I have Essential Cleaner ANTIVIRUS on my computer..

View previous topic View next topic Go down

I have Essential Cleaner ANTIVIRUS on my computer..

Post by dragonfell on Sat 07 May 2011, 10:25 am

Hi I have Essential Cleaner ANTIVIRUS on my computer.. ive read other posts but have no idea how to fix this problem Any help would be appreaciated ...i ran combo-fix and this is what i got in the log file if it is anyhelp ...
ComboFix 11-05-06.03 - Jon and Heather 05/06/2011 18:11:18.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2198 [GMT -5:00]
Running from: c:\users\Jon and Heather\Desktop\Com-boFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Dealio Toolbar
c:\program files (x86)\Dealio Toolbar\FF\chrome.manifest
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\login.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files (x86)\Dealio Toolbar\FF\install.rdf
c:\program files (x86)\Dealio Toolbar\IE\4.3\config.ini
c:\program files (x86)\Dealio Toolbar\Res\amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\apple.gif
c:\program files (x86)\Dealio Toolbar\Res\barnes.gif
c:\program files (x86)\Dealio Toolbar\Res\bestbuy.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files (x86)\Dealio Toolbar\Res\ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\icon_settings.gif
c:\program files (x86)\Dealio Toolbar\Res\macys.gif
c:\program files (x86)\Dealio Toolbar\Res\newegg.gif
c:\program files (x86)\Dealio Toolbar\Res\overstock.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron.gif
c:\program files (x86)\Dealio Toolbar\Res\search_amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\search_dealio.gif
c:\program files (x86)\Dealio Toolbar\Res\search_ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\search_yahoo.gif
c:\program files (x86)\Dealio Toolbar\Res\target.gif
c:\program files (x86)\Dealio Toolbar\Res\walmart.gif
c:\program files (x86)\Dealio Toolbar\Res\widgets.xml
c:\program files (x86)\Dealio Toolbar\WidgiHelper.exe
c:\program files (x86)\Mozilla Firefox\extensions\dealio@mybrowserbar.com
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\program files (x86)\Uninstall.exe
c:\programdata\oP01804NcDkI01804
c:\programdata\oP01804NcDkI01804\oP01804NcDkI01804
c:\programdata\oP01804NcDkI01804\oP01804NcDkI01804.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-06 23:16 . 2011-05-06 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-06 22:45 . 2011-05-06 22:45 -------- d-----w- c:\users\Jon and Heather\AppData\Local\{E0A5CC01-175B-48E1-99B7-CC887502D24D}
2011-05-03 17:42 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29314116-EFDA-4609-A3DD-92F86AD62908}\mpengine.dll
2011-05-02 17:44 . 2011-05-02 17:44 -------- d-----w- c:\users\Jon and Heather\AppData\Local\VS Revo Group
2011-05-02 17:43 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-05-02 17:43 . 2011-05-02 17:43 -------- d-----w- c:\program files\VS Revo Group
2011-05-02 02:54 . 2011-05-02 02:54 -------- d-----w- c:\program files\Logitech
2011-04-30 17:09 . 2011-04-30 17:09 -------- d-----w- c:\users\Jon and Heather\AppData\Local\{10D6BBC7-284D-49ED-87E2-CFCB5F48F44A}
2011-04-27 19:57 . 2011-04-27 20:39 -------- d-----w- c:\users\Jon and Heather\AppData\Local\ImprudenceExperimental
2011-04-27 19:57 . 2011-04-27 20:05 -------- d-----w- c:\users\Jon and Heather\AppData\Roaming\Imprudence
2011-04-27 19:55 . 2011-04-27 19:56 -------- d-----w- c:\program files (x86)\ImprudenceExperimental
2011-04-27 11:47 . 2011-04-27 11:47 -------- d-----w- c:\users\Jon and Heather\AppData\Local\{6821BBF7-0C65-42AF-B994-B7E9984FF7D1}
2011-04-26 23:51 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-26 23:51 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-26 23:47 . 2011-04-26 23:47 -------- d-----w- c:\users\Jon and Heather\AppData\Local\{D6E047A3-6B35-448A-B684-04DA9A224732}
2011-04-26 17:19 . 2011-04-26 17:19 -------- d-----w- c:\program files (x86)\Lavalys
2011-04-20 05:43 . 2011-04-20 05:43 -------- d-----w- c:\users\Jon and Heather\AppData\Local\DDMSettings
2011-04-20 05:42 . 2011-04-22 05:12 -------- d-----w- c:\users\Jon and Heather\AppData\Roaming\DivX
2011-04-20 05:41 . 2011-04-20 05:41 -------- d-----w- c:\program files\DivX
2011-04-20 05:41 . 2011-04-20 05:41 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-04-20 05:39 . 2011-04-20 05:42 -------- d-----w- c:\program files (x86)\DivX
2011-04-20 05:39 . 2011-04-20 05:42 -------- d-----w- c:\programdata\DivX
2011-04-20 05:37 . 2011-04-20 05:37 -------- d-----w- c:\program files (x86)\FoxTabFlvPlayer
2011-04-13 08:30 . 2011-04-13 08:30 -------- d-----w- c:\users\Jon and Heather\AppData\Local\{5E7FCA4F-43D4-42A5-B522-8AC86E76179D}
2011-04-13 05:46 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-13 05:46 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-13 05:46 . 2011-02-18 10:56 613376 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 05:46 . 2011-02-18 05:43 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-13 05:46 . 2011-03-03 03:52 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-04-13 05:44 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-04-13 05:44 . 2011-03-08 06:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-13 05:44 . 2011-03-08 05:28 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-13 05:44 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-04-13 05:44 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2011-04-13 05:44 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2011-04-13 05:44 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-04-13 05:44 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2011-04-13 05:44 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2011-04-13 05:44 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2011-04-13 05:44 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-13 05:43 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 05:43 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-13 05:43 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-13 05:43 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-07 23:10 . 2011-04-07 23:10 -------- d-----w- c:\users\Jon and Heather\AppData\Roaming\Registry Mechanic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 03:43 . 2011-02-07 22:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-03-11 22:42 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-26 23:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-26 23:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-24 23:35 . 2011-02-24 23:34 16384 ----a-w- c:\windows\SysWow64\lgfwunis.exe
2011-02-24 23:30 . 2011-02-24 23:30 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-02-24 23:30 . 2011-02-24 23:30 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-02-24 23:30 . 2011-02-24 23:30 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-02-23 23:12 . 2011-02-23 23:12 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-02-23 22:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-23 22:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-19 20:33 . 2011-02-19 20:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-19 12:05 . 2011-03-08 23:37 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-08 23:37 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-08 23:37 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-08 23:37 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-08 23:37 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-09 18:35 . 2011-02-09 18:35 4792832 ----a-w- c:\windows\system32\ffdshow.ax
2011-02-09 17:48 . 2011-02-09 17:48 4300631 ----a-w- c:\windows\system32\ffmpeg.dll
2011-02-09 17:09 . 2011-02-09 17:09 990892 ----a-w- c:\windows\system32\ffmpegmt.dll
2011-02-07 18:00 . 2011-02-07 18:00 925667 ----a-w- c:\windows\SysWow64\ffmpegmt.dll
2011-02-07 18:00 . 2011-02-07 18:00 721798 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-02-07 18:00 . 2011-02-07 18:00 65024 ----a-w- c:\windows\SysWow64\FLT_ffdshow.dll
2011-02-07 18:00 . 2011-02-07 18:00 3669504 ----a-w- c:\windows\SysWow64\ffdshow.ax
2011-02-07 18:00 . 2011-02-07 18:00 336384 ----a-w- c:\windows\SysWow64\ff_libfaad2.dll
2011-02-07 18:00 . 2011-02-07 18:00 324096 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll
2011-02-07 18:00 . 2011-02-07 18:00 216576 ----a-w- c:\windows\SysWow64\ff_libdts.dll
2011-02-07 18:00 . 2011-02-07 18:00 1529856 ----a-w- c:\windows\SysWow64\ff_samplerate.dll
2011-02-07 18:00 . 2011-02-07 18:00 151552 ----a-w- c:\windows\SysWow64\ff_libmad.dll
2011-02-07 18:00 . 2011-02-07 18:00 145408 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll
2011-02-07 18:00 . 2011-02-07 18:00 140800 ----a-w- c:\windows\SysWow64\ff_unrar.dll
2011-02-07 18:00 . 2011-02-07 18:00 121856 ----a-w- c:\windows\SysWow64\ff_liba52.dll
2011-02-07 18:00 . 2011-02-07 18:00 100864 ----a-w- c:\windows\SysWow64\ff_wmv9.dll
2011-02-07 17:45 . 2011-02-07 17:45 80896 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-02-07 17:39 . 2011-02-07 17:39 4166551 ----a-w- c:\windows\SysWow64\ffmpeg.dll
2011-01-29 04:14 . 2005-12-07 12:48 4573184 ----a-w- c:\program files (x86)\SAMBC.exe
2005-12-09 05:51 . 2011-01-29 04:13 10240 ----a-w- c:\program files (x86)\sam.broadcaster.3.x.x.crack-tsrh.exe
2005-12-07 12:48 . 2011-01-29 04:14 4573184 ----a-w- c:\program files (x86)\SAMBC.exe.BAK
2004-12-12 16:05 . 2011-01-29 04:06 1523796 ----a-w- c:\program files (x86)\fbclient.dll
2004-10-17 15:11 . 2004-10-17 15:11 213 ----a-w- c:\program files (x86)\restore_firebird.bat
2000-08-28 18:19 . 2011-01-29 04:06 401462 ----a-w- c:\program files (x86)\msvcp60.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-14 03:58 3913000 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-14 03:58 3913000 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-11-14 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-14 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"RegistryMechanic"="c:\program files (x86)\Registry Mechanic\RMTray.exe" [2009-10-14 292824]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2010-11-12 338296]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-02-24 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-02-23 21712]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-02-03 1038088]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 19:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2716216]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
FF - ProfilePath - c:\users\Jon and Heather\AppData\Roaming\Mozilla\Firefox\Profiles\2lskmci7.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49167
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-SAM3 - c:\program files (x86)\uninstall.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{4183655A-5FC6-4A23-A804-7764145EC57C}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.468.0"
"UniqueId"="0012000F4D41CA2F"
"ScannerBuild"=dword:00001672
"ScannerVersionId"=dword:00001175
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000007
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-06 18:18:18
ComboFix-quarantined-files.txt 2011-05-06 23:18
.
Pre-Run: 144,897,187,840 bytes free
Post-Run: 146,088,402,944 bytes free
.
- - End Of File - - F65E1D7B0C32D9F1AAAFF5360767ACC7

dragonfell

Unborn
Unborn

Posts : 4
Joined : 2011-05-07
Operating System : windows 7 64

View user profile

Back to top Go down

Re: I have Essential Cleaner ANTIVIRUS on my computer..

Post by Belahzur on Sun 08 May 2011, 12:47 am

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Firefox::
    FF - ProfilePath - c:\users\Jon and Heather\AppData\Roaming\Mozilla\Firefox\Profiles\2lskmci7.default\
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 49167
    FF - prefs.js: network.proxy.type - 0
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: I have Essential Cleaner ANTIVIRUS on my computer..

Post by dragonfell on Sun 08 May 2011, 7:56 am

Here is the updated log

ComboFix 11-05-06.05 - Jon and Heather 05/07/2011 15:49:38.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2092 [GMT -5:00]
Running from: c:\users\Jon and Heather\Desktop\Com-boFix.exe
Command switches used :: c:\users\Jon and Heather\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-07 20:53 . 2011-05-07 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-07 20:47 . 2011-05-07 20:48 -------- d-----w- C:\Com-boFix
2011-05-07 00:38 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27E11ECC-0793-4A90-A7DE-2CE35FCD9DE0}\mpengine.dll
2011-05-06 23:21 . 2011-05-06 23:21 -------- d-----w- C:\_OTL
2011-05-06 22:45 . 2011-05-06 22:45 -------- d-----w- c:\users\Jon and Heather\AppData\Local\{E0A5CC01-175B-48E1-99B7-CC887502D24D}
2011-05-02 17:44 . 2011-05-02 17:44 -------- d-----w- c:\users\Jon and Heather\AppData\Local\VS Revo Group
2011-05-02 17:43 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-05-02 17:43 . 2011-05-02 17:43 -------- d-----w- c:\program files\VS Revo Group
2011-05-02 02:54 . 2011-05-02 02:54 -------- d-----w- c:\program files\Logitech
2011-04-30 17:09 . 2011-04-30 17:09 -------- d-----w- c:\users\Jon and Heather\AppData\Local\{10D6BBC7-284D-49ED-87E2-CFCB5F48F44A}
2011-04-27 19:57 . 2011-04-27 20:39 -------- d-----w- c:\users\Jon and Heather\AppData\Local\ImprudenceExperimental
2011-04-27 19:57 . 2011-04-27 20:05 -------- d-----w- c:\users\Jon and Heather\AppData\Roaming\Imprudence
2011-04-27 19:55 . 2011-04-27 19:56 -------- d-----w- c:\program files (x86)\ImprudenceExperimental
2011-04-27 11:47 . 2011-04-27 11:47 -------- d-----w- c:\users\Jon and Heather\AppData\Local\{6821BBF7-0C65-42AF-B994-B7E9984FF7D1}
2011-04-26 23:51 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-26 23:51 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-26 23:47 . 2011-04-26 23:47 -------- d-----w- c:\users\Jon and Heather\AppData\Local\{D6E047A3-6B35-448A-B684-04DA9A224732}
2011-04-26 17:19 . 2011-04-26 17:19 -------- d-----w- c:\program files (x86)\Lavalys
2011-04-20 05:43 . 2011-04-20 05:43 -------- d-----w- c:\users\Jon and Heather\AppData\Local\DDMSettings
2011-04-20 05:42 . 2011-04-22 05:12 -------- d-----w- c:\users\Jon and Heather\AppData\Roaming\DivX
2011-04-20 05:41 . 2011-04-20 05:41 -------- d-----w- c:\program files\DivX
2011-04-20 05:41 . 2011-04-20 05:41 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2011-04-20 05:39 . 2011-04-20 05:42 -------- d-----w- c:\program files (x86)\DivX
2011-04-20 05:39 . 2011-04-20 05:42 -------- d-----w- c:\programdata\DivX
2011-04-20 05:37 . 2011-04-20 05:37 -------- d-----w- c:\program files (x86)\FoxTabFlvPlayer
2011-04-13 08:30 . 2011-04-13 08:30 -------- d-----w- c:\users\Jon and Heather\AppData\Local\{5E7FCA4F-43D4-42A5-B522-8AC86E76179D}
2011-04-13 05:46 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-13 05:46 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-13 05:46 . 2011-02-18 10:56 613376 ----a-w- c:\windows\system32\vbscript.dll
2011-04-13 05:46 . 2011-02-18 05:43 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-13 05:46 . 2011-03-03 03:52 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-04-13 05:44 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-04-13 05:44 . 2011-03-08 06:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-13 05:44 . 2011-03-08 05:28 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-13 05:44 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2011-04-13 05:44 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2011-04-13 05:44 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll
2011-04-13 05:44 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-04-13 05:44 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe
2011-04-13 05:44 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi
2011-04-13 05:44 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe
2011-04-13 05:44 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-13 05:43 . 2011-02-23 04:56 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 05:43 . 2011-02-23 04:55 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-13 05:43 . 2011-02-23 04:55 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-13 05:43 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-07 23:10 . 2011-04-07 23:10 -------- d-----w- c:\users\Jon and Heather\AppData\Roaming\Registry Mechanic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-02 03:43 . 2011-02-07 22:21 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-03-11 22:42 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-26 23:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-26 23:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-24 23:35 . 2011-02-24 23:34 16384 ----a-w- c:\windows\SysWow64\lgfwunis.exe
2011-02-24 23:30 . 2011-02-24 23:30 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-02-24 23:30 . 2011-02-24 23:30 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-02-24 23:30 . 2011-02-24 23:30 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-02-23 23:12 . 2011-02-23 23:12 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2011-02-23 22:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-23 22:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-02-19 20:33 . 2011-02-19 20:33 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-02-19 12:05 . 2011-03-08 23:37 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-08 23:37 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-08 23:37 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-08 23:37 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-08 23:37 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-09 18:35 . 2011-02-09 18:35 4792832 ----a-w- c:\windows\system32\ffdshow.ax
2011-02-09 17:48 . 2011-02-09 17:48 4300631 ----a-w- c:\windows\system32\ffmpeg.dll
2011-02-09 17:09 . 2011-02-09 17:09 990892 ----a-w- c:\windows\system32\ffmpegmt.dll
2011-02-07 18:00 . 2011-02-07 18:00 925667 ----a-w- c:\windows\SysWow64\ffmpegmt.dll
2011-02-07 18:00 . 2011-02-07 18:00 721798 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-02-07 18:00 . 2011-02-07 18:00 65024 ----a-w- c:\windows\SysWow64\FLT_ffdshow.dll
2011-02-07 18:00 . 2011-02-07 18:00 3669504 ----a-w- c:\windows\SysWow64\ffdshow.ax
2011-02-07 18:00 . 2011-02-07 18:00 336384 ----a-w- c:\windows\SysWow64\ff_libfaad2.dll
2011-02-07 18:00 . 2011-02-07 18:00 324096 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll
2011-02-07 18:00 . 2011-02-07 18:00 216576 ----a-w- c:\windows\SysWow64\ff_libdts.dll
2011-02-07 18:00 . 2011-02-07 18:00 1529856 ----a-w- c:\windows\SysWow64\ff_samplerate.dll
2011-02-07 18:00 . 2011-02-07 18:00 151552 ----a-w- c:\windows\SysWow64\ff_libmad.dll
2011-02-07 18:00 . 2011-02-07 18:00 145408 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll
2011-02-07 18:00 . 2011-02-07 18:00 140800 ----a-w- c:\windows\SysWow64\ff_unrar.dll
2011-02-07 18:00 . 2011-02-07 18:00 121856 ----a-w- c:\windows\SysWow64\ff_liba52.dll
2011-02-07 18:00 . 2011-02-07 18:00 100864 ----a-w- c:\windows\SysWow64\ff_wmv9.dll
2011-02-07 17:45 . 2011-02-07 17:45 80896 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-02-07 17:39 . 2011-02-07 17:39 4166551 ----a-w- c:\windows\SysWow64\ffmpeg.dll
2011-01-29 04:14 . 2005-12-07 12:48 4573184 ----a-w- c:\program files (x86)\SAMBC.exe
2005-12-09 05:51 . 2011-01-29 04:13 10240 ----a-w- c:\program files (x86)\sam.broadcaster.3.x.x.crack-tsrh.exe
2005-12-07 12:48 . 2011-01-29 04:14 4573184 ----a-w- c:\program files (x86)\SAMBC.exe.BAK
2004-12-12 16:05 . 2011-01-29 04:06 1523796 ----a-w- c:\program files (x86)\fbclient.dll
2004-10-17 15:11 . 2004-10-17 15:11 213 ----a-w- c:\program files (x86)\restore_firebird.bat
2000-08-28 18:19 . 2011-01-29 04:06 401462 ----a-w- c:\program files (x86)\msvcp60.dll
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2011-01-27 19:28 . 2011-05-06 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-27 19:28 . 2011-05-07 20:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-27 19:28 . 2011-05-07 20:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-27 19:28 . 2011-05-06 23:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-14 03:58 3913000 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-14 03:58 3913000 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-11-14 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-14 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"RegistryMechanic"="c:\program files (x86)\Registry Mechanic\RMTray.exe" [2009-10-14 292824]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2010-11-12 338296]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2011-02-24 557056]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-02-23 21712]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-02-03 1038088]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-29 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 19:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2716216]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
FF - ProfilePath - c:\users\Jon and Heather\AppData\Roaming\Mozilla\Firefox\Profiles\2lskmci7.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{4183655A-5FC6-4A23-A804-7764145EC57C}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.468.0"
"UniqueId"="0012000F4D41CA2F"
"ScannerBuild"=dword:00001672
"ScannerVersionId"=dword:00001175
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000007
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components]
@Denied: (Full) (Everyone)
@Denied: (Full) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
@="Microsoft Windows Media Player"
"Version"="12,0,7601,17514"
"IsInstalled"=dword:00000000
"ComponentID"="WMPACCESS"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"
"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /ShowWMP"
"DontAsk"=dword:00000002
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
@="Internet Explorer"
"Version"="8,0,7100,0"
"IsInstalled"=dword:00000001
"ComponentID"="IEACCESS"
"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-21"
"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -UserIconConfig"
"Dontask"=dword:00000002
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
@="Browser Customizations"
"IsInstalled"=dword:00000001
"Version"="8,0,7100,0"
"ComponentiD"="BRANDING.CAB"
"LocalizedName"="@c:\\Windows\\SysWOW64\\iedkcs32.dll,-3052"
"StubPath"="\"c:\\Windows\\SysWOW64\\rundll32.exe\" \"c:\\Windows\\SysWOW64\\iedkcs32.dll\",BrandIEActiveSetup SIGNUP"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@="Java (Sun)"
"ComponentID"="JAVAVM"
"IsInstalled"=dword:00000001
"KeyFileName"="c:\\Program Files (x86)\\Java\\jre6\\bin\\regutils.dll"
"Version"="5,0,5000,0"
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
@="LightScribe Control Panel"
"Version"="1,5,0,0"
"StubPath"="\"c:\\Program Files (x86)\\Common Files\\LightScribe\\LSRunOnce.exe\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
@="Microsoft Windows Media Player 12.0"
"IsInstalled"=dword:00000001
"Version"="12,0,7601,17514"
"DontAsk"=dword:00000002
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
@="Themes Setup"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\themeui.dll,-2682"
"ComponentID"="Theme Component"
"IsInstalled"=dword:00000001
"Locale"="EN"
"StubPath"=expand:"%SystemRoot%\\system32\\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\\system32\\themeui.dll"
"Version"="1,1,1,9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}]
@="Offline Browsing Pack"
"IsInstalled"=dword:00000001
"Version"="8,0,7601,17514"
"ComponentID"="MobilePk"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"IsInstalled"=dword:00000001
"Dontask"=dword:00000002
"Locale"="*"
"ComponentID"="MailNews"
"CloneUser"=dword:00000001
"StubPath"=expand:"\"%ProgramFiles(x86)%\\Windows Mail\\WinMail.exe\" OCInstallUserConfigOE"
"Version"="6,1,7601,17514"
@="Microsoft Windows"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
@="DirectDrawEx"
"ComponentID"="DirectDrawEx"
"IsInstalled"=dword:00000001
"Locale"="*"
"Version"="4,71,1113,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
@="Internet Explorer Help"
"IsInstalled"=dword:00000001
"Version"="8,0,7601,17514"
"ComponentID"="HelpCont"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
@="Microsoft Windows Script 5.6"
"ComponentID"="MSVBScript"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,6,0,8833"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
@="Internet Explorer Setup Tools"
"IsInstalled"=dword:00000001
"Version"="8,0,7601,17514"
"ComponentID"="GenSetup"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
"KeyFileName"=expand:"%SystemRoot%\\system32\\msieftp.dll"
@="Browsing Enhancements"
"IsInstalled"=dword:00000001
"Version"="8,0,7601,17514"
"ComponentID"="ExtraPack"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
@="Microsoft Windows Media Player"
"IsInstalled"=dword:00000001
"Version"="12,0,7601,17514"
"ComponentID"="Microsoft Windows Media Player"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\wmploc.dll,-128"
"StubPath"=expand:"%SystemRoot%\\system32\\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI"
"DontAsk"=dword:00000002
"Locale"="EN"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
@="MSN Site Access"
"IsInstalled"=dword:00000001
"Version"="4,9,9,2"
"ComponentID"="MSN_Auth"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
@="Address Book 7"
"Version"="6,1,7601,17514"
"IsInstalled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
@=".NET Framework"
"Locale"=""
"ComponentID"=".NETFramework"
"Version"="2,0,50727,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
@="Windows Desktop Update"
"LocalizedName"=expand:"@%SystemRoot%\\system32\\shell32.dll,-32969"
"ComponentID"="IE4_SHELLID"
"IsInstalled"=dword:00000001
"Locale"="en"
"StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll"
"Version"="6,1,7601,17514"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
@="Web Platform Customizations"
"IsInstalled"=dword:00000001
"Version"="8,0,7100,0"
"ComponentID"="BASEIE40_W2K"
"LocalizedName"="@c:\\Windows\\SysWOW64\\ie4uinit.exe,-2000"
"StubPath"="c:\\Windows\\SysWOW64\\ie4uinit.exe -BaseSettings"
"Locale"="en"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
"IsInstalled"=dword:00000001
"ComponentID"="DOTNETFRAMEWORKS"
"StubPath"="c:\\Windows\\SysWOW64\\Rundll32.exe c:\\Windows\\SysWOW64\\mscories.dll,Install"
"DontAsk"=dword:00000002
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
"IsInstalled"=dword:00000001
"Version"="8,0,7601,17514"
"ComponentID"="Tridata"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}]
@="Internet Explorer Core Fonts"
"IsInstalled"=dword:00000001
"Version"="8,0,7601,17136"
"ComponentID"="Fontcore"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
@="HTML Help"
"IsInstalled"=dword:00000001
"Version"="6,1,7601,17514"
"ComponentID"="HTMLHelp"
"Locale"="*"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
"ComponentID"="Yahoo! Messenger"
"IsInstalled"=dword:00000001
"Version"="10.0.0.1270"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
@="Active Directory Service Interface"
"ComponentID"="ADSI"
"IsInstalled"=dword:00000001
"Locale"="EN"
"Version"="5,0,00,0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
"Locale"=""
"Version"="4,0,30319,0"
"ComponentID"=".NETFramework"
@=".NET Framework"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-07 15:55:12
ComboFix-quarantined-files.txt 2011-05-07 20:55
ComboFix2.txt 2011-05-06 23:18
.
Pre-Run: 146,102,308,864 bytes free
Post-Run: 146,054,152,192 bytes free
.
- - End Of File - - 01B643AE9700310D24374BF3156CBEED

dragonfell

Unborn
Unborn

Posts : 4
Joined : 2011-05-07
Operating System : windows 7 64

View user profile

Back to top Go down

Re: I have Essential Cleaner ANTIVIRUS on my computer..

Post by Belahzur on Tue 10 May 2011, 6:48 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: I have Essential Cleaner ANTIVIRUS on my computer..

Post by dragonfell on Tue 10 May 2011, 9:49 am

Belahzur
For some reason i can't get teh eset online scanner to run .. it won't show me the active X pop up .. after i check YES, I accept the Terms of Use.

click start and it does nothing ? any suggestion . i really appreciate your help

dragonfell

Unborn
Unborn

Posts : 4
Joined : 2011-05-07
Operating System : windows 7 64

View user profile

Back to top Go down

Re: I have Essential Cleaner ANTIVIRUS on my computer..

Post by Belahzur on Wed 11 May 2011, 1:38 am

Hello.
Okay, lets do this instead.

Please download the current version of HijackThis from HERE

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: I have Essential Cleaner ANTIVIRUS on my computer..

Post by dragonfell on Wed 11 May 2011, 8:28 am

µTorrent
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.0.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIDA64 Extreme Edition v1.50
Anime Studio Pro 5.6
Avination Viewer
Canon My Printer
Conduit Engine
Connect
D3DX10
Darkest Hour Server
Darkest Hour: Europe '44-'45
Dealio Toolbar v4.3
DivX Setup
EVEREST Ultimate Edition v5.50
Firebird 2.5.0.26074 (Win32)
FoxTab FLV Player (remove only)
FreeArc 0.666
HD Tune Pro 4.60
HiJackThis
Imprudence Viewer 1.4.0 Experimental 2011.04.19
Java(TM) 6 Update 24
kuler
LG CyberLink LabelPrint
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink PowerDVD
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG CyberLink PowerProducer
LG CyberLink YouCam
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Power Tools
LG Power Tools
LightScribe System Software
Logitech Vid HD
Mare Nostrum
Media Player Codec Pack 3.9.8
Messenger Companion
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MozBackup 1.4.10
Mozilla Firefox 4.0.1 (x86 en-US)
MSI to redistribute MS VS2005 CRT libraries
MSVCRT
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
PDF Settings CS4
Phoenix Viewer 1.5.2.1050
Photoshop Camera Raw
PowerISO
Red Orchestra: Ostfront 41-45
RedOrchestra SDK Beta
Registry Mechanic 9.0
SAM3 (remove only)
Search Toolbar
SecondLifeViewer2 (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SHOUTcast DSP Plug-in v2
Steam
Suite Shared Configuration CS4
Uniblue DriverScanner
Unknown Device Identifier 7.00
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinZip 15.0
Yahoo! Messenger
ZBrush 4
ZBrush 4


dragonfell

Unborn
Unborn

Posts : 4
Joined : 2011-05-07
Operating System : windows 7 64

View user profile

Back to top Go down

Re: I have Essential Cleaner ANTIVIRUS on my computer..

Post by Belahzur on Wed 11 May 2011, 8:46 am

Hello.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    µTorrent
    uTorrentBar Toolbar

  • Click on the Uninstall/Change button at the top.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: I have Essential Cleaner ANTIVIRUS on my computer..

Post by Sponsored content Today at 9:43 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum