07-19 09:38 . 2012-07-19 09:38 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-07-12 23:11 . 2012-07-12 23:11 -------- d-----w- c:\users\NO lag\AppData\Local\WMTools Downloaded Files
2012-07-10 22:16 . 2012-07-10 22:16 -------- d-----w- c:\users\NO lag\AppData\Roaming\SystemRequirementsLab
2012-07-10 06:31 . 2012-07-24 17:13 -------- d--h--w- c:\program files\Temp
2012-07-10 02:31 . 2012-08-02 05:51 -------- d-----w- c:\program files\Common Files\Steam
2012-07-10 02:30 . 2012-08-05 23:36 -------- d-----w- c:\program files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 07:04 . 2012-03-31 13:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 07:04 . 2011-09-07 20:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 17:25 . 2011-09-07 21:11 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 06:17 . 2012-05-30 06:17 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-05-19 21:58 . 2012-05-19 14:46 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-05-15 10:26 . 2012-03-22 03:26 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2009-09-27 20:12 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2009-09-27 20:12 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26 . 2009-09-27 20:12 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 09:28 . 2009-09-27 22:47 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2009-09-27 22:47 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2009-09-27 22:47 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2009-09-27 22:46 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2009-09-27 22:47 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-03-29 15:30 . 2012-03-29 15:29 3993600 ----a-w- c:\program files\GUTD5E1.tmp
2011-09-02 19:03 . 2011-11-16 21:23 730192 ----a-w- c:\program files\Common Files\ZugoInstaller.exe
2012-06-23 13:45 . 2012-02-14 00:00 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 20:08 . 2011-12-05 01:55 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"MediaFire Tray"="c:\users\NO lag\AppData\Local\MediaFire Express\mf_systray.exe" [2012-06-15 2172488]
"Steam"="c:\program files\Steam\Steam.exe" [2012-08-04 1353080]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-06-23 1021840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-03-04 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-07-19 336992]
"Lenovokey"="c:\program files\Lenovo\file32\hotkey.exe" [2008-06-18 78024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-7-18 6536304]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [x]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120713.001\IDSvix86.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\Ironx86.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0502010.003\SYMNETS.SYS [x]
R2 0042421343401505mcinstcleanup;McAfee Application Installer Cleanup (0042421343401505);c:\users\NOLAG~1\AppData\Local\Temp\004242~1.EXE [x]
R2 5016;5016;c:\users\NOLAG~1\AppData\Local\Temp\5016.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [x]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [x]
R2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [x]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 RadioRage_4jService;RadioRageService;c:\progra~1\RADIOR~2\bar\1.bin\4jbarsvc.exe [x]
R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\DRIVERS\SCRCAMHRDRV.sys [x]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
R2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\Amazon Browser Bar\ToolbarUpdaterService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AtiDCM;AtiDCM;c:\users\NO lag\AppData\Local\Temp\atidcmxx.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 KeDetective131;KeDetective131; [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 vtany;vtany; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva391;XDva391; [x]
R3 xhunter1;xhunter1; [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R3 xspirit;xspirit; [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 Replication Engine;Replication Engine;c:\program files\Microsoft\Replication Engine\ReplicationEngineWindowsService.exe [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\SYMEFA.SYS [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 GIDv2;GIDv2; [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:04]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-26 20:01]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-26 20:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\NO lag\AppData\Roaming\Mozilla\Firefox\Profiles\sxtsxoso.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-customfirefoxright-chromesbox-en-us&tb_uuid=20120605032330837&tb_oid=05-06-2012&tb_mrud=05-06-2012
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=hyplogusaolp00000003
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&invocationType=tb50-ff-customfirefoxright-ab-en-us&tb_uuid=20120605032330837&tb_oid=05-06-2012&tb_mrud=05-06-2012&query=
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extentions.y2layers.installId - ad77b954-7673-4b75-addb-6620d8dadc61
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,buzzdock,pagerage
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Bandicam - c:\program files\Bandicam\uninstall.exe
AddRemove-BandiMPEG1 - c:\program files\BandiMPEG1\uninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}"=hex:51,66,7a,6c,4c,1d,38,12,4a,94,5d,
df,2a,bb,93,08,e3,6a,3b,f5,24,5d,8e,ad
"{78BA36C9-6036-482B-B48D-ECCA6F964B84}"=hex:51,66,7a,6c,4c,1d,38,12,a7,35,a9,
7c,04,2e,45,0d,cb,9b,af,8a,6a,c8,0f,90
"{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}"=hex:51,66,7a,6c,4c,1d,38,12,86,cf,88,
4f,39,e9,44,05,d8,f7,98,d6,86,40,a6,7b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{48909954-14FB-4971-A7B3-47E7AF10B38A}"=hex:51,66,7a,6c,4c,1d,38,12,3a,9a,83,
4c,c9,5a,1f,0c,d8,a5,04,a7,aa,4e,f7,9e
"{5848763C-2668-44CA-ADBE-2999A6EE2858}"=hex:51,66,7a,6c,4c,1d,38,12,52,75,5b,
5c,5a,68,a4,01,d2,a8,6a,d9,a3,b0,6c,4c
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{64182481-4F71-486B-A045-B233BD0DA8FC}"=hex:51,66,7a,6c,4c,1d,38,12,ef,27,0b,
60,43,01,05,0d,df,53,f1,73,b8,53,ec,e8
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{B84CDBE7-1B46-494B-A188-01D4C52DEB61}"=hex:51,66,7a,6c,4c,1d,38,12,89,d8,5f,
bc,74,55,25,0c,de,9e,42,94,c0,73,af,75
"{BB46BE07-13EB-4C49-B0F0-FC78B9EA4983}"=hex:51,66,7a,6c,4c,1d,38,12,69,bd,55,
bf,d9,5d,27,09,cf,e6,bf,38,bc,b4,0d,97
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b6,e7,ea,21,39,e9,cc,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-05 22:57:21
ComboFix-quarantined-files.txt 2012-08-06 03:57
ComboFix2.txt 2012-07-31 00:51
ComboFix3.txt 2012-07-30 23:53
.
Pre-Run: 184,074,973,184 bytes free
Post-Run: 184,722,046,976 bytes free
.
- - End Of File - - BB99910DAAE8D58DE7F8202B5DFC7A85
IneedYourHelp7 is offline  
Old 08-05-2012, 09:20 PM   #20
Registered Member
 
Join Date: Jul 2012
Posts: 42
OS: Windows 7 service pack 1



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 9/7/2011 3:43:03 PM
System Uptime: 8/5/2012 11:08:18 PM (0 hours ago)
.
Motherboard: LENOVO | | LENOVO
Processor: Intel(R) Pentium(R) Dual CPU E2220 @ 2.40GHz | CPU 1 | 2394/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 276 GiB total, 171.851 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP116: 7/31/2012 1:18:07 PM - Installed Zenoté Letterbox for Vegas
RP117: 7/31/2012 1:19:30 PM - Installed Zenoté Random for Vegas
RP118: 7/31/2012 1:20:50 PM - Installed Zenoté Blur for Vegas
RP120: 8/1/2012 11:43:40 PM - Shockwave Player
RP121: 8/4/2012 5:25:06 AM - Windows Update
RP122: 8/5/2012 12:29:19 PM - Installed QuickTime
RP123: 8/5/2012 10:26:19 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color Video Profiles AE CS4
Adobe Community Help
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Download Assistant
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5.1
Adobe Reader X (10.1.3)
Adobe Setup
Adobe Shockwave Player 11
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Advanced SystemCare 5
Amazon Browser Bar
Apple Application Support
Apple Software Update
Application Profiles
Application Verifier
Art Effects for PDR10
Ask Toolbar
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
Battlefield 3™
Battlefield Play4Free
Bing Bar
Call of Duty: Black Ops
CCleaner
Combat Arms
Comcast Desktop Software (v1.2.1)
Constant Guard Protection Suite
Cross Fire En
Debugging Tools for Windows (x86)
DFOLauncher
Driver Manager
Dxtory 2.0.108
ESET Online Scanner v3
Eusing Free Registry Cleaner
Fraps (remove only)
Freecorder 5
Freecorder Toolbar
GamersFirst LIVE!
Google Chrome
Google Update Helper
GuardedID
Hauppauge MCE XP/Vista Software Encoder (2.0.26057)
Hide IP Easy
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
HyperCam 2
Hyperionics DB Toolbar
iMesh
Iminent
Intel(R) Graphics Media Accelerator Driver
Intel(R) Processor ID Utility
Intel(R) TV Wizard
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 4
JavaFX 2.1.0
LXH-JME2202P Hotkey driver
Magic ISO Maker v5.5 (build 0281)
MediaFire Express
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET Web Pages
Microsoft DirectX SDK (June 2010)
Microsoft Help Viewer 1.0
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft SharePoint Administration Toolkit
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 4.0 Web Tools ENU
Microsoft SQL Server VSS Writer
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 Express - ENU
Microsoft Web Deploy 2.0
Microsoft Web Platform Installer 3.0
Microsoft Windows Performance Toolkit
Microsoft Windows SDK .NET Framework Tools (30514)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Microsoft Windows SDK MSHelp (30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT Redists
Nexon Game Manager
node.js
Norton Security Suite
NVIDIA 3D Vision Controller Driver 301.42
NVIDIA 3D Vision Driver 301.42
NVIDIA Control Panel 301.42
NVIDIA Graphics Driver 301.42
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.8.15
NVIDIA Update Components
Origin
Pando Media Booster
PDF Settings CS5
Photoshop Camera Raw
Pixel Bender Toolkit
PowerISO
PunkBuster Services
QuickTime
RadioRage
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Recuva
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)
Service Pack 1 for SQL Server 2008 (KB968369)
Skype Click to Call
Skype™ 5.10
Smart Defrag 2
SmartSound Quicktracks 5
Sql Server Customer Experience Improvement Program
Steam
SuddenAttack
Suite Shared Configuration CS4
SUPERAntiSpyware
swMSM
System Requirements Lab CYRI
System Requirements Lab for Intel
TeamViewer 7
Unity Web Player
Vegas Pro 11.0
Vimicro UVC Camera
Windows Movie Maker 6.1
Windows SDK IntellisenseNFX
WinRAR 4.10 (32-bit)
Wise Registry Cleaner 6.14
WiseFixer 3.2
XFINITY Toolbar
Your Product
Zenoté Blur for Vegas
Zenoté Letterbox for Vegas
Zenoté Random for Vegas
.
==== Event Viewer Messages From Past Week ========
.
8/5/2012 11:16:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/5/2012 11:09:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/5/2012 11:09:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/5/2012 11:09:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/5/2012 11:09:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/5/2012 11:09:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/5/2012 11:09:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 discache eeCtrl IDSVix86 MpFilter SASDIFSV SASKUTIL SCDEmu spldr SRTSPX SymIRON SymNetS Wanarpv6
8/5/2012 11:09:08 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
8/5/2012 11:08:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x835d9487, 0x8f125754, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080512-21715-01.
8/5/2012 11:03:36 PM, Error: Service Control Manager [7000] - The RadioRageService service failed to start due to the following error: The system cannot find the file specified.
8/5/2012 11:03:36 PM, Error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the path specified.
8/5/2012 11:03:03 PM, Error: Service Control Manager [7000] - The 5016 service failed to start due to the following error: The system cannot find the file specified.
8/5/2012 10:55:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/5/2012 10:43:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/5/2012 10:36:03 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1460.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: https://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80004004 Error description: Operation aborted
8/5/2012 10:36:03 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1460.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: https://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80004004 Error description: Operation aborted
8/5/2012 10:36:03 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1460.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: https://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80004004 Error description: Operation aborted
8/5/2012 10:36:03 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1460.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: https://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80004004 Error description: Operation aborted
8/5/2012 10:36:03 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1460.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: https://go.microsoft.com/fwlink/?Link...D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80004004 Error description: Operation aborted
8/5/2012 10:36:01 PM, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\NETWORK SERVICE Error Code: 0x80004004 Error description: Operation aborted
8/5/2012 10:36:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: Error code: 0x80004004 Error description: Operation aborted
8/5/2012 10:34:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
8/5/2012 10:34:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/5/2012 10:33:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83567487, 0xa787741c, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080512-22027-01.
8/5/2012 10:28:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
8/3/2012 4:13:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/3/2012 4:13:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.
8/3/2012 10:33:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x86d1c26e, 0x8d5d7974, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080312-34101-01.
8/2/2012 9:22:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
8/2/2012 2:03:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
8/2/2012 2:03:01 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/2/2012 12:16:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
8/2/2012 12:16:39 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/2/2012 12:11:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x86ae726e, 0xad728974, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080212-57033-01.
8/2/2012 11:19:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
8/2/2012 11:17:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 discache eeCtrl IDSVix86 SASDIFSV SASKUTIL SCDEmu spldr SRTSPX SymIRON SymNetS Wanarpv6
8/2/2012 11:17:26 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82d04433, 0x8d51fb4c, 0x8d51f730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080212-21528-01.
7/31/2012 6:51:12 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
7/30/2012 8:43:23 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/30/2012 8:43:23 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
7/30/2012 8:39:00 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
7/29/2012 2:55:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/29/2012 2:52:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service SkypeUpdate with arguments "/ComService" in order to run the server: {CC957078-B838-47C4-A7CF-626E7A82FC58}
.
==== End Of File ===========================
IneedYourHelp7 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Could I make this work? Advice needed
I'm building a really inexpensive computer using some old hardware. I know I would regret it if I didn't ask for some advice before buying parts. There are a couple questions I have. Will my old power supply work with the new motherboard, gpu, cpu, etc? What cables do I need to get with the parts?...
pe4nut Building 49 09-14-2011 01:55 PM
me dos-based editor utility software?? me needed
Win Xp sp3 Intel me dos based editor software needed directly to directly partition eraser fail directly to directly partition overwrite 1 (1 passess) fail me all sectors automatically delete software needed
dang_boy Windows XP Support 7 05-06-2011 12:58 PM
help needed with load needed for DDLs kernel
i had shortly made a disk clean up as my drive c was full...and then when i reebooted my computer afta da check it reported a problem like "load needed for DLLs kernel".......i am totally frustrated with this thing.....i would appreciate any help and by the way if there is a way in which i can...
joeljacob Windows XP Support 1 04-12-2011 05:24 AM
error from upgradation to oel 6 from oel5_6
--> Missing Dependency: libiso9660.so.5()(64bit) is needed by package xine-lib-1.1.19-2.el5.rf.x86_64 (installed) java-1.4.2-gcj-compat-devel-1.4.2.0-40jpp.115.i386 from installed has depsolving problems --> Missing Dependency: python(abi) = 2.4 is needed by package...
csayantan Linux Support 1 02-20-2011 09:04 PM
Computer running alot of unknown processes
ok so im trying to clean up my computer abit and iv noticed that theres 90 processes running when in fact to my knowledge theres nothing running bar the norms eg avg, firefox and so forth. Are these removable, should there be there at all, should i intend to remove them. help would greatly be...
jazzmcd Windows 7 , Windows Vista Support 10 02-17-2011 07:50 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:34 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts