Jump to content

phoney6

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. OTCleanIt didn't remove HyjackThis, ADW or JRT, but I got them uninstalled by other methods. Thanks for all your help.
  2. No problems running the scans and the computer still seems to be better. Logs below... MBAB-log Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.30.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Denver :: DENVER-HP [administrator] 10/29/2013 9:56:42 PM mbam-log-2013-10-29 (21-56-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202570 Time elapsed: 3 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ******************************************** ******************************************** ******************************************** Hyjack This Log... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:01:32 PM, on 10/29/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16720) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Denver\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun O4 - HKLM\..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_59F273143038766BA4D32116667DDF5A] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11784 bytes
  3. No problems running the script and I still have not had any new issue with the computer. Log below... ComboFix 13-10-28.01 - Denver 10/29/2013 19:51:45.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.2059 [GMT -4:00] Running from: c:\users\Denver\Desktop\ComboFix.exe Command switches used :: c:\users\Denver\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Sendori c:\program files (x86)\Sendori\DynLib.dll c:\program files (x86)\Sendori\freebl3.dll c:\program files (x86)\Sendori\install.log c:\program files (x86)\Sendori\Interop.PCProxyLib.dll c:\program files (x86)\Sendori\libnspr4.dll c:\program files (x86)\Sendori\libplc4.dll c:\program files (x86)\Sendori\libplds4.dll c:\program files (x86)\Sendori\nss3.dll c:\program files (x86)\Sendori\nssckbi.dll c:\program files (x86)\Sendori\nssdbm3.dll c:\program files (x86)\Sendori\nssutil3.dll c:\program files (x86)\Sendori\PAD_FILE.xml c:\program files (x86)\Sendori\sendori-win-upgrader.exe c:\program files (x86)\Sendori\Sendori.dll c:\program files (x86)\Sendori\Sendori.Library.dll c:\program files (x86)\Sendori\Sendori.Service.exe c:\program files (x86)\Sendori\sendori32.sys c:\program files (x86)\Sendori\sendori32.sys.win7 c:\program files (x86)\Sendori\SendoriControl.exe c:\program files (x86)\Sendori\SendoriLSP.exe c:\program files (x86)\Sendori\SendoriLSP.ini c:\program files (x86)\Sendori\SendoriLSP64.exe c:\program files (x86)\Sendori\SendoriSvc.exe c:\program files (x86)\Sendori\SendoriTray.exe c:\program files (x86)\Sendori\SendoriUp.exe c:\program files (x86)\Sendori\smime3.dll c:\program files (x86)\Sendori\sndappv2.exe c:\program files (x86)\Sendori\SndCertDLL.dll c:\program files (x86)\Sendori\softokn3.dll c:\program files (x86)\Sendori\SpOrder.dll c:\program files (x86)\Sendori\sqlite3.dll c:\program files (x86)\Sendori\ssl3.dll c:\program files (x86)\Sendori\Uninstall.exe c:\programdata\Sendori c:\programdata\Sendori\config.sendori c:\programdata\Sendori\Logo.ico c:\programdata\Sendori\sendori.log . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Application Sendori -------\Service_Service Sendori -------\Service_sndappv2 -------\Service_Application Sendori -------\Service_Service Sendori -------\Service_sndappv2 . . ((((((((((((((((((((((((( Files Created from 2013-09-28 to 2013-10-30 ))))))))))))))))))))))))))))))) . . 2013-10-30 00:18 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{469005AF-A9A3-4035-BEBF-F1950F64B08C}\mpengine.dll 2013-10-30 00:04 . 2013-10-30 00:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-29 01:38 . 2013-10-29 01:38 -------- d-----w- c:\windows\ERUNT 2013-10-29 01:32 . 2013-10-29 01:34 -------- d-----w- C:\AdwCleaner 2013-10-29 00:02 . 2013-10-14 07:12 10280728 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-10-26 19:26 . 2013-10-26 19:26 -------- d-----w- c:\program files\Image Resizer for Windows 2013-10-26 19:26 . 2013-10-26 19:26 -------- d-----w- c:\program files (x86)\Image Resizer for Windows 2013-10-26 19:26 . 2013-10-26 19:26 -------- d-----w- c:\programdata\Package Cache 2013-10-24 23:56 . 2013-10-24 23:56 -------- d-----w- c:\programdata\Nikon 2013-10-21 00:12 . 2013-10-21 00:12 -------- d-----w- c:\windows\Downloaded Installations 2013-10-21 00:12 . 2013-10-21 00:12 -------- d-----w- c:\program files (x86)\Common Files\Nikon 2013-10-21 00:11 . 