1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Registry Probs -Windows 7x64 Home premium

Discussion in 'Windows 7' started by artinusa, 2010/09/27.

  1. 2010/09/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  2. 2010/09/27
    artinusa

    artinusa Inactive Thread Starter

    Joined:
    2009/12/07
    Messages:
    42
    Likes Received:
    0
    Says its incompatible with my system only for XP ..didnt catch the rest
     

  3. to hide this advert.

  4. 2010/09/27
    artinusa

    artinusa Inactive Thread Starter

    Joined:
    2009/12/07
    Messages:
    42
    Likes Received:
    0
    Says its incompatible with my system only for XP and workstation 2000 ..didnt catch the rest
     
  5. 2010/09/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Oooops, it's 64-bit. Won't run there.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  6. 2010/09/27
    artinusa

    artinusa Inactive Thread Starter

    Joined:
    2009/12/07
    Messages:
    42
    Likes Received:
    0
    Thanks
     
    Last edited: 2010/09/27
  7. 2010/09/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Like?

    I still need OTL.txt
     
  8. 2010/09/27
    artinusa

    artinusa Inactive Thread Starter

    Joined:
    2009/12/07
    Messages:
    42
    Likes Received:
    0
    OTL.txt


    Text far too long over 360,000 having to try and guess slit to 55000 chrs
    Please take care very sensitive information here:

    OTL logfile created on: 27/09/2010 10:45:49 PM - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\art\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 453.96 Gb Total Space | 121.68 Gb Free Space | 26.81% Space Free | Partition Type: NTFS
    Drive D: | 11.70 Gb Total Space | 2.14 Gb Free Space | 18.25% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    Drive G: | 232.78 Gb Total Space | 43.98 Gb Free Space | 18.89% Space Free | Partition Type: NTFS
    Drive H: | 232.88 Gb Total Space | 81.61 Gb Free Space | 35.04% Space Free | Partition Type: NTFS
    I: Drive not present or media not loaded

    Computer Name: ART-PC
    Current User Name: art
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/09/27 22:41:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\art\Desktop\OTL.exe
    PRC - [2009/12/23 18:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    PRC - [2009/12/08 16:10:24 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
    PRC - [2009/03/12 22:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything 2\Everything.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/09/27 22:41:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\art\Desktop\OTL.exe
    MOD - [2010/04/09 01:26:12 | 000,277,240 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
    MOD - [2010/03/08 18:33:56 | 000,427,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll
    MOD - [2009/10/20 19:35:08 | 000,154,128 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\scrchpg.dll
    MOD - [2009/10/20 19:34:54 | 000,033,808 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klscav.dll
    MOD - [2009/07/13 22:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
    MOD - [2009/07/13 22:16:19 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wmiutils.dll
    MOD - [2009/07/13 22:16:17 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbemcomn.dll
    MOD - [2009/07/13 22:16:17 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemdisp.dll
    MOD - [2009/07/13 22:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemsvc.dll
    MOD - [2009/07/13 22:16:17 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\wbemprox.dll
    MOD - [2009/07/13 22:16:15 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sxs.dll
    MOD - [2009/07/13 22:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
    MOD - [2009/07/13 22:16:11 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdsapi.dll
    MOD - [2009/07/13 22:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
    MOD - [2009/07/13 22:15:21 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fltLib.dll
    MOD - [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\fastprox.dll
    MOD - [2009/07/13 22:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
    MOD - [2009/07/13 22:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
    MOD - [2009/06/10 18:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\nlssrv32.exe -- (nlsX86cc)
    SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
    SRV:64bit: - [2010/05/11 22:42:42 | 002,532,680 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
    SRV:64bit: - [2009/11/04 12:25:35 | 001,038,088 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2009/10/23 04:44:42 | 002,430,304 | ---- | M] (Diskeeper Corporation) [On_Demand | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV:64bit: - [2009/08/10 17:01:06 | 000,206,880 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
    SRV:64bit: - [2009/07/13 22:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
    SRV:64bit: - [2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WinDefend)
    SRV:64bit: - [2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (Pml Driver HPZ12)
    SRV:64bit: - [2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (Net Driver HPZ12)
    SRV:64bit: - [2009/03/27 15:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV - [2010/09/22 22:51:05 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)
    SRV - [2010/08/18 14:23:47 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
    SRV - [2010/07/28 00:06:35 | 000,008,192 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
    SRV - [2010/04/29 12:19:20 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' 142\mbamservice.exe -- (MBAMService)
    SRV - [2010/03/18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/12/23 18:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2009/12/08 16:10:24 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
    SRV - [2009/11/13 16:18:28 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/11/05 22:37:32 | 002,326,920 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2009/09/12 17:32:46 | 000,891,432 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2009/09/01 17:32:12 | 000,087,344 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
    SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009/05/22 15:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/05/20 15:49:48 | 000,325,632 | ---- | M] (Nakido) [Disabled | Stopped] -- C:\Program Files (x86)\Nakido\nakido.exe -- (Nakido)
    SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
    SRV - [2008/09/16 13:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
    SRV - [2005/11/17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
    DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
    DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
    DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\ssidrv.sys -- (ssidrv)
    DRV:64bit: - File not found [Kernel | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
    DRV:64bit: - [2010/06/11 13:51:38 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/04/29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2010/04/09 01:25:40 | 000,019,840 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
    DRV:64bit: - [2009/11/11 16:35:26 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
    DRV:64bit: - [2009/11/05 23:21:55 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2009/11/05 22:37:33 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
    DRV:64bit: - [2009/11/05 22:37:29 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
    DRV:64bit: - [2009/11/05 22:37:27 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2009/11/05 22:37:12 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2009/11/03 16:33:44 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
    DRV:64bit: - [2009/10/20 10:04:36 | 000,051,120 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
    DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
    DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
    DRV:64bit: - [2009/09/21 21:26:10 | 000,054,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
    DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
    DRV:64bit: - [2009/08/13 16:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/07/31 01:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
    DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 17:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 17:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/12/09 11:59:28 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\elrawdsk.sys -- (ElRawDisk)
    DRV - [2010/05/06 17:10:20 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/02/10 18:23:10 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
    DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
    DRV - [2006/11/02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WimFltr.sys -- (WimFltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Presario&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Presario&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_CA&c=94&bd=Presario&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Search "
    FF - prefs.js..browser.search.defaulturl: "http://www.chameleonsearch.com/search.php?src=tops&q= "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial "
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
    FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3
    FF - prefs.js..extensions.enabledItems: {1f91cde0-c040-11da-a94d-0800200c9a66}:3.2.2
    FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.2
    FF - prefs.js..extensions.enabledItems: Dcurrency@Dcurrency.fr:0.4.0
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.31
    FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
    FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.6.0
    FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
    FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
    FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
    FF - prefs.js..extensions.enabledItems: {d9b25e30-c1cf-11de-8a39-0800200c9a66}:3.6.4
    FF - prefs.js..keyword.URL: "http://www.google.com.my/search?q= "
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/07/06 21:50:37 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/07 22:42:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 3.6\components [2010/09/25 00:21:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 3.6\plugins [2010/09/26 16:19:14 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/09/19 17:46:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/09/01 14:57:22 | 000,000,000 | ---D | M]

    [2010/06/25 13:05:35 | 000,000,000 | ---D | M] -- C:\Users\art\AppData\Roaming\Mozilla\Extensions
    [2010/06/25 13:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\art\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/05/12 12:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\art\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
    [2009/11/07 11:57:35 | 000,000,000 | ---D | M] -- C:\Users\art\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2010/02/22 14:32:18 | 000,000,000 | ---D | M] -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
    [2009/12/06 16:48:50 | 000,000,000 | ---D | M] -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Dcurrency@Dcurrency.fr
    [2010/04/28 12:08:25 | 000,000,000 | ---D | M] -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
    [2010/02/22 14:32:18 | 000,000,000 | ---D | M] -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins
    [2010/04/28 12:08:26 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2010/04/28 12:08:26 | 000,000,000 | ---D | M] -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\jdsp3e14.default\extensions
    [2010/04/28 12:08:27 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\jdsp3e14.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2010/09/27 19:31:19 | 000,000,000 | ---D | M] -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions
    [2010/09/20 20:51:21 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2010/07/14 23:00:01 | 000,000,000 | ---D | M] (RSS Ticker) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}
    [2010/07/14 23:00:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}-trash
    [2010/09/11 16:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    [2010/08/17 16:20:37 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
    [2010/06/21 22:32:34 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
    [2010/09/23 09:53:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010/02/21 23:23:14 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
    [2010/02/22 15:40:20 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
    [2010/03/22 11:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{a756d17a-5a4c-4417-813c-c8cd0151e486}
    [2010/02/21 23:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
    [2010/08/18 19:50:08 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2010/08/18 19:50:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/08/26 20:24:44 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/08/09 00:19:24 | 000,000,000 | ---D | M] (Aero Fox III) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}
    [2010/07/12 20:44:39 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2010/04/09 09:59:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/05/13 22:46:59 | 000,000,000 | ---D | M] (UnMHT) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
    [2010/04/16 15:28:26 | 000,000,000 | ---D | M] -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\Dcurrency@Dcurrency.fr
    [2010/06/26 09:53:36 | 000,000,000 | ---D | M] -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\netvideohunter@netvideohunter.com
    [2010/08/09 00:19:10 | 000,000,000 | ---D | M] -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\opensearch@ask.com
    [2010/08/20 23:59:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\browser\extensions
    [2010/08/20 23:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\mac\mozapps\extensions
    [2010/08/20 23:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\browser\extensions
    [2010/08/09 00:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\extensions\{d9b25e30-c1cf-11de-8a39-0800200c9a66}\chrome\win\mozapps\extensions
    [2010/05/12 12:21:32 | 000,000,000 | ---D | M] -- C:\Users\art\AppData\Roaming\Mozilla\SeaMonkey\Profiles\5150vrgg.default\extensions
    [2010/07/02 16:03:22 | 000,002,059 | ---- | M] () -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\searchplugins\daemon-search.xml
    [2010/02/22 15:36:21 | 000,001,218 | ---- | M] () -- C:\Users\art\AppData\Roaming\Mozilla\Firefox\Profiles\xdcfba3t.Default User\searchplugins\the-register-website.xml
    [2010/08/26 16:08:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/01/29 13:28:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    [2009/12/21 02:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2010/09/26 14:40:54 | 000,008,912 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: Copyright (c) 1993-1999 Microsoft Corp.
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 119.42.146.35
    O1 - Hosts: 127.0.0.1 www.adobeereg.com
    O1 - Hosts: 127.0.0.1 ad.doubleclick.net
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
    O1 - Hosts: 127.0.0.1 forum.alcohol-soft.com
    O1 - Hosts: 156 more lines...
    O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' 142\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RegistryMechanic] File not found
    O4 - Startup: C:\Users\art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegVac.lnk = C:\Program Files (x86)\RegVac Registry Cleaner\regvac.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyGames = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
    O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
    O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
    O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
    O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
     
  9. 2010/09/27
    artinusa

    artinusa Inactive Thread Starter

    Joined:
    2009/12/07
    Messages:
    42
    Likes Received:
    0
    Nero issues

    I appreciate your help
     
    Last edited: 2010/09/27
  10. 2010/09/27
    artinusa

    artinusa Inactive Thread Starter

    Joined:
    2009/12/07
    Messages:
    42
    Likes Received:
    0
    Is there any other way I can do this I hate showing all these details online..its not secure..

    I am wide open for all sorts of probs if this is data is used by the wrong persons..do you understand?
     
    Last edited: 2010/09/27
  11. 2010/09/27
    artinusa

    artinusa Inactive Thread Starter

    Joined:
    2009/12/07
    Messages:
    42
    Likes Received:
    0
    I will wait for a reassurance that this data is private..
     
  12. 2010/09/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I just PMed you.
    You can edit/delete both OTL.txt parts, you posted.
     
  13. 2010/09/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      [HKEY_CLASSES_ROOT\.ape]
      @=-
      [-HKEY_CLASSES_ROOT\.ape\Nero.MediaHub.10.ape.1]
      
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
  14. 2010/09/27
    artinusa

    artinusa Inactive Thread Starter

    Joined:
    2009/12/07
    Messages:
    42
    Likes Received:
    0
    Completed.. thnaks...last line is interesting


    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_CLASSES_ROOT\.ape\\@ not found.
    Registry delete failed. HKEY_CLASSES_ROOT\.ape\Nero.MediaHub.10.ape.1\ scheduled to be deleted on reboot.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: ADMINI~1
    ->Temp folder emptied: 32142 bytes

    User: All Users

    User: AppData

    User: art
    ->Temp folder emptied: 3649686987 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 15493866 bytes
    ->FireFox cache emptied: 60000447 bytes
    ->Flash cache emptied: 710 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Taxes Art and Donna 2009 and before

    User: webpage idea multi drop

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 123805187 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 262840 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49664 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 54969 bytes
    RecycleBin emptied: 78 bytes

    Total Files Cleaned = 3,671.00 mb


    [EMPTYFLASH]

    User: ADMINI~1

    User: All Users

    User: AppData

    User: art
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Taxes Art and Donna 2009 and before

    User: webpage idea multi drop

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.14.1 log created on 09282010_002555

    Files\Folders moved on Reboot...
    C:\Users\art\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
    Registry delete failed. HKEY_CLASSES_ROOT\.ape\Nero.MediaHub.10.ape.1\ scheduled to be deleted on reboot.
     
  15. 2010/09/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    See, if this:
    HKEY_CLASSES_ROOT\.ape\Nero.MediaHub.10.ape.1
    is still in your registry.
     
  16. 2010/09/28
    artinusa

    artinusa Inactive Thread Starter

    Joined:
    2009/12/07
    Messages:
    42
    Likes Received:
    0
    Sadly it is still there along with all the others and a bunch of new ones not related to Nero..can not tell.....all that work you did seems to have been negated..I just wonder how the entries got to be in there...

    Is there anyway that hive can be deleted and set to a rebuilt to default or is it sort of live and gets built as programs register.

    I have some very old full reg files would there be any purpose trying to use them..does the information in the registry backup file get replaced or simply merged..? I have only one new restore point
     
  17. 2010/09/28
    markmadras

    markmadras Banned

    Joined:
    2010/08/23
    Messages:
    1,529
    Likes Received:
    105
    I've just successfully uninstalled Nero 10 and installed Nero 8 with no problems.

    Sorry it's a bit late in the day but this may solve your problem.

    It seemed odd to me that there is a Nero uninstall/clean tool for previous versions but not one for Nero 10. Then I found out why, there is an uninstall feature built in to the installation disc. You will probably have to reinstall in order to use this now. The choice to install or uninstall appears during the early part of the installation process, about 5 minutes into the task.

    Having uninstalled I then ran Windows 7 manager to do a registry clean and it found all the remaining Nero registry entries and deleted them without a hitch.

    As far as I could see the only entry left in the registry was INero..... can't remember the rest of it.

    I think the Nero clean tool is for earlier versions.

    Your problem now will probably be trying to re-install so that you can run the uninstall, not sure what will happen if you try to run uninstall without the full application being installed. Atleast my experience may help in the future.

    Perhaps a 'system restore' will get you back to square one.
     
    Last edited: 2010/09/28
  18. 2010/09/28
    artinusa

    artinusa Inactive Thread Starter

    Joined:
    2009/12/07
    Messages:
    42
    Likes Received:
    0
    Thank for the info I am sure I can use that at some time..meanwhile I am stuck with some Nero keys ..Broni has worked hard with me on this and perhaps soon we may have a result..watch this space..
     
  19. 2010/09/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Something strange here....

    Let's see, if we can remove a whole key.
    Create new restore point.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      [-HKEY_CLASSES_ROOT\.ape]
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
  20. 2010/09/28
    artinusa

    artinusa Inactive Thread Starter

    Joined:
    2009/12/07
    Messages:
    42
    Likes Received:
    0
    Nero Issues

    The OTL is sitting at the .ape key and doing nothing..this is a different computer..how long should I let it sit like this..not responding


    The windows error faded pale screen has just appeared..with OTl showing 'not responding' at the top

    I am going to stop the program..its still showing 'not responding' with the pale windows 7 error screen superimposed..been stuck on .ape key since the start 25 mins ago
     
    Last edited: 2010/09/28
  21. 2010/09/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    See, if you can do it from safe mode.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.