2013-10-21 00:12 -------- d-----w- c:\program files\Common Files\Nikon 2013-10-21 00:11 . 2013-10-21 00:13 -------- d-----w- c:\program files (x86)\Nikon 2013-10-21 00:11 . 2013-10-21 00:11 -------- d-----w- c:\program files\Nikon 2013-10-21 00:10 . 2013-10-21 00:12 -------- d-----w- c:\programdata\Ultima_T15 2013-10-21 00:10 . 2013-10-21 00:12 -------- d-----w- c:\programdata\EnterNHelp 2013-10-20 16:58 . 2013-10-20 16:58 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-10-18 16:48 . 2013-10-18 16:48 -------- d-----w- c:\program files\7-Zip 2013-10-18 02:39 . 2013-10-18 02:38 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E30742C-E8C4-4FF0-9568-FD673D187C4D}\gapaengine.dll 2013-10-18 02:39 . 2013-10-13 13:10 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-10-16 01:02 . 2013-10-16 01:02 -------- d-----w- c:\program files\Common Files\DESIGNER 2013-10-16 00:47 . 2013-10-16 00:42 814800 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2013-10-16 00:42 . 2013-10-16 01:02 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft 2013-10-16 00:42 . 2013-10-16 00:42 -------- d-----w- c:\program files\Microsoft Office 2013-10-16 00:37 . 2013-10-16 00:38 -------- d-----w- c:\program files\Microsoft Office 15 2013-10-15 01:52 . 2013-10-07 19:50 325920 ----a-w- c:\windows\SysWow64\Sendori.dll 2013-10-14 03:26 . 2013-10-14 03:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-10-14 03:20 . 2013-10-14 03:20 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-10-14 03:09 . 2013-10-14 03:09 -------- d-----w- c:\program files\Microsoft Silverlight 2013-10-14 03:09 . 2013-10-14 03:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-10-14 03:08 . 2013-10-14 03:20 -------- d-----r- c:\program files (x86)\Skype 2013-10-14 03:03 . 2013-10-14 03:03 -------- d-----w- c:\program files (x86)\VideoLAN 2013-10-14 02:44 . 2013-10-14 02:45 -------- d-----w- C:\totalcmd 2013-10-13 15:42 . 2013-10-13 15:42 -------- d-----w- C:\Brother 2013-10-13 15:42 . 2013-10-13 15:42 -------- d-----w- c:\program files (x86)\Browny02 2013-10-13 15:42 . 2013-10-13 15:42 -------- d-----w- c:\programdata\ControlCenter4 2013-10-13 15:42 . 2013-10-13 15:42 -------- d-----w- c:\program files (x86)\ControlCenter4 2013-10-13 15:42 . 2009-12-08 20:19 290304 ------w- c:\windows\system32\BrfxDA5c.dll 2013-10-13 15:39 . 2013-10-13 15:44 -------- d-----w- c:\programdata\Brother 2013-10-13 13:07 . 2013-10-14 03:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-10-13 13:07 . 2013-10-14 03:08 -------- d-----w- c:\program files\Microsoft Security Client 2013-10-12 12:48 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-10-12 12:48 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-10-12 12:42 . 2013-10-16 01:02 -------- d-----w- c:\program files (x86)\Microsoft.NET 2013-10-12 12:32 . 2013-10-12 12:32 -------- d-----w- c:\windows\SysWow64\Wat 2013-10-12 12:32 . 2013-10-12 12:32 -------- d-----w- c:\windows\system32\Wat 2013-10-12 10:55 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-10-12 07:00 . 2013-10-12 07:00 -------- d-----w- c:\program files (x86)\MSXML 4.0 2013-10-12 06:43 . 2013-10-12 06:43 -------- d-----w- c:\program files (x86)\GUM5CD4.tmp 2013-10-12 06:43 . 2013-10-12 06:43 50053120 ----a-w- c:\program files (x86)\GUT5CD5.tmp 2013-10-12 03:36 . 2013-09-16 04:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71AC94C9-799C-4BD3-8920-D16D51B72AB6}\mpengine.dll 2013-10-12 03:18 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2013-10-12 02:58 . 2013-10-12 02:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-10-12 02:44 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-10-12 02:44 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-10-12 02:44 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-10-12 02:44 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-10-12 02:44 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2013-10-12 02:44 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2013-10-12 02:44 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-10-12 02:40 . 2013-10-12 02:41 -------- d-----w- c:\windows\system32\MRT 2013-10-12 02:39 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-10-12 02:39 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2013-10-12 02:39 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2013-10-12 02:39 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-10-12 02:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2013-10-12 02:35 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2013-10-12 02:34 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll 2013-10-12 02:34 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2013-10-12 02:34 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2013-10-12 02:34 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-10-12 02:34 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-10-12 02:34 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-10-12 02:34 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-10-12 02:34 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll 2013-10-12 02:32 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-10-12 02:31 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2013-10-12 02:30 . 2013-08-01 09:19 265152 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-10-12 02:30 . 2013-08-01 09:19 984512 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-10-12 02:22 . 2013-10-12 02:23 -------- d-----w- c:\programdata\CyberLink 2013-10-12 02:20 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll 2013-10-12 02:18 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2013-10-12 02:18 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2013-10-12 02:15 . 2013-10-12 02:17 -------- d-----w- c:\programdata\Blio 2013-10-12 01:58 . 2013-10-12 01:58 -------- d-----w- c:\program files (x86)\VS Revo Group 2013-10-12 01:37 . 2013-10-14 02:55 -------- d-----w- c:\program files (x86)\Google 2013-10-12 01:36 . 2013-10-12 01:36 -------- d-----w- c:\program files\CCleaner 2013-10-12 01:35 . 2013-10-12 01:35 -------- d-----w- c:\programdata\Malwarebytes 2013-10-12 01:35 . 2013-10-12 01:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-12 01:35 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-12 01:32 . 2013-10-12 01:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-10-12 01:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2013-10-12 01:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2013-10-12 01:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2013-10-12 01:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2013-10-12 01:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2013-10-12 01:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2013-10-12 01:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2013-10-12 01:11 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2013-10-12 01:11 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2013-10-12 01:11 . 2013-10-23 21:36 -------- d-----w- c:\users\Denver . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-21 00:10 . 2003-03-19 02:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL 2013-10-14 15:34 . 2012-03-01 19:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-14 15:34 . 2012-03-01 19:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-12 01:12 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-08-29 01:48 . 2013-10-12 02:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-10-16 00:48 1724616 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-10-16 00:48 1724616 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-10-16 00:48 1724616 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_59F273143038766BA4D32116667DDF5A"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-10-09 844752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-10 630912] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-08-28 143360] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576] "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys;c:\windows\SYSNATIVE\drivers\amdiox64.sys [x] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-18 13:17 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-01 15:34] . 2013-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12 01:37] . 2013-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12 01:37] . 2013-10-29 c:\windows\Tasks\HPCeeScheduleForDenver.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-10-16 00:49 2328264 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-10-16 00:49 2328264 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-10-16 00:49 2328264 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - ExtSQL: 2013-10-11 22:03; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-10-11 22:05; {dc572301-7619-498c-a57d-39143191b318}; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi FF - ExtSQL: 2013-10-11 22:05; {d09e32df-8610-4b33-b929-1e631b764130}; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\{d09e32df-8610-4b33-b929-1e631b764130}.xpi FF - ExtSQL: 2013-10-11 22:05; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi FF - ExtSQL: 2013-10-11 22:05; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} FF - ExtSQL: 2013-10-11 22:05; personas@christopher.beard; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\personas@christopher.beard.xpi FF - ExtSQL: 2013-10-11 22:05; amznUWL2@amazon.com; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\amznUWL2@amazon.com.xpi . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-Sendori Tray - c:\program files (x86)\Sendori\SendoriTray.exe AddRemove-Sendori - c:\program files (x86)\Sendori\Uninstall.exe AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe AddRemove-WildTangentGDF-hp-bals - c:\program files (x86)\HP Games\Web Link - Build-A-Lot Metropolis\Uninstall.exe AddRemove-WildTangentGDF-hp-battlestargalacticaonline - c:\program files (x86)\HP Games\Web Link - Battlestar Galactica Online\Uninstall.exe AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe AddRemove-WildTangentGDF-hp-gunbros - c:\program files (x86)\HP Games\Web Link - Gun Bros\Uninstall.exe AddRemove-WildTangentGDF-hp-itgirl - c:\program files (x86)\HP Games\Web Link - It Girl!\Uninstall.exe AddRemove-WildTangentGDF-hp-mahjonggdarkdimensions - c:\program files (x86)\HP Games\Web Link - Mahjongg Dark Dimensions\Uninstall.exe AddRemove-WildTangentGDF-hp-oddmanor - c:\program files (x86)\HP Games\Web Link - Odd Manor\Uninstall.exe AddRemove-WildTangentGDF-hp-organizedcrime - c:\program files (x86)\HP Games\Web Link - Organized Crime\Uninstall.exe AddRemove-WildTangentGDF-hp-penguinworldsocial - c:\program files (x86)\HP Games\Web Link - Penguin World\Uninstall.exe AddRemove-WildTangentGDF-hp-polarbowlerfacebook - c:\program files (x86)\HP Games\Web Link - Polar Bowler Strike!\Uninstall.exe AddRemove-WildTangentGDF-hp-salonstreetsocial - c:\program files (x86)\HP Games\Web Link - Salon Street\Uninstall.exe AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe AddRemove-WildTangentGDF-hp-shaiya - c:\program files (x86)\HP Games\Web Link - Shaiya\Uninstall.exe AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe c:\program files (x86)\Internet Explorer\IELowutil.exe . ************************************************************************** . Completion time: 2013-10-29 20:37:54 - machine was rebooted ComboFix-quarantined-files.txt 2013-10-30 00:37 ComboFix2.txt 2013-10-29 03:14 . Pre-Run: 574,371,012,608 bytes free Post-Run: 573,940,178,944 bytes free . - - End Of File - - 20D1EA89D9A373CA31396BEE8D761740 A36C5E4F47E84449FF07ED3517B43A31
  4. Here's the log. The computer seems to be fixed. I've tried going to several sites and I havent got the redirected yet. The lastset log is below ComboFix 13-10-28.01 - Denver 10/28/2013 22:41:20.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.2028 [GMT -4:00] Running from: c:\users\Denver\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Frameworks . . ((((((((((((((((((((((((( Files Created from 2013-09-28 to 2013-10-29 ))))))))))))))))))))))))))))))) . . 2013-10-29 02:52 . 2013-10-29 02:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-29 01:38 . 2013-10-29 01:38 -------- d-----w- c:\windows\ERUNT 2013-10-29 01:32 . 2013-10-29 01:34 -------- d-----w- C:\AdwCleaner 2013-10-29 00:02 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0ECED7FD-9A5D-4BC1-8A1E-311C37181D3C}\mpengine.dll 2013-10-27 18:20 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-10-26 19:26 . 2013-10-26 19:26 -------- d-----w- c:\program files\Image Resizer for Windows 2013-10-26 19:26 . 2013-10-26 19:26 -------- d-----w- c:\program files (x86)\Image Resizer for Windows 2013-10-26 19:26 . 2013-10-26 19:26 -------- d-----w- c:\programdata\Package Cache 2013-10-24 23:56 . 2013-10-24 23:56 -------- d-----w- c:\programdata\Nikon 2013-10-21 00:12 . 2013-10-21 00:12 -------- d-----w- c:\windows\Downloaded Installations 2013-10-21 00:12 . 2013-10-21 00:12 -------- d-----w- c:\program files (x86)\Common Files\Nikon 2013-10-21 00:11 . 2013-10-21 00:12 -------- d-----w- c:\program files\Common Files\Nikon 2013-10-21 00:11 . 2013-10-21 00:13 -------- d-----w- c:\program files (x86)\Nikon 2013-10-21 00:11 . 2013-10-21 00:11 -------- d-----w- c:\program files\Nikon 2013-10-21 00:10 . 2013-10-21 00:12 -------- d-----w- c:\programdata\Ultima_T15 2013-10-21 00:10 . 2013-10-21 00:12 -------- d-----w- c:\programdata\EnterNHelp 2013-10-20 16:58 . 2013-10-20 16:58 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-10-18 16:48 . 2013-10-18 16:48 -------- d-----w- c:\program files\7-Zip 2013-10-18 02:39 . 2013-10-18 02:38 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E30742C-E8C4-4FF0-9568-FD673D187C4D}\gapaengine.dll 2013-10-18 02:39 . 2013-10-13 13:10 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-10-16 01:02 . 2013-10-16 01:02 -------- d-----w- c:\program files\Common Files\DESIGNER 2013-10-16 00:47 . 2013-10-16 00:42 814800 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2013-10-16 00:42 . 2013-10-16 01:02 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft 2013-10-16 00:42 . 2013-10-16 00:42 -------- d-----w- c:\program files\Microsoft Office 2013-10-16 00:37 . 2013-10-16 00:38 -------- d-----w- c:\program files\Microsoft Office 15 2013-10-15 01:52 . 2013-10-07 19:50 325920 ----a-w- c:\windows\SysWow64\Sendori.dll 2013-10-15 01:52 . 2013-10-15 01:52 -------- d-----w- c:\programdata\Sendori 2013-10-15 01:52 . 2013-10-15 01:52 -------- d-----w- c:\program files (x86)\Sendori 2013-10-14 03:26 . 2013-10-14 03:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2013-10-14 03:20 . 2013-10-14 03:20 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-10-14 03:09 . 2013-10-14 03:09 -------- d-----w- c:\program files\Microsoft Silverlight 2013-10-14 03:09 . 2013-10-14 03:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-10-14 03:08 . 2013-10-14 03:20 -------- d-----r- c:\program files (x86)\Skype 2013-10-14 03:03 . 2013-10-14 03:03 -------- d-----w- c:\program files (x86)\VideoLAN 2013-10-14 02:44 . 2013-10-14 02:45 -------- d-----w- C:\totalcmd 2013-10-13 15:42 . 2013-10-13 15:42 -------- d-----w- C:\Brother 2013-10-13 15:42 . 2013-10-13 15:42 -------- d-----w- c:\program files (x86)\Browny02 2013-10-13 15:42 . 2013-10-13 15:42 -------- d-----w- c:\programdata\ControlCenter4 2013-10-13 15:42 . 2013-10-13 15:42 -------- d-----w- c:\program files (x86)\ControlCenter4 2013-10-13 15:42 . 2009-12-08 20:19 290304 ------w- c:\windows\system32\BrfxDA5c.dll 2013-10-13 15:39 . 2013-10-13 15:44 -------- d-----w- c:\programdata\Brother 2013-10-13 13:07 . 2013-10-14 03:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2013-10-13 13:07 . 2013-10-14 03:08 -------- d-----w- c:\program files\Microsoft Security Client 2013-10-12 12:48 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-10-12 12:48 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-10-12 12:42 . 2013-10-16 01:02 -------- d-----w- c:\program files (x86)\Microsoft.NET 2013-10-12 12:32 . 2013-10-12 12:32 -------- d-----w- c:\windows\SysWow64\Wat 2013-10-12 12:32 . 2013-10-12 12:32 -------- d-----w- c:\windows\system32\Wat 2013-10-12 10:55 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-10-12 07:00 . 2013-10-12 07:00 -------- d-----w- c:\program files (x86)\MSXML 4.0 2013-10-12 06:43 . 2013-10-12 06:43 -------- d-----w- c:\program files (x86)\GUM5CD4.tmp 2013-10-12 06:43 . 2013-10-12 06:43 50053120 ----a-w- c:\program files (x86)\GUT5CD5.tmp 2013-10-12 03:36 . 2013-09-16 04:50 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71AC94C9-799C-4BD3-8920-D16D51B72AB6}\mpengine.dll 2013-10-12 03:18 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2013-10-12 02:58 . 2013-10-12 02:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-10-12 02:44 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-10-12 02:44 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-10-12 02:44 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-10-12 02:44 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-10-12 02:44 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2013-10-12 02:44 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2013-10-12 02:44 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-10-12 02:40 . 2013-10-12 02:41 -------- d-----w- c:\windows\system32\MRT 2013-10-12 02:39 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-10-12 02:39 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2013-10-12 02:39 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2013-10-12 02:39 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-10-12 02:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2013-10-12 02:35 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2013-10-12 02:34 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll 2013-10-12 02:34 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2013-10-12 02:34 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2013-10-12 02:34 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-10-12 02:34 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-10-12 02:34 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-10-12 02:34 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-10-12 02:34 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll 2013-10-12 02:32 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-10-12 02:31 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2013-10-12 02:30 . 2013-08-01 09:19 265152 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-10-12 02:30 . 2013-08-01 09:19 984512 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-10-12 02:22 . 2013-10-12 02:23 -------- d-----w- c:\programdata\CyberLink 2013-10-12 02:20 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll 2013-10-12 02:18 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2013-10-12 02:18 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2013-10-12 02:15 . 2013-10-12 02:17 -------- d-----w- c:\programdata\Blio 2013-10-12 01:58 . 2013-10-12 01:58 -------- d-----w- c:\program files (x86)\VS Revo Group 2013-10-12 01:37 . 2013-10-14 02:55 -------- d-----w- c:\program files (x86)\Google 2013-10-12 01:36 . 2013-10-12 01:36 -------- d-----w- c:\program files\CCleaner 2013-10-12 01:35 . 2013-10-12 01:35 -------- d-----w- c:\programdata\Malwarebytes 2013-10-12 01:35 . 2013-10-12 01:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-12 01:35 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-10-12 01:32 . 2013-10-12 01:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-10-12 01:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2013-10-12 01:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2013-10-12 01:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2013-10-12 01:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2013-10-12 01:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2013-10-12 01:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2013-10-12 01:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2013-10-12 01:11 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2013-10-12 01:11 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2013-10-12 01:11 . 2013-10-23 21:36 -------- d-----w- c:\users\Denver . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-21 00:10 . 2003-03-19 02:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL 2013-10-14 15:34 . 2012-03-01 19:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-14 15:34 . 2012-03-01 19:01 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-12 01:12 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-08-29 01:48 . 2013-10-12 02:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-07-31 17:08 . 2013-07-31 17:08 579264 ----a-w- c:\users\Denver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer Management\Autoruns\autorunsc.exe 2013-07-31 17:08 . 2013-07-31 17:08 661184 ----a-w- c:\users\Denver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer Management\Autoruns\autoruns.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-10-16 00:48 1724616 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-10-16 00:48 1724616 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-10-16 00:48 1724616 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_59F273143038766BA4D32116667DDF5A"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-10-09 844752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-10 630912] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-08-28 143360] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576] "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-10-07 83232] "Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x] S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x] S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x] S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys;c:\windows\SYSNATIVE\drivers\amdiox64.sys [x] S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-10-18 13:17 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-01 15:34] . 2013-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12 01:37] . 2013-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-12 01:37] . 2013-10-29 c:\windows\Tasks\HPCeeScheduleForDenver.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 12:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-10-16 00:49 2328264 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-10-16 00:49 2328264 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-10-16 00:49 2328264 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Denver\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-09-25 21:37 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-08-12 1356240] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - ExtSQL: 2013-10-11 22:03; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-10-11 22:05; {dc572301-7619-498c-a57d-39143191b318}; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi FF - ExtSQL: 2013-10-11 22:05; {d09e32df-8610-4b33-b929-1e631b764130}; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\{d09e32df-8610-4b33-b929-1e631b764130}.xpi FF - ExtSQL: 2013-10-11 22:05; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi FF - ExtSQL: 2013-10-11 22:05; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} FF - ExtSQL: 2013-10-11 22:05; personas@christopher.beard; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\personas@christopher.beard.xpi FF - ExtSQL: 2013-10-11 22:05; amznUWL2@amazon.com; c:\users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\extensions\amznUWL2@amazon.com.xpi . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe AddRemove-WildTangentGDF-hp-bals - c:\program files (x86)\HP Games\Web Link - Build-A-Lot Metropolis\Uninstall.exe AddRemove-WildTangentGDF-hp-battlestargalacticaonline - c:\program files (x86)\HP Games\Web Link - Battlestar Galactica Online\Uninstall.exe AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe AddRemove-WildTangentGDF-hp-gunbros - c:\program files (x86)\HP Games\Web Link - Gun Bros\Uninstall.exe AddRemove-WildTangentGDF-hp-itgirl - c:\program files (x86)\HP Games\Web Link - It Girl!\Uninstall.exe AddRemove-WildTangentGDF-hp-mahjonggdarkdimensions - c:\program files (x86)\HP Games\Web Link - Mahjongg Dark Dimensions\Uninstall.exe AddRemove-WildTangentGDF-hp-oddmanor - c:\program files (x86)\HP Games\Web Link - Odd Manor\Uninstall.exe AddRemove-WildTangentGDF-hp-organizedcrime - c:\program files (x86)\HP Games\Web Link - Organized Crime\Uninstall.exe AddRemove-WildTangentGDF-hp-penguinworldsocial - c:\program files (x86)\HP Games\Web Link - Penguin World\Uninstall.exe AddRemove-WildTangentGDF-hp-polarbowlerfacebook - c:\program files (x86)\HP Games\Web Link - Polar Bowler Strike!\Uninstall.exe AddRemove-WildTangentGDF-hp-salonstreetsocial - c:\program files (x86)\HP Games\Web Link - Salon Street\Uninstall.exe AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe AddRemove-WildTangentGDF-hp-shaiya - c:\program files (x86)\HP Games\Web Link - Shaiya\Uninstall.exe AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2013-10-28 23:13:50 - machine was rebooted ComboFix-quarantined-files.txt 2013-10-29 03:13 . Pre-Run: 574,143,979,520 bytes free Post-Run: 574,337,474,560 bytes free . - - End Of File - - 4BCAA7FD67EF9113029E59D23604E4AE A36C5E4F47E84449FF07ED3517B43A31
  5. Thanks for the help Gringo. Reports are below: ADW # AdwCleaner v3.010 - Report created 28/10/2013 at 21:33:59 # Updated 20/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Denver - DENVER-HP # Running from : C:\Users\Denver\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\Denver\AppData\Roaming\Mozilla\Firefox\Profiles\utbo8xj9.default\prefs.js ] -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Denver\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2285 octets] - [28/10/2013 21:32:52] AdwCleaner[s0].txt - [1875 octets] - [28/10/2013 21:33:59] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1935 octets] ########## ******************************************************************************************************* ****************************************************************************************************** ******************************************************************************************************* JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Windows 7 Home Premium x64 Ran by Denver on Mon 10/28/2013 at 21:39:01.33 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8DCD931C-B0DE-41F6-86BD-A095E1EC3F84} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8DCD931C-B0DE-41F6-86BD-A095E1EC3F84} ~~~ Files ~~~ Folders ~~~ Chrome Successfully deleted: [Folder] C:\Users\Denver\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 10/28/2013 at 21:46:10.60 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I tried going to a few sites, so far so good but unfortunately the issue was sporattic so it may pop up again. Let me know what you think of the logs. Thanks again!
  6. Hi, I think I have some Malware or Adware on my PC. When I click on links like amazon, etc. a new window will popup that says something like "This ad was brought to you by SearchAssist.com. It will close in 30 seconds of inactivity". I've run MalwareBytes to no avail. Does anyone know how to remove this? Thanks so much! attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.